Exact detection of information leakage

Decidability and complexity

Rada Chirkova, Ting Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing fine-grained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration. Our formal study provides correctness and complexity results for the proposed inference model in the context of queries belonging to a frequent realistic query type and common types of integrity constraints on the data.

Original languageEnglish
Title of host publicationTransactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery
PublisherSpringer Verlag
Pages1-23
Number of pages23
ISBN (Print)9783662556078
DOIs
Publication statusPublished - 1 Jan 2017
Event17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015 - Valencia, Spain
Duration: 1 Sep 20154 Sep 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10420 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015
CountrySpain
CityValencia
Period1/9/154/9/15

Fingerprint

Computability and decidability
Decidability
Access control
Leakage
Electronic data interchange
Access Control
Query languages
Data Exchange
Query
Integrity Constraints
Security Policy
Query Language
Modeling
Correctness
Table
Model
Scenarios
Software

Keywords

  • Data exchange
  • Information leakage
  • Privacy and security in data-intensive systems

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Chirkova, R., & Yu, T. (2017). Exact detection of information leakage: Decidability and complexity. In Transactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery (pp. 1-23). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10420 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-662-55608-5_1

Exact detection of information leakage : Decidability and complexity. / Chirkova, Rada; Yu, Ting.

Transactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery. Springer Verlag, 2017. p. 1-23 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10420 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chirkova, R & Yu, T 2017, Exact detection of information leakage: Decidability and complexity. in Transactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10420 LNCS, Springer Verlag, pp. 1-23, 17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015, Valencia, Spain, 1/9/15. https://doi.org/10.1007/978-3-662-55608-5_1
Chirkova R, Yu T. Exact detection of information leakage: Decidability and complexity. In Transactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery. Springer Verlag. 2017. p. 1-23. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-662-55608-5_1
Chirkova, Rada ; Yu, Ting. / Exact detection of information leakage : Decidability and complexity. Transactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery. Springer Verlag, 2017. pp. 1-23 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{0f387ada00cd454e88b04603bd0afe99,
title = "Exact detection of information leakage: Decidability and complexity",
abstract = "Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing fine-grained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration. Our formal study provides correctness and complexity results for the proposed inference model in the context of queries belonging to a frequent realistic query type and common types of integrity constraints on the data.",
keywords = "Data exchange, Information leakage, Privacy and security in data-intensive systems",
author = "Rada Chirkova and Ting Yu",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-662-55608-5_1",
language = "English",
isbn = "9783662556078",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "1--23",
booktitle = "Transactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery",

}

TY - GEN

T1 - Exact detection of information leakage

T2 - Decidability and complexity

AU - Chirkova, Rada

AU - Yu, Ting

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing fine-grained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration. Our formal study provides correctness and complexity results for the proposed inference model in the context of queries belonging to a frequent realistic query type and common types of integrity constraints on the data.

AB - Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing fine-grained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration. Our formal study provides correctness and complexity results for the proposed inference model in the context of queries belonging to a frequent realistic query type and common types of integrity constraints on the data.

KW - Data exchange

KW - Information leakage

KW - Privacy and security in data-intensive systems

UR - http://www.scopus.com/inward/record.url?scp=85028081658&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85028081658&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-55608-5_1

DO - 10.1007/978-3-662-55608-5_1

M3 - Conference contribution

SN - 9783662556078

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 23

BT - Transactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery

PB - Springer Verlag

ER -