Exact detection of information leakage in database access control

Farid Alborzi, Rada Chirkova, Ting Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing finegrained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages403-415
Number of pages13
Volume9263
ISBN (Print)9783319227283
DOIs
Publication statusPublished - 2015
Event17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015 - Valencia, Spain
Duration: 1 Sep 20154 Sep 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9263
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015
CountrySpain
CityValencia
Period1/9/154/9/15

Fingerprint

Access Control
Access control
Leakage
Electronic data interchange
Query languages
Data Exchange
Security Policy
Query Language
Modeling
Table
Query
Scenarios
Software
Model

Keywords

  • Data exchange
  • Privacy and security in cloud intelligence

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Alborzi, F., Chirkova, R., & Yu, T. (2015). Exact detection of information leakage in database access control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9263, pp. 403-415). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9263). Springer Verlag. https://doi.org/10.1007/978-3-319-22729-0_31

Exact detection of information leakage in database access control. / Alborzi, Farid; Chirkova, Rada; Yu, Ting.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 9263 Springer Verlag, 2015. p. 403-415 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9263).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Alborzi, F, Chirkova, R & Yu, T 2015, Exact detection of information leakage in database access control. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 9263, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9263, Springer Verlag, pp. 403-415, 17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015, Valencia, Spain, 1/9/15. https://doi.org/10.1007/978-3-319-22729-0_31
Alborzi F, Chirkova R, Yu T. Exact detection of information leakage in database access control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 9263. Springer Verlag. 2015. p. 403-415. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-22729-0_31
Alborzi, Farid ; Chirkova, Rada ; Yu, Ting. / Exact detection of information leakage in database access control. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 9263 Springer Verlag, 2015. pp. 403-415 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{fe0b9083a4894d809aa5bf6f4b033c2d,
title = "Exact detection of information leakage in database access control",
abstract = "Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing finegrained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.",
keywords = "Data exchange, Privacy and security in cloud intelligence",
author = "Farid Alborzi and Rada Chirkova and Ting Yu",
year = "2015",
doi = "10.1007/978-3-319-22729-0_31",
language = "English",
isbn = "9783319227283",
volume = "9263",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "403--415",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Exact detection of information leakage in database access control

AU - Alborzi, Farid

AU - Chirkova, Rada

AU - Yu, Ting

PY - 2015

Y1 - 2015

N2 - Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing finegrained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.

AB - Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing finegrained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.

KW - Data exchange

KW - Privacy and security in cloud intelligence

UR - http://www.scopus.com/inward/record.url?scp=84943642587&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84943642587&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-22729-0_31

DO - 10.1007/978-3-319-22729-0_31

M3 - Conference contribution

AN - SCOPUS:84943642587

SN - 9783319227283

VL - 9263

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 403

EP - 415

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -