Access Rule Consistency in Cooperative Data Access Environment

Le, Meixing; Kant, Krishna; Jajodia, Sushil

doi:10.4108/icst.collaboratecom.2012.250467

Cited by 6 publications

(7 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Research by Le et al [43], Burnap et al [44], and Demchenko et al [45] all describe access control for privacy protection in collaborative environments. Research by Le et al [43], Burnap et al [44], and Demchenko et al [45] all describe access control for privacy protection in collaborative environments.…”

Section: Related Workmentioning

confidence: 99%

“…Research by Le et al [43], Burnap et al [44], and Demchenko et al [45] all describe access control for privacy protection in collaborative environments. Le et al [43] present a solution to this problem in the context of rich data services. Burnap et al [44] focus on solving this problem through embedding policies in each distributed machine, all relating to a shared file.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Brown

Hayes

Allison

et al. 2013

Concurrency and Computation

View full text Add to dashboard Cite

A data providing service (DPS) in service-oriented architecture is tasked only with the retrieval of data that are annotated over a domain ontology. One particular motivating application of DPSs is their use within collaborative environments. An important characteristic for the enterprises of such a collaborative environment is the ability to employ data sharing with one another. A major concern in this situation is the protection of each enterprise's privacy while still permitting data sharing. One potential solution is to provide filtered data through access control. This work describes how to implement access control through fine-grained filtering of DPS response messages; it is accomplished using a filtering ontology and relations between the domain ontology of DPS and the proposed filtering ontology. Therefore, enterprises can write enterprise-specific access control policies referencing a common filtering ontology defined within a collaborative environment, enabling access control-based data sharing within the environment. This work additionally illustrates the implementation of our general solution to data providing web services, interpreted by an eXtensible Access Control Markup Language-based access control framework. The implementation is further evaluated in a case study of real world data, provided by a health research institute in London, Canada.K. BROWN ET AL. product. Should data sharing be required within this domain, the data services must also provide some security measures, such as access control policies (ACPs). These policies should reference the shared concepts to maintain the privacy of each enterprise. This is not an easy task as each enterprise may have existing ACPs. The need for specialized data services is emphasized by Carey [5]. Carey outlines a very simplified architecture showing how data services are used by business processes in order to facilitate access to data objects while also suggesting that new methodologies and tools need to be developed for data service modeling as data services are likely to remain important to applications.The data service contract in non-semantic SOA only describes a service syntactically and thus requires human input to semantically interpret the contract. As a result of this, semantic extensions to SOA have been proposed that annotate conventional services to promote interoperability [6][7][8][9]. Services that specialize in retrieving data and are annotated with semantics are termed data providing services (DPSs). A DPS extends a conventional SOA service by providing a DPS profile that semantically annotates the service's contract using a parameterized view over a domain ontology. A domain ontology is a shared, formal description of data that is supported by computational logic for inference; resource description framework schema (RDFS) [10] and Web Ontology Language (OWL) [11] are two potential representations for ontologies on the Web. By semantically annotating a DPS, it is able to be semantically discovered, mediated, and composed.Current me...

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Brown

Hayes

Allison

et al. 2013

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Consistency is introduced for practical reasons -it is very difficult to know, much less control, what a party does with the data that it can access. As discussed in detail in [13], consistency can be enforced by taking the given rules and generating all valid compositions of them. This leads to an explicit representation of all rules and implies that any valid access will be authorized by exactly one rule.…”

Section: Introductionmentioning

confidence: 99%

“…Mark r t as totally enforced and add to Graph; 6: for JPL = 2 to JPL max do 7: for each rule r t of this JPL do if r t can be maximally enforced by p using r 1 , r 2 ∈ RRS(r t ) then 13:…”

mentioning

confidence: 99%

Minimum cost rule enforcement for cooperative database access

Le¹,

Kant

Athamnah

et al. 2016

JCS

Self Cite

View full text Add to dashboard Cite

In this paper, we consider restricted data sharing between a set of parties that wish to provide some set of online services requiring such data sharing. Each party is assumed to store its data in private relational databases, and is given a set of mutually agreed set of authorization rules that specify access to attributes over individual relations or joins over relations owned by one or more parties. The access restrictions introduce significant additional complexity in rule enforcement and query planning as compared with a traditional distributed database environment. We examine the problem of minimum cost rule enforcement which simultaneously checks for the enforceability of each rule and generation of minimum cost plan of its execution. However, the paper is not focused on specific cost functions, but instead of efficient methods for enforcing rules in the face of access restrictions and inter-party data transfer needs. We propose an efficient heuristic algorithm for this minimal enforcement since the exact problem is NP-hard. In some cases, it is not possible to enforce the rules with the regular parties only. In such cases, we need help of trusted third parties (TPs). If all parties trust a single TP, such a party can enforce all unenforced rules, but it is desirable to use the TP minimally. We also consider the extended case where multiple TPs are required since not every regular party can trust a single TP.

show abstract

“…Since each party is likely to frame rules from its own perspective, the rules taken together may suffer from inconsistency, unenforceability, and other issues. The consistency problem refers to the fact that if a party is provided access to two relations, say R and S, it is very difficult to prevent it from joining these relations, but the rule may deny access to R S. Our previous research has addressed this issue [12] and here we simply assume that the rules are upwards closed, i.e., access to R and S will automatically enable access to R S. The enforceability problem can be illustrated as follows: If a party P is given access to R S but it and no other party has access to both R and S, it is not possible to actually compute R S. We have examined this problem in [13]. In some cases, enforceability requires introducing a trusted third party [14] that is given sufficient access rights to perform the operation in question (e.g., R S in our example).…”

Section: Introductionmentioning

confidence: 99%

Consistent Query Plan Generation in Secure Cooperative Data Access

Le¹,

Kant

Jajodia

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

In this paper, we consider restricted data sharing between a set of parties that wish to provide some set of online services requiring such data sharing. We assume that each party stores its data in private relational databases, and is given a set of mutually agreed set of authorization rules that may involve joins over relations owned by one or more parties. Although the query planning problem in such an environment is similar to the one for distributed databases, the access restrictions introduce significant additional complexity that we address in this paper. We examine the problem of efficiently enforcing rules and generating query execution plans in this environment. Because of the exponential complexity of optimal query planning, our query planning algorithm is heuristics based but produces excellent, if not optimal, results in most of the practical cases.

show abstract

Access Rule Consistency in Cooperative Data Access Environment

Cited by 6 publications

References 21 publications

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Minimum cost rule enforcement for cooperative database access

Consistent Query Plan Generation in Secure Cooperative Data Access

Contact Info

Product

Resources

About