Secure Data Management in Decentralized Systems (eBook)

Contents 6
Preface 8
Part I Foundation 10
Basic Security Concepts 12
1 Introduction 12
2 Security Policy 13
3 Mechanism 27
4 Assurance 32
5 Basic Architecture for Trusted Operating Systems 52
6 Conclusion 28
References 29
Access Control Policies and Languages in Open Environments 30
1 Introduction 30
2 Basic Concepts 32
3 Logic-Based Access Control Languages 35
4 XML-Based Access Control Languages 45
5 Credential-Based Access Control Languages 52
6 Policy Composition 57
7 Conclusions 64
8 Acknowledgments 64
References 64
Trusted Recovery 68
1 Introduction 68
2 Basic Concepts in Attack Recovery 71
3 Transaction Models for Attack Recovery 74
4 Damage Assessment and Repair 76
5 Single-Version based Recovery 81
6 Multi-Version based Recovery 91
7 Related Work 96
8 Conclusion 99
9 Acknowledgment 99
References 99
Part II Access Control for Semi-structured Data 104
Access Control Policy Models for XML 106
1 Introduction 106
2 Example XML Document and Policy 108
3 Access Control Policy Model 110
4 Access Control Policy Languages 116
5 Efficient Policy Enforcement Mechanisms 123
6 Summary 133
References 133
Optimizing Tree Pattern Queries over Secure XML Databases 136
1 Introduction 136
2 Related Work 138
3 Model and The Problem 143
4 Definitions and Conventions 148
5 Tree-Structured DTD Graph 149
6 DAG-structured DTD Graphs 151
7 DAG-Structured DTDs with Choice 162
8 Experiments 168
9 Summary 172
References 172
Part III Distributed Trust Management 176
Rule-based Policy Specification 178
1 Introduction 178
2 Security Policies 179
3 Policy-Based Trust Management 189
4 Action Languages 198
5 Business Rules 206
6 Unifying Frameworks 213
7 Summary and Open Research Issues 215
8 Acknowledgements 217
References 218
Automated Trust Negotiation in Open Systems 226
1 Introduction 226
2 Basic Concepts of Automated Trust Negotiation 229
3 Interoperable Strategies 231
4 A Unified Scheme for Resource Protection in Trust Negotiation 242
5 Rust Negotiation System Design 252
6 Conclusion 263
References 265
Building Trust and Security in Peer-to-Peer Systems 268
1 Introduction 268
2 Evolution of P2P 269
3 System Architectures and Need for Security 274
4 Need for Trust in P2P Systems 274
5 A Vision of Trusted P2P Systems 276
6 Literature Review 277
7 Universal Trust Set 279
8 Our Approach to Trust and Security 282
9 P2P for the Future and Open Issues 289
10 Conclusions 293
References 293
Part IV Privacy in Cross-Domain Information Sharing 298
Microdata Protection 300
1 Introduction 300
2 Macrodata Versus Microdata 302
3 Classification of Microdata Disclosure Protection Techniques 305
4 Masking Techniques 307
5 Synthetic Data Generation Techniques 315
6 Measures for Assessing Microdata Confidentiality and Utility 321
7 Conclusions 326
8 Acknowledgments 327
References 327
k- Anonymity 332
1 Introduction 332
2 k-Anonymity and k-Anonymous Tables 334
3 Classification of k-Anonymity Techniques 342
4 Algorithms for AG-TS and AG- 346
5 Algorithms for -CS and CG- Models 354
6 Further Studies on k-Anonymity 355
7 Conclusions 359
8 Acknowledgments 360
References 360
Preserving Privacy in On-line Analytical Processing Data Cubes* 364
1 Introduction 364
2 Related Work 366
3 Preliminaries 367
4 Cardinality-based Inference Control in Sum-only Data Cubes 370
5 Parity-based Inference Control in Sum-only Data Cubes 376
6 Lattice-based Inference Control in Data Cubes 381
7 Conclusion 386
References 387
Part V Security in Emerging Data Services 391
Search on Encrypted Data 392
1 Introduction 392
2 Keyword search on encrypted text data 395
3 Search over Encrypted Relational Data 402
4 Conclusions 431
Acknowledgements 432
References 433
Rights Assessment for Relational Data 436
1 Introduction 436
2 Model 437
3 Numeric Types 445
4 Categorical Types 456
5 Related Work 461
6 State of The Art and the Future 463
7 Conclusions 463
References 464
Index 468

2 Security Policy (p. 4)

The security policy elaborates on each of the three generic objectives of security- secrecy, integrity, and availability-in the context of a particular system. Thus, com- puter security policies are used like requirements, they are the starting point in the development of any system that has security features. The security policy of a system is the basis for the choice of its protection mechanisms and the techniques used to assure its enforcement of the security policy.

Existing security policies tend to focus only on the secrecy requirement of se- curity. Thus, these policies deal with defining what is authorized or, more simply, arriving at a satisfactory definition of the secrecy component. The choice of a security policy with reasonable consequences is nontrivial and a separate topic in its own right. In fact, security policies are investigated through formal mathematical models. These models have shown, among other things, that the consequences of arbitrary but relatively simple security policies are undecidable and that avoiding this undecidability is nontrivial [5,7,8]. To read more about the formal security models, see [3].

All security policies are stated in terms of objects and subjects. This is because in reasoning about security policies, we must be careful about the distinction between users and the processes that act on behalf of the users. Users are human beings that are recognized by the system as users with an unique identity. This is achieved via identification and authentication mechanisms, the familiar example is a user identi- fier and password.

All system resources are abstractly lumped together as objects and, thus, all ac- tivities within a system can be viewed as sequences of operations on objects. In the relational database context, an object may be a relation, a tuple within a relation, or an attribute value within a tuple. More generally, anything that holds data may be an object, such as memory, directories, interprocess messages, network packets, I10 devices, or physical media.

A subject is an abstraction of the active entities that perform computation in the system. Thus, only subjects can access or manipulate objects. In most cases, within the system a subject is usually a process, job, or task, operating on behalf of some user, although at a higher level of abstraction users may be viewed as subjects. A user can have several subjects running in the system on his or her behalf at the same time, but each subject is associated with only a single user. This requirement is important to ensure the accountability of actions in a system.

Although the subject-object paradigm makes a clear distinction between subjects and objects (subjects are active entities, while objects are passive entities), an entity could be both a subject and an object. The only requirement is that if an entity be- haves like a subject (respectively, object), it must abide by rules of the model that apply to subjects (respectively, objects).

Basic Security Concepts 5

The reason a distinction must be made between users and subjects is that while users are trusted not to deliberately leak information (they do not require a computer system to do so), subjects initiated by the users cannot be trusted to always abide by the security policy.