research-article

Access control over uncertain data

Authors:

Vibhor Rastogi,

Evan WelbourneAuthors Info & Claims

Proceedings of the VLDB Endowment, Volume 1, Issue 1

Pages 821 - 832

https://doi.org/10.14778/1453856.1453945

Published: 01 August 2008 Publication History

Abstract

Access control is the problem of regulating access to secret information based on certain context information. In traditional applications, context information is known exactly, permitting a simple allow/deny semantics. In this paper, we look at access control when the context is itself uncertain. Our motivating application is RFID data management, in which the location of objects and people, and the associations between them is often uncertain to the system, yet access to private data is strictly defined in terms of these locations and associations.

We formalize a natural semantics for access control that allows the release of partial information in the presence of uncertainty and describe an algorithm that uses a provably optimal perturbation function to enforce these semantics. To specify access control policies in practice, we describe UCAL, a new access control language for uncertain data. We then describe an output perturbation algorithm to implement access control policies described by UCAL. We carry out a set of experiments that demonstrate the feasibility of our approach and confirm its superiority over other possible approaches such as thresholding or sampling.

References

[1]

http://rfid.cs.washington.edu/.

[2]

M. Abadi. Logic in access control. In LICS, 2003.

Digital Library

[3]

S. Abiteboul and O. Duschka. Complexity of answering queries using materialized views. In PODS, 1998.

Digital Library

[4]

P. Balbiani. Acces control with uncertain surveillance. In International Conference on Web Intelligence, 2005.

Digital Library

[5]

A. R. Beresford and F. Stajano. Location privacy in pervasive computing. In IEEE Pervasive Computing, 2003.

Digital Library

[6]

N. N. Dalvi and D. Suciu. Efficient query evaluation on probabilistic databases. VLDB J, 2007.

Digital Library

[7]

O. M. Duschka and M. R. Genesereth. Answering recursive queries using views. In PODS, 1997.

Digital Library

[8]

C. Dwork. Differential privacy. In ICALP, 2006.

Digital Library

[9]

C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Proceedings of Theory of Cryptography. Springer, 2006.

Digital Library

[10]

A. Evfimievski, J. Gehrke, and R. Srikant. Limiting privacy breaches in privacy preserving data mining. In PODS, 2003.

Digital Library

[11]

S. R. Jeffery, M. N. Garofalakis, and M. J. Franklin. Adaptive cleaning for RFID data streams. In VLDB, 2006.

Digital Library

[12]

B. Lampson. Protection. In Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems.

[13]

A. Motro. An access authorization model for relational databases based on algebraic manipulation of view definitions. In IEEE Data Engineering, 1989.

Digital Library

[14]

V. Rastogi, S. Hong, and D. Suciu. The boundary between privacy and utility in data publishing. In VLDB, 2007. ACM.

Digital Library

[15]

V. Rastogi, D. Suciu, and E. Welbourne. Access control over uncertain data. In Technical Report, 2008.

Digital Library

[16]

C. Re, J. Letchner, M. Balazinska, and D. Suciu. Event queries on corrleated probabilistic streams. In SIGMOD, 2008.

Digital Library

[17]

C. Re and D. Suciu. Materialized views in probabilistic databases: for information exchange and query optimization. In VLDB, 2007.

Digital Library

[18]

S. Rizvi, A. O. Mendelzon, S. Sudarshan, and P. Roy. Extending query rewriting techniques for fine-grained access control. In SIGMOD. ACM, 2004.

Digital Library

[19]

A. Rosenthal and E. Sciore. Abstracting and refining authorization in sql. In Secure Data Management, 2004.

[20]

P. Sen and A. Deshpande. Representing and querying correlated tuples in probabilistic databases. In ICDE. IEEE, 2007.

[21]

Q. Wang, T. Yu, N. Li, J. Lobo, E. Bertino, K. Irwin, and J.-W. Byun. On the correctness criteria of fine-grained access control in relational databases. In VLDB, 2007.

Digital Library

Cited By

Raval NSrivastava ALebeck KCox LMachanavajjhala ABrush AFriday AKientz JScott JSong J(2014)MarkItProceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication10.1145/2638728.2641707(1289-1295)Online publication date: 13-Sep-2014
https://dl.acm.org/doi/10.1145/2638728.2641707
Cuzzocrea AHacid MGrillo N(2010)Inheriting access control rules from large relational databases to materialized views automaticallyProceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part III10.5555/1885450.1885505(426-437)Online publication date: 8-Sep-2010
https://dl.acm.org/doi/10.5555/1885450.1885505
Cuzzocrea AHacid MGrillo NDesai BBernardino J(2010)Effectively and efficiently selecting access control rules on materialized views over relational databasesProceedings of the Fourteenth International Database Engineering & Applications Symposium10.1145/1866480.1866512(225-235)Online publication date: 16-Aug-2010
https://dl.acm.org/doi/10.1145/1866480.1866512
Show More Cited By

Index Terms

Access control over uncertain data

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Role-Based Access Control Models

Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the VLDB Endowment

Proceedings of the VLDB Endowment Volume 1, Issue 1

August 2008

1216 pages

ISSN:2150-8097

Issue’s Table of Contents

Publisher

VLDB Endowment

Publication History

Published: 01 August 2008

Published in PVLDB Volume 1, Issue 1

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
274
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Raval NSrivastava ALebeck KCox LMachanavajjhala ABrush AFriday AKientz JScott JSong J(2014)MarkItProceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication10.1145/2638728.2641707(1289-1295)Online publication date: 13-Sep-2014
https://dl.acm.org/doi/10.1145/2638728.2641707
Cuzzocrea AHacid MGrillo N(2010)Inheriting access control rules from large relational databases to materialized views automaticallyProceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part III10.5555/1885450.1885505(426-437)Online publication date: 8-Sep-2010
https://dl.acm.org/doi/10.5555/1885450.1885505
Cuzzocrea AHacid MGrillo NDesai BBernardino J(2010)Effectively and efficiently selecting access control rules on materialized views over relational databasesProceedings of the Fourteenth International Database Engineering & Applications Symposium10.1145/1866480.1866512(225-235)Online publication date: 16-Aug-2010
https://dl.acm.org/doi/10.1145/1866480.1866512
Cheng RChen LChen JXie X(2009)Evaluating probability threshold k-nearest-neighbor queries over uncertain dataProceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology10.1145/1516360.1516438(672-683)Online publication date: 24-Mar-2009
https://dl.acm.org/doi/10.1145/1516360.1516438

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents