Cited By
View all- Wang ZChen L(2020)Re-encrypted Data Access Control Scheme Based on Blockchain2020 IEEE 6th International Conference on Computer and Communications (ICCC)10.1109/ICCC51575.2020.9345281(1757-1764)Online publication date: 11-Dec-2020
Safety in discretionary access control for logic-based publish-subscribe systems
Pages 3 - 12
Abstract
Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.
References
[1]
Sat4j: Bringing the power of sat technology to the java platform, http://www.sat4j.org/.
[2]
Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf. Design and evaluation of a wide-area event notification service. ACM Transactions on Computer Systems, 19(3):332--383, August 2001.
[3]
Guanling Chen, Ming Li, and David Kotz. Design and implementation of a large-scale context fusion network. In Proceedings of the International Conference on Mobile and Ubiquitous Systems: Networking and Services, pages 246--255, August 2004.
[4]
Anind K. Dey, Daniel Salber, and Gregory D. Abowd. A conceptual framework and a toolkit for supporting the rapid prototyping of context-aware applications. Human Computer Interaction Journal, 16(2-4):97--166, 2001.
[5]
Josep Domingo-Ferrer, editor. Inference Control in Statistical Databases, From Theory to Practice. Springer-Verlag, London, UK, 2002.
[6]
Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. Protection in operating systems. Commun. ACM, 19(8):461--471, 1976.
[7]
Jason I. Hong and James A.Landay. An architecture for privacy-sensitive ubiquitous computing. In Proceedings of the international conference on Mobile systems, applications, and services, pages 177--189, New York, NY, USA, 2004. ACM.
[8]
Marc Langheinrich. Privacy by design- principles of privacy-aware ubiquitous systems. In Proceedings of the International Conference on Ubiquitous Computing (Ubicomp), volume 2201 of Lecture Notes in Computer Science, pages 273--291. Springer-Verlag, 2001.
[9]
Ninghui Li and Mahesh V. Tripunitara. On safety in discretionary access control. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 96--109, Washington, DC, USA, 2005. IEEE Computer Society.
[10]
Ninghui Li, William H. Winsborough, and John C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, page 123, Washington, DC, USA, 2003. IEEE Computer Society.
[11]
Zoltan Miklos. Towards an access control mechanism for wide-area publish/subscribe systems. In Proceedings of the International Conference on Distributed Computing Systems, pages 516--524, Washington, DC, USA, 2002. IEEE Computer Society.
[12]
Shwetak N. Patel, Matthew S. Reynolds, and Gregory D. Abowd. Detecting human movement by differential air pressure sensing in HVAC system ductwork: An exploration in infrastructure mediated sensing. In Proceedings of the International Conference on Pervasive Computing, Berlin, Ireland, May 2008.
[13]
Shwetak N. Patel, Thomas Robertson, Julie A. Kientz1, Matthew S. Reynolds1, and Gregory D. Abowd. At the flick of a switch: Detecting and classifying unique electrical events on the residential power line. In Proceedings of the international conference on Ubiquitous computing, pages 271--288, New York, NY, USA, 2007. ACM.
[14]
Lauri I. W. Pesonen, David M. Eyers, and Jean Bacon. A capability-based access control architecture for multi-domain publish/subscribe systems. In Proceedings of the International Symposium on Applications on Internet, pages 222--228, Washington, DC, USA, 2006. IEEE Computer Society.
[15]
Ravi S. Sandhu. The typed access matrix model. In Proceedings of the 1992 IEEE Symposium on Security and Privacy, page 122, Washington, DC, USA, 1992. IEEE Computer Society.
[16]
Mark E. Stickel. Elimination of inference channels by optimal upgrading. In Proceedings of the IEEE Symposium on Security and Privacy, page 168, Washington, DC, USA, 1994. IEEE Computer Society.
[17]
Tzong-An Su and Gultekin Ozsoyoglu. Controlling FD and MVD inferences in multilevel relational database systems. IEEE Transactions on Knowledge and Data Engineering, 3(4):474--485, 1991.
[18]
David Sutherland. A model of information. In Proceedings of the National Computer Security Conference, pages 175--183, September 1986.
[19]
William H. Winsborough and Ninghui Li. Safety in automated trust negotiation. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 147--160. IEEE Computer Society, May 2004.
[20]
Yuanyuan Zhao and Daniel C. Sturman. Dynamic access control in a content-based publish/subscribe system with delivery guarantees. In Proceedings of the IEEE International Conference on Distributed Computing Systems, page 60, Washington, DC, USA, 2006. IEEE Computer Society.
Index Terms
- Safety in discretionary access control for logic-based publish-subscribe systems
Recommendations
Safety analysis of usage control authorization models
ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications securityThe usage control (UCON) model was introduced as a unified approach to capture a number of extensions for traditional access control models. While the policy specification flexibility and expressive power of this model have been studied in previous work,...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
A Framework for Access Control with Inference Constraints
COMPSAC '11: Proceedings of the 2011 IEEE 35th Annual Computer Software and Applications ConferenceIn this paper we present an approach for investigating the feasibility of reducing inference control to access control, as the latter is a more desirable means of preventing unauthorized access to sensitive data. Access control is preferable over ...
Comments
Information & Contributors
Information
Published In
June 2009
258 pages
Copyright © 2009 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 03 June 2009
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SACMAT '09: 14th ACM Symposium on Access Control Models and Technologies
June 3 - 5, 2009
Stresa, Italy
Acceptance Rates
SACMAT '09 Paper Acceptance Rate 24 of 75 submissions, 32%;
Overall Acceptance Rate 177 of 597 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 252Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
Cited By
View all- Wang ZChen L(2020)Re-encrypted Data Access Control Scheme Based on Blockchain2020 IEEE 6th International Conference on Computer and Communications (ICCC)10.1109/ICCC51575.2020.9345281(1757-1764)Online publication date: 11-Dec-2020
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in