Abstract
In many data integration applications, a loosely coupled database federation is the underlying data model. This paper studies two related security issues unique to such a model, namely, how to support fine-grained access control of remote data and how to ensure the integrity of such data while allowing legitimate updates. For the first issue, we adapt the integrity lock architecture in multi-level database systems to a database federation. For the second issue, we propose threestage procedure based on grids of Merkel Hash Trees. Finally, the performance of the proposed architecture and scheme is evaluated through experiments.
Chapter PDF
References
Paul Ammann, Sushil Jajodia, and Peng Liu. Recovery from malicious transactions. IEEE Transactions on Knowledge and Data Engineering, 14(5):1167–1185, 2002.
Jonscher D. and K.R. Dittrich. Argos - a configurable access control system for interoperable environments. In IFIP Workshop on Database Security, pages 43–60, 1995.
S. Dawson, P. Samarati, S. De Capitani di Vimercati, P. Lincoln, G. Wiederhold, M. Bilello, J. Akella, and Y. Tan. Secure access wrapper: Mediating security between heterogeneous databases. In DARPA Information Survivability Conference and Exposition (DISCEX), 2000.
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Overencryption: Management of access control evolution on outsourced data. In VLDB, 2007.
D.E. Denning. Cryptographic checksums for multilevel database security. In Proc. of the 1984 IEEE Symposium on Security and Privacy, pages 52–61, 1984.
D.E. Denning. Commutative filters for reducing inference threats in multilevel database systems. In Proc. of the 1985 IEEE Symposium on Security and Privacy, pages 134–146, 1985.
Premkumar T. Devanbu, Michael Gertz, Chip Martel, and Stuart G. Stubblebine. Authentic third-party data publication. In IFIP 11.3 Working Conference on Database Security, pages 101–112, 2000.
R. Graubart. The integrity-lock approach to secure database management. In Proc. of the 1984 IEEE Symposium on Security and Privacy, page 62, 1984.
E. Gudes and M.S. Olivier. Security policies in replicated and autonomous databases. In Proc. of the IFIP TC11 WG 11.3 Twelfth International Conference on Database Security, pages 93– 107, 1998.
H. Guo, Y. Li, A. Liu, and S. Jajodia. A fragile watermarking scheme for detecting malicious modifications of database relations. Information Sciences, 176(10):1350–1378, 2006.
S. Jajodia and R.S. Sandhu. Toward a multilevel secure relational data model. In M.D. Abrams, S. Jajodia, and H.J. Podell, editors, Information Security An Integrated Collection of Essays, pages 460–492. IEEE Computer Society Press, 1995.
S. Jajodia, R.S. Sandhu, and B.T. Blaustein. Solutions to the polyinstantiation problem. In M.D. Abrams, S. Jajodia, and H.J. Podell, editors, Information Security An Integrated Collection of Essays, pages 493–530. IEEE Computer Society Press, 1995.
D. Jonscher and K.R. Dittrich. An approach for building secure database federations. In Proc. of the 20th VLDB Very Large Data Base Conference, pages 24–35, 1994.
Feifei Li, Marios Hadjieleftheriou, George Kollios, and Leonid Reyzin. Dynamic authenticated index structures for outsourced databases. In Proceedings of the 2006 ACM SIGMOD international conference on Management of data, pages 121–132, New York, NY, USA, 2006. ACM Press.
C. Meadows. The integrity lock architecture and its application to message systems: Reducing covert channels. In Proc. of the 1987 IEEE Symposium on Security and Privacy, page 212, 1987.
R.C. Merle. A certified digital signature. In Proc. of the Advances in Cryptology (CRYPTO’89), pages 218–238, 1989.
E. Mykletun and G. Tsudik. Aggregation queries in the database-as-a-service model. In Proc. of the 2006 IFIP 11.3 Working Conference on Database Security, 2006.
Einar Mykletun, Maithili Narasimha, and Gene Tsudik. Authentication and integrity in outsourced databases. ACM Transactions on Storage (TOS), 2(2):107–138, 2006.
L. Notargiacomo. Architectures for mls database management systems. In M.D. Abrams, S. Jajodia, and H.J. Podell, editors, Information Security An Integrated Collection of Essays, pages 439–459. IEEE Computer Society Press, 1995.
HweeHwa Pang, Arpit Jain, Krithi Ramamritham, and Kian-Lee Tan. Verifying completeness of relational query results in data publishing. In Proceedings of the 2005 ACM SIGMOD international conference on Management of data, pages 407–418, New York, NY, USA, 2005. ACM Press.
A.P. Sheth and J.A. Larson. Federated database system for managing distributed, hetergeneous, and autonomous databases. ACM Computing Surveys, 22(3):183–236, 1990.
Hai Wang and Peng Liu. Modeling and evaluating the survivability of an intrusion tolerant database system. In ESORICS, 2006.
J. Yang, D. Wijesekera, and S. Jajodia. Subject switching algorithms for access control in federated databases. In Proc. of 15th IFIP WG11.3 Working Conference on Database and Application Security, pages 199–204, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Li, W., Wang, L., Zhu, B., Zhang, L. (2008). An Integrity Lock Architecture for Supporting Distributed Authorizations in Database Federations. In: Jajodia, S., Samarati, P., Cimato, S. (eds) Proceedings of The Ifip Tc 11 23rd International Information Security Conference. SEC 2008. IFIP – The International Federation for Information Processing, vol 278. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09699-5_13
Download citation
DOI: https://doi.org/10.1007/978-0-387-09699-5_13
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09698-8
Online ISBN: 978-0-387-09699-5
eBook Packages: Computer ScienceComputer Science (R0)