Access Control for Data Integration in Presence of Data Dependencies

IRIS

Defining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this paper, we propose a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms

Access Control for Data Integration in Presence of Data Dependencies

M. Haddad;Stevovic, Jovan;A. Chiasera;Velegrakis, Ioannis;M. Hacid

2014-01-01

Abstract

Defining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this paper, we propose a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
				2014
			
	Titolo del volume (Proceedings title)
	
				roceedings of the 19th International Conference on Database Systems for Advanced Applications
			
	Autore/i del libro (Book author/s)
	
				AA. VV.
			
	Luogo di edizione (Place of publication)
	
				Berlin
			
	Casa editrice (Publisher)
	
				Springer
			
	ISBN
	
				9783319058122
9783319058139
			
	Codice Scopus (Scopus Identifier)
	
				2-s2.0-84958533557
			
	Codice WOS (WOS identifier)
	
				WOS:000342991200014
			
	Tutti gli autori
	
						M., Haddad; Stevovic, Jovan; A., Chiasera; Velegrakis, Ioannis; M., Hacid
					
	Appare nelle tipologie:
	
				04.1 Saggio in atti di convegno (Paper in Proceedings)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/67457

Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni

ND

15

10

social impact