Equipe BD
Equipe BD
Laboratoire d'InfoRmatique en Images et Systèmes d'information
UMR 5205 CNRS/INSA de Lyon/Université Claude Bernard Lyon 1/Université Lumière Lyon 2/Ecole Centrale de Lyon

You are here

Tuple-Based Access Control: a Provenance-Based Information Flow Control for Relational Data

Romuald Thion
Tuesday, March 31, 2015 - 13:00 to 14:00
INSA de Lyon, bât. Blaise Pascal, Salle du Liris

This paper proposes a flexible control framework for relational personal data that enforces data originators' dissemination policies. Inspired by the sticky policy paradigm and mandatory access control, dissemination policies are linked with atomic data and are combined when different pieces of data are merged.

The background setting of relational provenance guarantees that the policy combining operations behave accordingly to the operations carried out on the data.
We show that the framework can capture a large class of policies similar to those of lattice-based access control models and that it can be integrated seamlessly into relational database management systems. In particular, we define a path oriented dissemination control model where policies define authorized chains of transfers between databases.

Promising ongoing research work include the generalization of the theoretical framework to more expressive query languages including aggregation and difference operators as well as experiments on secure tokens.

(présentation d'un article accepté à SEC@SAC 2015 http://www.dmi.unict.it/~giamp/sac/cfp2015.php)