TY - GEN
T1 - Access control for data integration in presence of data dependencies
AU - Haddad, Mehdi
AU - Stevovic, Jovan
AU - Chiasera, Annamaria
AU - Velegrakis, Yannis
AU - Hacid, Mohand Saïd
PY - 2014/1/1
Y1 - 2014/1/1
N2 - Defining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this paper, we propose a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms.
AB - Defining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this paper, we propose a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms.
UR - http://www.scopus.com/inward/record.url?scp=84958533557&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-05813-9_14
DO - 10.1007/978-3-319-05813-9_14
M3 - Conference contribution
AN - SCOPUS:84958533557
SN - 9783319058122
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 203
EP - 217
BT - Database Systems for Advanced Applications - 19th International Conference, DASFAA 2014, Proceedings
PB - Springer
T2 - 19th International Conference on Database Systems for Advanced Applications, DASFAA 2014
Y2 - 21 April 2014 through 24 April 2014
ER -