Cybersecurity Collaboratory

2013-2018

Cyberspace Threat Identification, Analysis and Proactive Response

Access control for data integration in presence of data dependencies (Mehdi Haddad, Mohand-Saïd Hacid)

Abstract

Defining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this talk, we discuss a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms.

A short bio

Mehdi Haddad is a PhD candidate in the DataBase group at LIRIS laboratory, Lyon. His main research topics deal with access control in data integration settings.

>> -- Slides (pdf) -- <<