research-article

A Policy Framework for Data Fusion and Derived Data Control

Authors:

Jerry den Hartog,

Nicola ZannoneAuthors Info & Claims

ABAC '16: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control

Pages 47 - 57

https://doi.org/10.1145/2875491.2875492

Published: 11 March 2016 Publication History

Abstract

Recent years have seen an exponential growth of the collection and processing of data from heterogeneous sources for a variety of purposes. Several methods and techniques have been proposed to transform and fuse data into "useful" information. However, the security aspects concerning the fusion of sensitive data are often overlooked. This paper investigates the problem of data fusion and derived data control. In particular, we identify the requirements for regulating the fusion process and eliciting restrictions on the access and usage of derived data. Based on these requirements, we propose an attribute-based policy framework to control the fusion of data from different information sources and under the control of different authorities. The framework comprises two types of policies: access control policies, which define the authorizations governing the resources used in the fusion process, and fusion policies, which define constraints on allowed fusion processes. We also discuss how such policies can be obtained for derived data.

References

[1]

OGC Geospatial eXensible Access Control Markup Language (GeoXACML) 3.0 Core. OGC Discussion Paper, Open Geospatial Consortium, 2013.

[2]

V. Atluri and A. Gal. An authorization model for temporal and derived data: Securing information portals. ACM Trans. Inf. Syst. Secur., 5(1):62--94, 2002.

Digital Library

[3]

J. Bleiholder and F. Naumann. Data fusion. ACM Comput. Surv., 41(1):1:1--1:41, 2009.

Digital Library

[4]

J. J. Clark and A. L. Yuille. Data Fusion for Sensory Information Processing Systems. Kluwer Academic Publishers, 1990.

Digital Library

[5]

S. Damen, J. den Hartog, and N. Zannone. CollAC: Collaborative access control. In Proceedings of International Conference on Collaboration Technologies and Systems, pages 142--149. IEEE, 2014.

[6]

E. Ferrari, P. Samarati, E. Bertino, and S. Jajodia. Providing flexibility in information flow control for object oriented systems. In Proceedings of Symposium on Security and Privacy, pages 130--140. IEEE, 1997.

Digital Library

[7]

D. Hall and J. Llinas. An introduction to multisensor data fusion. Proceedings of the IEEE, 85(1):6--23, 1997.

[8]

S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214--260, 2001.

Digital Library

[9]

S. P. Kaluvuri, A. I. Egner, J. den Hartog, and N. Zannone. SAFAX - An Extensible Authorization Service for Cloud Environments. Frontiers in ICT, 2(9), 2015.

[10]

D. Langlois and E. Croft. A low-level control policy for data fusion. In Proceedings of International Conference on Multisensor Fusion and Integration for Intelligent Systems, pages 37--42, 2001.

[11]

N. Li, Q. Wang, W. Qardaji, E. Bertino, P. Rao, J. Lobo, and D. Lin. Access control policy combining: Theory meets practice. In Proceedings of ACM Symposium on Access Control Models and Technologies, pages 135--144. ACM, 2009.

Digital Library

[12]

C. McCollum, J. Messing, and L. Notargiacomo. Beyond the pale of MAC and DAC-defining new forms of access control. In Proceedings of Symposium on Research in Security and Privacy, pages 190--200. IEEE, 1990.

[13]

J. Michelfeit and T. Knap. Linked Data Fusion in ODCleanStore. In Proceedings of the ISWC Posters & Demonstrations Track, CEUR Workshop Proceedings 914. CEUR-WS.org, 2012.

Digital Library

[14]

A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol., 9(4):410--442, 2000.

Digital Library

[15]

OASIS XACML Technical Committee. eXtensible Access Control Markup Language (XACML) Version 3.0. Oasis standard, OASIS, 2013.

[16]

F. Paci and N. Zannone. Preventing information inference in access control. In Proceedings of ACM Symposium on Access Control Models and Technologies, pages 87--97. ACM, 2015.

Digital Library

[17]

B. P. S. Rocha, S. Bandhakavi, J. den Hartog, W. H. Winsborough, and S. Etalle. Towards static flow-based declassification for legacy and untrusted programs. In Proceedings of Symposium on Security and Privacy, pages 93--108. IEEE, 2010.

Digital Library

[18]

A. Sabelfeld and A. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, 2003.

Digital Library

[19]

P. Samarati, E. Bertino, A. Ciampichetti, and S. Jajodia. Information flow control in object-oriented systems. IEEE Transactions on Knowledge and Data Engineering, 9(4):524--538, 1997.

Digital Library

[20]

P. Samarati and S. De Capitani di Vimercati. Access control: Policies, models, and mechanisms. In FOSAD, LNCS 2171, pages 137--196. Springer, 2001.

Digital Library

[21]

E. Scalavino, V. Gowadia, and E. Lupu. A labelling system for derived data control. In Data and Applications Security and Privacy XXIV, LNCS 6166, pages 65--80. Springer, 2010.

Digital Library

[22]

A. Stoughton. Access flow: A protection model which integrates access control and information flow. In Proceedings of Symposium on Security and Privacy, pages 9--18. IEEE, 1981.

[23]

H. Takabi, J. Joshi, and G.-J. Ahn. Security and privacy challenges in cloud computing environments. IEEE Security Privacy, 8(6):24--31, 2010.

Digital Library

[24]

J. Thomas, F. Cuppens, and N. Cuppens-Boulahia. Consistency policies for dynamic information systems with declassification flows. In Information Systems Security, LNCS 7093, pages 87--101. Springer, 2011.

Digital Library

[25]

B. Thuraisingham. Secure sensor information management and mining. IEEE Signal Processing Magazine, 21(3):14--19, 2004.

[26]

D. Trivellato, F. Spiessens, N. Zannone, and S. Etalle. Reputation-based ontology alignment for autonomy and interoperability in distributed access control. In Proceedings of IEEE International Conference on Computational Science and Engineering, pages 252--258. IEEE, 2009.

Digital Library

[27]

D. Trivellato, N. Zannone, M. Glaundrup, J. Skowronek, and S. Etalle. A semantic security framework for systems of systems. Int. J. Cooperative Inf. Syst., 22(1), 2013.

[28]

F. Turkmen, J. den Hartog, S. Ranise, and N. Zannone. Analysis of XACML policies with SMT. In Principles of Security and Trust, LNCS 9036, pages 115--134. Springer, 2015.

[29]

A. C. Yao. Protocols for secure computations. In Proceedings of Annual Symposium on Foundations of Computer Science, pages 160--164. IEEE, 1982.

Digital Library

[30]

N. Zannone, S. Jajodia, F. Massacci, and D. Wijesekera. Maintaining privacy on derived objects. In Proceedings of Workshop on Privacy in the Electronic Society, pages 10--19. ACM, 2005.

Digital Library

Cited By

Sheikhalishahi MStork IZannone N(2021)Privacy-preserving policy evaluation in multi-party access controlJournal of Computer Security10.3233/JCS-200007(1-38)Online publication date: 30-Sep-2021
https://doi.org/10.3233/JCS-200007
Di Cerbo FRosa MCabrera Lozoya R(2020)On Results of Data Aggregation OperationsEmerging Technologies for Authorization and Authentication10.1007/978-3-030-64455-0_9(141-153)Online publication date: 4-Dec-2020
https://doi.org/10.1007/978-3-030-64455-0_9
Morisset CRavidas SZannone N(2020)On Attribute Retrieval in ABACFoundations and Practice of Security10.1007/978-3-030-45371-8_14(225-241)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45371-8_14
Show More Cited By

Index Terms

A Policy Framework for Data Fusion and Derived Data Control
1. Information systems
  1. Data management systems
    1. Information integration
      1. Mediators and data integration
2. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models
  2. Security services
    1. Access control
    2. Authorization

Recommendations

Obligation Management Framework for Usage Control
SACMAT 2024: Proceedings of the 29th ACM Symposium on Access Control Models and Technologies

Obligations were introduced in access and usage control as a mechanism to specify mandatory actions to be fulfilled as part of authorization. In this paper, we address challenges related to obligation management in access and usage control, focusing on ...
The UCON_ABC usage control model

In this paper, we introduce the family of UCON_ABC models for usage control (UCON), which integrate Authorizations (A), oBligations (B), and Conditions (C). We call these core models because they address the essence of UCON, leaving administration, ...
Towards a times-based usage control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security

Modern information systems require temporal and privilege-consuming usage of digital objects. To meet these requirements, we present a new access control model-Times-based Usage Control (TUCON). TUCON extends traditional and temporal access control ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ABAC '16: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control

March 2016

82 pages

ISBN:9781450340793

DOI:10.1145/2875491

General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Ram Krishnan
University of Texas at San Antonio

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 March 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Seventh Framework Programme
COMMIT
European Defence Agency
ITEA3

Conference

CODASPY'16

Sponsor:

SIGSAC

CODASPY'16: Sixth ACM Conference on Data and Application Security and Privacy

March 11, 2016

Louisiana, New Orleans, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
214
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sheikhalishahi MStork IZannone N(2021)Privacy-preserving policy evaluation in multi-party access controlJournal of Computer Security10.3233/JCS-200007(1-38)Online publication date: 30-Sep-2021
https://doi.org/10.3233/JCS-200007
Di Cerbo FRosa MCabrera Lozoya R(2020)On Results of Data Aggregation OperationsEmerging Technologies for Authorization and Authentication10.1007/978-3-030-64455-0_9(141-153)Online publication date: 4-Dec-2020
https://doi.org/10.1007/978-3-030-64455-0_9
Morisset CRavidas SZannone N(2020)On Attribute Retrieval in ABACFoundations and Practice of Security10.1007/978-3-030-45371-8_14(225-241)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45371-8_14
Colombo PFerrari E(2019)Access control technologies for Big Data management systems: literature review and future trendsCybersecurity10.1186/s42400-018-0020-92:1Online publication date: 24-Jan-2019
https://doi.org/10.1186/s42400-018-0020-9
Bertolissi Cden Hartog JZannone NKerschbaum FMashatan ANiu JLee A(2019)Using Provenance for Secure Data Fusion in Cooperative SystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325100(185-194)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325100
Paci FSquicciarini AZannone N(2018)Survey on Access Control for Community-Centered Collaborative SystemsACM Computing Surveys10.1145/314602551:1(1-38)Online publication date: 4-Jan-2018
https://dl.acm.org/doi/10.1145/3146025
Sellami MHacid MGammoudi M(2018)A FCA framework for inference control in data integration systemsDistributed and Parallel Databases10.1007/s10619-018-7241-5Online publication date: 1-Aug-2018
https://doi.org/10.1007/s10619-018-7241-5
den Hartog JZannone N(2016)Collaborative Access Decisions: Why Has My Decision Not Been Enforced?Information Systems Security10.1007/978-3-319-49806-5_6(109-130)Online publication date: 24-Nov-2016
https://doi.org/10.1007/978-3-319-49806-5_6

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents