Abstract
Data has become a valuable asset. Extensive work has been put on how to make the best use of data. One of the trends is to open and share data, and to integrate multiple data sources for specific usage, such as searching over multiple sources of data. Integrating multiple sources of data incurs the issue of data security, where different sources of data may have different access control policies. This work investigates the issue of access control over multi data sources when they are integrated together in the scenario of searching over these data. We propose a model to integrate multiple security policies while data are integrated to ensure all data access respects the original data’s access control policies. The proposed model allows the merging of policies and also tackles the issue of policy conflicts. Theoretical analysis has been conducted, which suggests that the proposed model is correct in terms of retaining all original the access control policies and ensure the confidentiality of all data.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agrawal, D., Das, S., El Abbadi, A.: Big data and cloud computing: current state and future opportunities. In: Proceedings of the 14th International Conference on Extending Database Technology, pp. 530–533. ACM (2011)
Alodib, M.: An approach to automating the integration of the access control policies for web services. In: 2013 14th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 181–187. IEEE (2013)
Ardagna, C.A., De Capitani di Vimercati, S., Paraboschi, S., Pedrini, E., Samarati, P., Verdicchio, M.: Expressive and deployable access control in open web service applications. IEEE Trans. Serv. Comput. 4(2), 96–109 (2011)
Cao, N., Wang, C., Li, M., Ren, K., Lou, W.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25(1), 222–233 (2014)
Cruz, I.F., Gjomemo, R., Orsini, M.: A secure mediator for integrating multiple level access control policies. In: Lovrek, I., Howlett, R.J., Jain, L.C. (eds.) KES 2008, Part II. LNCS (LNAI), vol. 5178, pp. 354–362. Springer, Heidelberg (2008)
Famaey, J., De Turck, F.: Federated management of the future internet: status and challenges. Int. J. Netw. Manag. 22(6), 508–528 (2012)
Feng, D.G., Zhang, M., Zhang, Y., Xu, Z.: Study on cloud computing security. J. Softw. 22(1), 71–83 (2011)
Google: Gsa notes from the field: Security. http://static.googleusercontent.com/media/www.google.com/en/us/support/enterprise/static/gsa/docs/deployment/en/GSASecurity.pdf. Accessed Jan 2015
Haddad, M., Hacid, M., Laurini, R.: Data integration in presence of authorization policies. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 92–99. IEEE (2012)
Halevy, A., Ives, Z.: Principles of Data Integration. Elsevier, Amsterdam (2012)
Hu, Y.J., Yang, J.J.: A semantic privacy-preserving model for data sharing and integration. In: Proceedings of the International Conference on Web Intelligence, Mining and Semantics, pp. 9:1–9:12. ACM (2011)
Li, M., Yu, S., Cao, N., Lou, W.: Authorized private keyword search over encrypted data in cloud computing. In: 2011 31st International Conference on Distributed Computing Systems (ICDCS), pp. 383–392. IEEE (2011)
Marchant, R.L.: Common access control terminology used in multilevel security systems. In: Proceedings of the Information Systems Educators Conference (2012). ISSN: 2167–1435
Pan, L., Xu, Q.: Visualization analysis of multi-domain access control policy integration based on tree-maps and semantic substrates. Intell. Inf. Manag. 4(5), 188–193 (2012)
Rao, P., Lin, D., Bertino, E., Li, N., Lobo, J.: An algebra for fine-grained integration of xacml policies. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 63–72. ACM (2009)
Rao, P., Lin, D., Bertino, E., Li, N., Lobo, J.: Fine-grained integration of access control policies. Comput. Secur. 30(2–3), 91–107 (2011)
Ren, K., Wang, C., Wang, Q., et al.: Security challenges for the public cloud. IEEE Internet Comput. 16(1), 69–73 (2012)
Sellami, M., Gammoudi, M.M., Hacid, M.S.: Secure data integration: a formal concept analysis based approach. In: Decker, H., Lhotská, L., Link, S., Spies, M., Wagner, R.R. (eds.) DEXA 2014, Part II. LNCS, vol. 8645, pp. 326–333. Springer, Heidelberg (2014)
Su, M., Li, F., Shi, G., Li, L.: An action based access control model for multi-level security. Int. J. Secur. Appl. (IJSIA) 6(2), 359–366 (2012)
Tankard, C.: Big data security. Netw. Secur. 2012(7), 5–8 (2012)
Thorleuchter, D., Van den Poel, D.: Improved multilevel security with latent semantic indexing. Expert Syst. Appl. 39(18), 13462–13471 (2012)
Wang, C., Cao, N., Li, J., Ren, K., Lou, W.: Secure ranked keyword search over encrypted cloud data. In: 2010 IEEE 30th International Conference on Distributed Computing Systems (ICDCS), pp. 253–262. IEEE (2010)
Watson, P., Little, M.: Multi-level security for deploying distributed applications on clouds, devices and things. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 380–385. IEEE (2014)
Watson, P.: A multi-level security model for partitioning workflows over federated clouds. J. Cloud Comput. 1(1), 1–15 (2012)
Wikipedia: Hasse diagram. http://en.wikipedia.org/wiki/Hasse_diagram. Accessed Jan 2015
Xue, H., Zhang, Y., Guo, Z.: A multilevel security model for private cloud. Chin. J. Electron. 23(2), 232–235 (2014)
Acknowledgements
Research is supported in part by the China MOE-China Mobile Research Fund (No. MCM20121051), China MOE Doctoral Research Fund (No. 201344 07120017), Guangdong Nature Science Fund (No. S2012030006242), Guangdong Modern Information Service Fund (GDEID2012IS063).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Zhao, G. et al. (2015). A Multilevel Security Model for Search Engine Over Integrated Data. In: Nguyen, N., Kowalczyk, R., Xhafa, F. (eds) Transactions on Computational Collective Intelligence XIX . Lecture Notes in Computer Science(), vol 9380. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49017-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-662-49017-4_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-49016-7
Online ISBN: 978-3-662-49017-4
eBook Packages: Computer ScienceComputer Science (R0)