TY - GEN
T1 - Exact detection of information leakage
T2 - 17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015
AU - Chirkova, Rada
AU - Yu, Ting
N1 - Publisher Copyright:
© Springer-Verlag GmbH Germany 2017.
PY - 2017
Y1 - 2017
N2 - Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing fine-grained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration. Our formal study provides correctness and complexity results for the proposed inference model in the context of queries belonging to a frequent realistic query type and common types of integrity constraints on the data.
AB - Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing fine-grained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration. Our formal study provides correctness and complexity results for the proposed inference model in the context of queries belonging to a frequent realistic query type and common types of integrity constraints on the data.
KW - Data exchange
KW - Information leakage
KW - Privacy and security in data-intensive systems
UR - http://www.scopus.com/inward/record.url?scp=85028081658&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-55608-5_1
DO - 10.1007/978-3-662-55608-5_1
M3 - Conference contribution
AN - SCOPUS:85028081658
SN - 9783662556078
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 1
EP - 23
BT - Transactions on Large-Scale Data- and Knowledge- Centered Systems XXXII - Special Issue on Big Data Analytics and Knowledge Discovery
A2 - Hara, Takahiro
A2 - Hameurlain, Abdelkader
A2 - Kung, Josef
A2 - Wagner, Roland
A2 - Madria, Sanjay
PB - Springer Verlag
Y2 - 1 September 2015 through 4 September 2015
ER -