access control for data integration in presence of data
play

Access control for data integration in presence of data dependencies - PowerPoint PPT Presentation

Jan 23, 2023 •581 likes •1.13k views

Access control for data integration in presence of data dependencies Mehdi Haddad, Mohand-Sad Hacid 1 Outline Introduction Motivating example Related work Approach Detection phase (Re)configuration phase Conclusion

  1. Access control for data integration in presence of data dependencies Mehdi Haddad, Mohand-Saïd Hacid 1

  2. Outline • Introduction • Motivating example • Related work • Approach – Detection phase – (Re)configuration phase • Conclusion 2

  3. Introduction • Access control aims at preventing unauthorized users from getting sensitive information. • Access control protects data against unauthorized disclosure via direct access. • Beyond access control: the inference problem – Preventing against indirect disclosure of data – Inferring sensitive information from non sensitive ones by resorting to semantic constraints 3

  4. Context Data Sources Mediator Data Consumers Business Intelligence Data Warehousing Reporting UI System Privacy Policy Enforcement Point • Many data sources. • Each one with its own data schema. • Each source has its own privacy policies defined on its own schema. • Global As View (GAV) integration approach. 4

  5. The inference problem [1] • The inference problem is the ability to deduce sensitive information from non sensitive one. • Two methods to make an inference : – Obtaining information about individuals from information about a population (e.g. statistics). – Combining non sensitive information with semantic constraints (e.g. metadata) to obtain sensitive information. [1] Csilla Farkas, Sushil Jajodia: The Inference Problem: A Survey. 5 SIGKDD Explorations 4(2): 6-11 (2002)

  6. Access control of association • Access to a set of attributes simultaneously is more sensitive than accessing each attribute individually. • Example: consider the attributes SSN and Disease – The individual access to SSN or Disease could be allowed, whereas access to both attributes simultaneously is denied. – The association patient-disease is sensitive. 6

  7. Motivating example Sources S1(SSN, Diagnosis, Doctor). S2(SSN, AdmissionDate). S3(SSN, Service). Authorization policy at S1 Nurses are prohibited from accessing the association of SSN and Diagnosis. Authorization rule (SSN, Diagnosis) :- S1(SSN, Diagnosis, Doctor), role = nurse. 7

  8. Motivating example Mediator M(SSN, Diagnosis, Doctor, AdmissionDate, Service) :- S1(SSN, Diagnosis, Doctor) , S2(SSN, AdmissionDate), S3(SSN, Service). Functional dependencies FD1 : AdmissionDate, Service ⟶ SSN FD2 : AdmissionDate, Doctor ⟶ Diagnosis Authorization policy at the mediator (Propagation) Nurses are prohibited from accessing the association of SSN and Diagnosis. Authorization rule (SSN, Diagnosis) :- M(SSN, Diagnosis, Doctor, AdmissionDate, Service), role = nurse. 8

  9. Motivating example • A malicious user could execute the following queries : Q1 (SSN, AdmissionDate, Service). Q2(Diagnosis, AdmissionDate ,Service). • Combining the results of the two queries by a join and taking advantage of FD1, a malicious user will obtain SSN and diagnosis, thus will violate the authorization policy • Q3(SSN, Diagnosis) :- Q1 (SSN, AdmissionDate, Service), Q2(Diagnosis, AdmissionDate ,Service). 9

  10. Motivating example • The issue arises from the following – New semantic constraints appear at the mediator (e.g., FD1). – No source could have considered this new semantic constraints while defining its policy. • Propagating and combining the sources’ policies is not sufficient. ⇒ The need for a methodology that considers both combination and new semantic constraints that appear at the mediator. 10

  11. Goal • Help/advise the administrator defining the mediator’s policy such that: – Each source policy has to be preserved. – Prevent against illegal accesses • Direct access : ask for sensitive information. • Indirect access : infer sensitive information. – Maximize the availability at the mediator level. 11

  12. State of the art • To deal with the inference problem two main approaches have been proposed – At the design time • Modifies the schema or the policy in such a way that no inference could appear. – At the execution time • Keeps track of the previous queries and use them to make a decision about the current query. 12

  13. State of the art • At the design time [2] – Considers functional dependencies. – Assumes that if X ⟶ Y then Y is “computable” from X. – Propagates the constraints of Y to X. – Does not consider association of information. [2] Tzong-An Su, Gultekin Özsoyoglu: Data Dependencies and Inference Control in Multilevel Relational Database Systems. IEEE Symposium on Security and Privacy 1987: 202-211 13

  14. State of the art • At the execution time [3] – Considers past queries to make a decision about the current query. – Does not consider functional dependencies. – Does not consider access to associations. [3] MB Thuraisingham. Security checking in relational database management systems augmented with inference engines. Computers & Security, 6(6):479-492, 1987 14

  15. Contribution 15

  16. Assumptions • Relational model & conjunctive queries. • Global As View (GAV) integration approach – Each virtual relation of the mediator is constructed by a conjunctive query over the sources’ relations. – e.g., M (SSN, Diagnosis, Doctor, AdmissionDate, Service) :- S1(SSN, Diagnosis, Doctor) , S2(SSN, AdmissionDate), S3(SSN, Service). • Authorization rules expressing prohibition – e.g., (SSN, Diagnosis) :- S1(SSN, Diagnosis, Doctor), role = nurse. • Semantic constraints : functional dependencies. 16

  17. Methodology Detection phase (Re)configuration phase Functional dependencies Policy modification P = P ⋃ {p(Q4), p(Q5)} {Q1, Q3, Q4} {Q1, Q5} {Q2, Q3, Q5} Mediator {Q2, Q4} {Q3, Q4, Q5} policy Query tracking {Q1, Q3, Q4} {Q1, Q5} {Q2, Q3, Q5} Transition graph {Q2, Q4} Transactions Mediator construction generation schema 17

  18. Methodology • Detection phase – Transition graph construction. – Violating transactions generation. • (Re)configuration phase – Solution 1 : Policy revision. – Solution 2 : Query tracking. 18

  19. Detection phase : problem definition • Inputs – Sources’ policies propagated to the mediator. – Functional dependencies that hold at the mediator level. • Output – The set of all the transactions that could induce privacy violations. 19

  20. Graph construction Functional dependencies FD1 : AdmissionDate, Service ⟶ SSN FD2 : AdmissionDate, Doctor ⟶ Diagnosis (SSN, Diagnosis) 20

  21. Graph construction Functional dependencies FD1 : AdmissionDate, Service ⟶ SSN FD2 : AdmissionDate, Doctor ⟶ Diagnosis (SSN, Diagnosis) FD1 Q1 (AdmissionDate, Service, Diagnosis) 21

  22. Graph construction Functional dependencies FD1 : AdmissionDate, Service ⟶ SSN FD2 : AdmissionDate, Doctor ⟶ Diagnosis (SSN, Diagnosis) FD1 FD2 Q1(AdmissionDate, Service, Diagnosis) Q2 (SSN, AdmissionDate, Doctor) 22

  23. Graph construction Functional dependencies FD1 : AdmissionDate, Service ⟶ SSN FD2 : AdmissionDate, Doctor ⟶ Diagnosis (SSN, Diagnosis) FD1 FD2 Q1 (AdmissionDate, Service, Diagnosis) Q2(SSN, AdmissionDate, Doctor) FD2 Q3 (AdmissionDate, Service, Doctor) 23

  24. Graph construction Functional dependencies FD1 : AdmissionDate, Service ⟶ SSN FD2 : AdmissionDate, Doctor ⟶ Diagnosis (SSN, Diagnosis) FD1 FD2 Q1(AdmissionDate, Service, Diagnosis) Q2(SSN, AdmissionDate, Doctor) FD2 FD1 Q3(AdmissionDate, Service, Doctor) 24

  25. Upper bound & termination • Assumption – WLOG, each FD has a RHS of one attribute. • n: the number of attributes of the policy. • m : the number of functional dependencies in FD + that have an attribute of the policy as RHS. • The upper bound of the order (number of nodes) of the graph is : 𝒐 𝒏 𝒐 ⇒ The graph construction algorithm terminates. 25

  26. Generation of violating transactions (1/4) (SSN, Diagnosis) FD1 FD2 Q1(AdmissionDate, Service, Diagnosis) Q2 (SSN, AdmissionDate, Doctor) FD2 FD1 Q3 (AdmissionDate, Service, Doctor) How to generate the violating transactions? • Each path between the initial node and a node Qi represents a transaction. • A transaction is composed of all FDs on the path and the query of the node Qi. 26

  27. Generation of violating transactions (2/4) (SSN, Diagnosis) Correspond to the query FD Q 1: (AdmissionDate, Service, SSN) FD1 FD2 Q1(AdmissionDate, Service, Diagnosis) Q2 (SSN, AdmissionDate, Doctor) FD2 FD1 Q3 (AdmissionDate, Service, Doctor) Transactions T1 ={FD Q 1, Q1} 27

  28. Generation of violating transactions (3/4) (SSN, Diagnosis) FD1 FD2 Q1(AdmissionDate, Service, Diagnosis) Q2 (SSN, AdmissionDate, Doctor) FD2 FD1 Q3 (AdmissionDate, Service, Doctor) Transactions T1 ={FD Q 1, Q1} T2 ={FD Q 2, Q2} 28

  29. Generation of violating transactions (4/4) (SSN, Diagnosis) FD1 FD2 Q1(AdmissionDate, Service, Diagnosis) Q2 (SSN, AdmissionDate, Doctor) FD2 FD1 Q3 (AdmissionDate, Service, Doctor) Transactions T1 ={FD Q 1, Q1} T2 ={FD Q 2, Q2} T3 ={FD Q 1, FD Q 2, Q3} 29

  30. (Re)configuration phase • How to use these violating transactions? – At the design time : Policy revision • Add a new set of authorization rules. • No transaction could be completed. – At the execution time : Query tracking • Keep track of the user’s queries. • Avoid the execution of the queries of a single transaction. 30

Recommend

Data Cleaning for Data Integration Advanced School on Data Exchange, Integration, and Streams

Data Cleaning for Data Integration Advanced School on Data Exchange, Integration, and Streams

Data Cleaning for Data Integration Advanced School on Data Exchange, Integration, and Streams (DEIS) Ekaterini Ioannou Tuesday, 9 th of Nov. 2010, Schloss Dagstuhl Problem overview Data integration: Combine data from various

806 views • 41 slides
CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web Data Engineering Access Control Mechanisms Declarative Authorization using Realms The expression of app security external to the app

540 views • 26 slides
Data Preparation Data cleaning Data integration and transformation (Data

Data Preparation Data cleaning Data integration and transformation (Data

Data Preprocessing Why preprocess the data? Data Preparation Data cleaning Data integration and transformation (Data preprocessing) Data reduction, Feature selection Discretization and concept hierarchy generation 2

891 views • 21 slides
2/16/16 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2) Data

2/16/16 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2) Data

2/16/16 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2) Data Preparation and Cleaning Provenance 3) Schema matching and mapping 4) Virtual Data Integration 4. Virtual Data Integration 5) Data Exchange 6) Data

281 views • 9 slides
Reasoning about Disclosure in Data Integration in the Presence of Source Constraints DIG Seminar

Reasoning about Disclosure in Data Integration in the Presence of Source Constraints DIG Seminar

Reasoning about Disclosure in Data Integration in the Presence of Source Constraints DIG Seminar 21/11/19 Michael Benedikt Pierre Bourhis Louis Jachiet Micha el Thomazo Louis JACHIET 1 / 32 Motivations Louis JACHIET 2 / 32

1.29k views • 99 slides
Overview Motivation Problem Definition Data Integration Data Integration Approaches

Overview Motivation Problem Definition Data Integration Data Integration Approaches

Overview Motivation Problem Definition Data Integration Data Integration Approaches Virtual integration Hanna Zhong Data warehouse hzhong@illinois.edu Issues Department of Computer Science University of Illinois,

403 views • 15 slides
Global Ambition There are great expectations on the benefits from access to more and better

Global Ambition There are great expectations on the benefits from access to more and better

Global Ambition There are great expectations on the benefits from access to more and better patient data - A common aim is to give health data back to the individual so the patient becomes the point of integration and control. Improving

903 views • 56 slides
D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

547 views • 11 slides
4/14/20 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2)

4/14/20 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2)

4/14/20 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2) Data Preparation and Cleaning Provenance 3) Schema matching and mapping 4) Virtual Data Integration 6. Data Warehousing 5) Data Exchange 6) Data

648 views • 15 slides
The new DAI (Data Access and Integration): changes and improvements to the website Louis Lefaivre

The new DAI (Data Access and Integration): changes and improvements to the website Louis Lefaivre

The new DAI (Data Access and Integration): changes and improvements to the website Louis Lefaivre (EC/Ouranos) Philippe Poudret (EC) Patrice Constanza (GEC3/DRI) Khanh-Hung Lam (EC) Milka Radojevic (EC/GEC3) Philippe Gachon (EC) Presentation

581 views • 26 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
MARTe2 and MDSplus Integration for a Comprehensive Fast Control and Data Acquisition System

MARTe2 and MDSplus Integration for a Comprehensive Fast Control and Data Acquisition System

MARTe2 and MDSplus Integration for a Comprehensive Fast Control and Data Acquisition System G.Manduchi 1 , A. Rigoni 1 , T.Fredian 2 , J.Stillerman 2 , A. Neto 3 , F. Sartori 3 1) Consorzio RFX, Corso Stati Uniti 4, Padova 35127, Italy 2)

297 views • 14 slides
5/5/16 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2)

5/5/16 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2)

5/5/16 Outline 0) Course Info CS520 1) Introduction Data Integration, Warehousing, and 2) Data Preparation and Cleaning Provenance 3) Schema matching and mapping 4) Virtual Data Integration 6. Data Warehousing 5) Data Exchange IIT

479 views • 15 slides
Integration and Automation of Data Preparation and Data Mining Yanhui Geng Huawai Technologies

Integration and Automation of Data Preparation and Data Mining Yanhui Geng Huawai Technologies

Integration and Automation of Data Preparation and Data Mining Yanhui Geng Huawai Technologies Agenda Introduction Karma Data Modeling and Integration Prediction Task Data collection Preparing the mode of transportation

652 views • 34 slides
Differentiated access control Differentiated access control to graph data to graph data

Differentiated access control Differentiated access control to graph data to graph data

Differentiated access control Differentiated access control to graph data to graph data Application to TinkerPop-compatible Application to TinkerPop-compatible graph databases graph databases Marc de Lignie Marc de Lignie Image courtesy:

596 views • 15 slides
DatSha : A Data Sharing Algebra for Access Control Plans Athanasia Katsouraki 1,2 , Luc Bouganim

DatSha : A Data Sharing Algebra for Access Control Plans Athanasia Katsouraki 1,2 , Luc Bouganim

DatSha : A Data Sharing Algebra for Access Control Plans Athanasia Katsouraki 1,2 , Luc Bouganim 1,2 , Cedric Eichler 3 , Benjamin Nguyen 2, 3 1 DAVID, 2 Inria Saclay, 3 LIFO / INSA CVL in EDBT 2015 ISN Valdo Project Context Data sharing in

289 views • 18 slides
Enhance CRM with integrated data to drive strategic decisions + Data Integration RigDig CRM

Enhance CRM with integrated data to drive strategic decisions + Data Integration RigDig CRM

RigDig Enhance CRM with integrated data to drive strategic decisions + Data Integration RigDig CRM Pain Points Data can Not enough time Measuring ROI be overwhelming or resources can be diffjcult randallreilly.com 2 Data Integration

381 views • 13 slides
Data Anonymization Introduction Li Xiong CS573 Data Privacy and Security Outline

Data Anonymization Introduction Li Xiong CS573 Data Privacy and Security Outline

Data Anonymization Introduction Li Xiong CS573 Data Privacy and Security Outline Problem definition Principles Disclosure Control Methods Inference Control Access control: protecting information and information systems from

703 views • 52 slides
Child Marriage and Geo-covariates data integration Data from DHS Demographic and Health

Child Marriage and Geo-covariates data integration Data from DHS Demographic and Health

Child Marriage and Geo-covariates data integration Data from DHS Demographic and Health Surveys (DHS) (http://dhsprogram.com) are nationally-representative household survey data. Information Available in DHS data sets Women

631 views • 16 slides
In Introduct ction to Data Acq Acquisition an and Integration ion 01219335 Data Acquisition

In Introduct ction to Data Acq Acquisition an and Integration ion 01219335 Data Acquisition

In Introduct ction to Data Acq Acquisition an and Integration ion 01219335 Data Acquisition and Integration Chaipo Chaiporn J n Jaik aikae aeo De Department of f Computer Engineering Kasetsart Unive versity Revised 2020-08-13 Ou

353 views • 34 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Evolving Data Access Evolving Data Access Evolving Data Access Evolving Data Access

Evolving Data Access Evolving Data Access Evolving Data Access Evolving Data Access

Evolving Data Access Evolving Data Access Evolving Data Access Evolving Data Access Methodologies and Standards Methodologies and Standards John de Longa Solutions Architect Solutions Architect DataDirect Technologies

499 views • 24 slides
Flow-Secure Access Controls Integration of Simple flow controls into the access control

Flow-Secure Access Controls Integration of Simple flow controls into the access control

Flow-Secure Access Controls Integration of Simple flow controls into the access control mechanisms of say operating systems. General: p can read from x1,. . . , xm and write into Y1, . . . . Yn only if This automatically

1.06k views • 36 slides
Data Access: Who can access the data and how? Rory Collins UK Biobank Principal Investigator

Data Access: Who can access the data and how? Rory Collins UK Biobank Principal Investigator

Data Access: Who can access the data and how? Rory Collins UK Biobank Principal Investigator BHF Professor of Medicine & Epidemiology Nuffield Department of Population Health University of Oxford, UK UK Biobank: Principles of Access

297 views • 17 slides

More recommend