Skip to main content
Springer Nature Link
Log in

Exact Detection of Information Leakage in Database Access Control

  • Conference paper
  • First Online:
Big Data Analytics and Knowledge Discovery (DaWaK 2015)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9263))

Included in the following conference series:

Abstract

Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing fine-grained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud.

In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The intuition is that tuple patterns occuring over S constrain tuple patterns over T.

  2. 2.

    Weakly acyclic dependencies [6] are types of tuple- and equality-generating integrity constraints that commonly occur in practice and have nice formal properties.

  3. 3.

    A ground data set is a data set without null values.

References

  1. Abiteboul, S., Duschka, O.: Complexity of answering queries using materialized views. In: PODS, pp. 254–263 (1998)

    Google Scholar 

  2. Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)

    MATH  Google Scholar 

  3. Agrawal, R., Bayardo Jr., R.J., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing compliance with a hippocratic database. In: VLDB, pp. 516–527 (2004)

    Google Scholar 

  4. Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict classification and analysis of distributed firewall policies. IEEE JSAC 23(10), 2069–2084 (2005)

    Google Scholar 

  5. Ammann, P., Sandhu, R.S.: Safety analysis for the extended schematic protection model. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 87–97 (1991)

    Google Scholar 

  6. Barcelo, P.: Logical foundations of relational data exchange. SIGMOD Rec. 38(1), 49–58 (2009)

    Article  Google Scholar 

  7. Bertino, E., Ghinita, G., Kamra, A.: Access control for databases: concepts and systems. Found. Trends Databases 3(1–2), 1–148 (2011)

    Google Scholar 

  8. Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40(1–2), 37–62 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  9. Bond, R., See, K.Y.-K., Wong, C.K.M., Chan, Y.-K.H.: Understanding DB2 9 Security. IBM Press, Indianapolis (2006)

    Google Scholar 

  10. Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: constraints, inference channels, and monitoring disclosures. IEEE TKDE 12(6), 900–919 (2000)

    Google Scholar 

  11. Chandra, A., Merlin, P.: Optimal implementation of conjunctive queries in relational data bases. In: STOC, pp. 77–90 (1977)

    Google Scholar 

  12. Chen, B.-C., Kifer, D., LeFevre, K., Machanavajjhala, A.: Privacy-preserving data publishing. Found. Trends Databases 2(1–2), 1–167 (2009)

    Article  Google Scholar 

  13. Chirkova, R., Yu, T.: Detecting information leakage in database access control with help from data exchange. Technical report (which is not a publication) TR-2013-1, NCSU (2013). http://www.csc.ncsu.edu/research/tech/reports.php

  14. Deutsch, A.: XML query reformulation over mixed and redundant storage. Ph.D. thesis, Univ. Pennsylvania (2002)

    Google Scholar 

  15. Deutsch, A., Nash, A., Remmel, J.: The chase revisited. In: PODS, pp. 149–158 (2008)

    Google Scholar 

  16. Deutsch, A., Tannen, V.: Optimization properties for classes of conjunctive regular path queries. In: Ghelli, G., Grahne, G. (eds.) DBPL 2001. LNCS, vol. 2397, pp. 21–39. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Domingo-Ferrer, J. (ed.): Inference Control in Statistical Databases. LNCS, vol. 2316. Springer, Heidelberg (2002)

    Google Scholar 

  18. Fagin, R., Kolaitis, P., Miller, R., Popa, L.: Data exchange: semantics and query answering. Theor. Comput. Sci. 336(1), 89–124 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  19. Fuxman, A., Kolaitis, P.G., Miller, R.J., Tan, W.-C.: Peer data exchange. ACM TODS 31(4), 1454–1498 (2006)

    Article  Google Scholar 

  20. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Comm. ACM 19, 461–471 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  21. Kabra, G., Ramamurthy, R., Sudarshan, S.: Redundancy and information leakage in finite-grained access control. In: ACM SIGMOD Conference, pp. 133–144 (2006)

    Google Scholar 

  22. Li, N., Winsborough, W.H., Mitchell, J.C.: Beyond proof-of-compliance: safety and availability analysis in trust management. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 123–139 (2003)

    Google Scholar 

  23. Miklau, G., Suciu, D.: A formal analysis of information disclosure in data exchange. JCSS 73(3), 507–534 (2007)

    MathSciNet  MATH  Google Scholar 

  24. Motwani, R., Nabar, S., Thomas, D.: Auditing SQL queries. In: ICDE 2008 (2008)

    Google Scholar 

  25. The Virtual Private Database in Oracle9iR2. An Oracle White Paper (2002)

    Google Scholar 

  26. Stoffel, K., Studer, T.: Provable data privacy. In: Andersen, K.V., Debenham, J., Wagner, R. (eds.) DEXA 2005. LNCS, vol. 3588, pp. 324–332. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Zhang, X., Ozsoyoglu, M.: Implication and referential constraints: a new formal reasoning. IEEE TKDE 9(6), 894–910 (1997)

    Google Scholar 

  28. Zhang, Z., Mendelzon, A.O.: Authorization views and conditional query containment. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 259–273. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, North Carolina State University, Raleigh, NC, USA

    Farid Alborzi & Rada Chirkova

  2. Qatar Computing Research Institute, Doha, Qatar

    Ting Yu

Authors
  1. Farid Alborzi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rada Chirkova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ting Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Farid Alborzi .

Editor information

Editors and Affiliations

  1. University of Science and Technology, Rolla, Missouri, USA

    Sanjay Madria

  2. Osaka University, Osaka, Japan

    Takahiro Hara

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Alborzi, F., Chirkova, R., Yu, T. (2015). Exact Detection of Information Leakage in Database Access Control. In: Madria, S., Hara, T. (eds) Big Data Analytics and Knowledge Discovery. DaWaK 2015. Lecture Notes in Computer Science(), vol 9263. Springer, Cham. https://doi.org/10.1007/978-3-319-22729-0_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22729-0_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22728-3

  • Online ISBN: 978-3-319-22729-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation