Exact detection of information leakage in database access control

Farid Alborzi, Rada Chirkova, Ting Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing finegrained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages403-415
Number of pages13
Volume9263
ISBN (Print)9783319227283
DOIs
Publication statusPublished - 2015
Event17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015 - Valencia, Spain
Duration: 1 Sep 20154 Sep 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9263
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015
CountrySpain
CityValencia
Period1/9/154/9/15

    Fingerprint

Keywords

  • Data exchange
  • Privacy and security in cloud intelligence

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Alborzi, F., Chirkova, R., & Yu, T. (2015). Exact detection of information leakage in database access control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9263, pp. 403-415). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9263). Springer Verlag. https://doi.org/10.1007/978-3-319-22729-0_31