research-article

Confidentiality-preserving distributed proofs of conjunctive queries

Authors:

Kazuhiro Minami,

Nikita BorisovAuthors Info & Claims

ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

Pages 287 - 297

https://doi.org/10.1145/1533057.1533096

Published: 10 March 2009 Publication History

Abstract

Distributed proof construction protocols have been shown to be valuable for reasoning about authorization decisions in open distributed environments such as pervasive computing spaces. Unfortunately, existing distributed proof protocols offer only limited support for protecting the confidentiality of sensitive facts, which limits their utility in many practical scenarios. In this paper, we propose a distributed proof construction protocol in which the release of a fact's truth value can be made contingent upon facts managed by other principals in the system. We formally prove that our protocol can safely prove conjunctions of facts without leaking the truth values of individual facts, even in the face of colluding adversaries and fact release policies with cyclical dependencies. This facilitates the definition of context-sensitive release policies that enable the conditional use of sensitive facts in distributed proofs.

References

[1]

A. W. Appel and E. W. Felten. Proof-carrying authentication. In Proceedings of the Sixth ACM Conference on Computer and Communications Security, Nov. 1999.

Digital Library

[2]

L. Bauer, S. Garriss, and M. K. Reiter. Distributed proving in access-control systems. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 81--95, 2005.

Digital Library

[3]

E. Bertino, E. Ferrari, and A. C. Squicciarini. Trust-X: A peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering, 16(7):827--842, July 2004.

Digital Library

[4]

P. Bonatti and P. Samarati. Regulating service access and information release on the web. In Proceedings of the Seventh ACM Conference on Computer and Communications Security, pages 134--143, 2000.

Digital Library

[5]

D. Boneh and M. Franklin. Identity based encryption from the Weil pairing. SIAM Journal of Computing, 32(3):586--615, 2003.

Digital Library

[6]

S. A. Brands. Rethinking Public Key Infrastructure and Digital Certificates. MIT Press, Cambridge, MA, USA, 2000.

Digital Library

[7]

J. DeTreville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, page 105, 2002.

Digital Library

[8]

D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. In STOC '91: Proceedings of the twenty-third annual ACM symposium on Theory of computing, pages 542--552, New York, NY, USA, 1991. ACM.

Digital Library

[9]

C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Proceedings of the Third Theory of Cryptography Conference, pages 265--284, Mar. 2006.

Digital Library

[10]

T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):469--472, 1985.

Digital Library

[11]

O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proceedings of the 19th annual ACM Conference on Theory of Computing, pages 218--229, New York, NY, USA, 1987. ACM Press.

Digital Library

[12]

A. Ivan and Y. Dodis. Proxy cryptography revisited. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS 2003), Feb. 2003.

[13]

T. Kohno, A. Broido, and K. Claffy. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2(2):93--108, 2005.

Digital Library

[14]

A. J. Lee, K. Minami, and N. Borisov. Confidentiality-preserving distributed proofs of conjunctive queries (extended version). Department of Computer Science Technical Report TR-08-161, University of Pittsburgh, Dec. 2008.

[15]

A. J. Lee, K. Minami, and M. Winslett. Lightweight consistency enforcement schemes for distributed proofs with hidden subtrees. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pages 101--110, 2007.

Digital Library

[16]

A. J. Lee and M. Winslett. Enforcing safety and consistency constraints in policy-based authorization systems. ACM Transactions on Information and System Security, to appear.

Digital Library

[17]

K. LeFevre, D. J. DeWitt, and R. Ramakrishnan. Mondrian multidimensional k-anonymity. In Proceedings of the 22nd International Conference on Data Engineering (ICDE), Apr. 2006.

Digital Library

[18]

J. Li and N. Li. A construction for general and efficient oblivious commitment based envelope protocols. In Proceedings of 8th International Conference on Information and Communications Security (ICICS), pages 122--138, Dec. 2006.

Digital Library

[19]

J. Li and N. Li. OACerts: oblivious attribute certificates. IEEE Transactions on Dependable and Secure Computing (TDSC), 3(4):340--352, Oct. 2006.

Digital Library

[20]

J. Li, N. Li, and W. H. Winsborough. Automated trust negotiation using cryptographic credentials. ACM Transactions on Information and System Security, to appear.

Digital Library

[21]

A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. In Proceedings of the 22nd International Conference on Data Engineering (ICDE), Apr. 2006.

Digital Library

[22]

K. Minami and D. Kotz. Secure context-sensitive authorization. Journal of Pervasive and Mobile Computing, 1(1):123--156, Mar. 2005.

Digital Library

[23]

A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets (how to break anonymity of the Netflix prize dataset). In Proceedings of 29th IEEE Symposium on Security and Privacy, May 2008.

Digital Library

[24]

P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of EUROCRYPT---Advances in Cryptology, 1999.

Digital Library

[25]

M. Prabhakaran and M. Rosulek. Cryptographic complexity of multi-party computation problems: Classifications and separations. Electronic Colloquium on Computational Complexity (ECCC), 15(50), 2008.

[26]

L. Sweeney. k-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Kowledge-based Systems, 10(5):557--570, 2002.

Digital Library

[27]

W. H. Winsborough and N. Li. Towards practical automated trust negotiation. In Proceedings of the Third IEEE International Workshop on Policies for Distributed Systems and Networks, pages 92--103, June 2002.

Digital Library

[28]

W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated trust negotiation. In Proceedings of the DARPA Information Survivability Conference and Exposition, pages 88--102, Jan. 2000.

[29]

M. Winslett, C. C. Zhang, and P. A. Bonatti. PeerAccess: a logic for distributed authorization. In Proceedings of the 12th ACM Conference on Computer and Communications Security, pages 168--179, 2005.

Digital Library

[30]

X. Xiao and Y. Tao. m-invariance: Towards privacy preserving re-publication of dynamic datasets. In Proceedings of the ACM Conference on Management of Data (SIGMOD), pages 689--700, June 2007.

Digital Library

[31]

T. Yu, M. Winslett, and K. E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security, 6(1):1--42, Feb. 2003.

Digital Library

Cited By

Shakarami MSandhu R(2019)Safety and Consistency of Subject Attributes for Attribute-Based Pre-Authorization SystemsNational Cyber Summit (NCS) Research Track10.1007/978-3-030-31239-8_19(248-263)Online publication date: 25-Sep-2019
https://doi.org/10.1007/978-3-030-31239-8_19
Minami KBorisov NWinslett MLee ACheung BHui LSandhu RWong D(2011)Confidentiality-preserving proof theories for distributed proof systemsProceedings of the 6th ACM Symposium on Information, Computer and Communications Security10.1145/1966913.1966933(145-154)Online publication date: 22-Mar-2011
https://dl.acm.org/doi/10.1145/1966913.1966933
Jurczyk PXiong L(2011)Information Sharing across Private Databases: Secure Union Revisited2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing10.1109/PASSAT/SocialCom.2011.204(996-1003)Online publication date: Oct-2011
https://doi.org/10.1109/PASSAT/SocialCom.2011.204
Show More Cited By

Index Terms

Confidentiality-preserving distributed proofs of conjunctive queries

Recommendations

Lightweight consistency enforcement schemes for distributed proofs with hidden subtrees
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies

In distributed proof construction systems, information release policies can make it unlikely that any single node in the system is aware of the complete structure of any particular proof tree. This property makes it difficult for queriers to determine ...
Confidentiality-preserving proof theories for distributed proof systems
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

A distributed proof system is an effective way for deriving useful information by combining data from knowledge bases managed by multiple different principals across different administrative domains. As such, many researchers have proposed using these ...
Block-Sorted quantified conjunctive queries
ICALP'13: Proceedings of the 40th international conference on Automata, Languages, and Programming - Volume Part II

We study the complexity of model checking in quantified conjunctive logic, that is, the fragment of first-order logic where both quantifiers may be used, but conjunction is the only permitted connective. In particular, we study block-sorted queries, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

March 2009

408 pages

ISBN:9781605583945

DOI:10.1145/1533057

General Chairs:
Wanqing Li
University of Wollongong, Australia
,
Willy Susilo
University of Wollongong, Australia
,
Udaya Tupakula
Macquarie University, Australia
,
Program Chairs:
Rei Safavi-Naini
University of Calgary, Canada
,
Vijay Varadharajan
Macquarie University, Australia

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Division of Computer and Network Systems

Conference

Asia CCS 09

Sponsor:

SIGSAC

Asia CCS 09: Asia CCS 2009 ACM Symposium on Information, Computer and Communications Security

March 10 - 12, 2009

Sydney, Australia

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
202
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shakarami MSandhu R(2019)Safety and Consistency of Subject Attributes for Attribute-Based Pre-Authorization SystemsNational Cyber Summit (NCS) Research Track10.1007/978-3-030-31239-8_19(248-263)Online publication date: 25-Sep-2019
https://doi.org/10.1007/978-3-030-31239-8_19
Minami KBorisov NWinslett MLee ACheung BHui LSandhu RWong D(2011)Confidentiality-preserving proof theories for distributed proof systemsProceedings of the 6th ACM Symposium on Information, Computer and Communications Security10.1145/1966913.1966933(145-154)Online publication date: 22-Mar-2011
https://dl.acm.org/doi/10.1145/1966913.1966933
Jurczyk PXiong L(2011)Information Sharing across Private Databases: Secure Union Revisited2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing10.1109/PASSAT/SocialCom.2011.204(996-1003)Online publication date: Oct-2011
https://doi.org/10.1109/PASSAT/SocialCom.2011.204
Pikulkaew TKikuchi H(2011)Improving Efficiency in Privacy-Preserving Automated Trust Negotiation with Conjunctive PoliciesProceedings of the 2011 14th International Conference on Network-Based Information Systems10.1109/NBiS.2011.114(679-684)Online publication date: 7-Sep-2011
https://dl.acm.org/doi/10.1109/NBiS.2011.114
Wongchaowart BLee AFeng DBasin DLiu P(2010)Oblivious enforcement of hidden information release policiesProceedings of the 5th ACM Symposium on Information, Computer and Communications Security10.1145/1755688.1755730(324-327)Online publication date: 13-Apr-2010
https://dl.acm.org/doi/10.1145/1755688.1755730
Lee AYu TLe Gall YFeng DBasin DLiu P(2010)Effective trust management through a hybrid logical and relational approachProceedings of the 5th ACM Symposium on Information, Computer and Communications Security10.1145/1755688.1755710(169-179)Online publication date: 13-Apr-2010
https://dl.acm.org/doi/10.1145/1755688.1755710

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten