Abstract
The integration of information sources detained by distinct parties, either for security or efficiency reasons, is becoming of great interest. A crucial issue in this scenario is the definition of mechanisms for the integration that correctly satisfy the commercial and business policies of the organization owning the data. In this chapter, we propose a new model based on the characterization of access privileges for a set of servers on the components of a relational schema. The proposed approach is based on three concepts: i) flexible permissions identify portions of the data being authorized, ii) relations are checked for release not with respect to individual authorizations but rather evaluating whether the information release they (directly or indirectly) entail is allowed by the permissions, and iii) each basic operation necessary for query evaluation entails different data exchanges among the servers. Access control is effectively modeled and efficiently executed in terms of graph coloring and composition. The query execution plan is checked against privileges to evaluate if it can or cannot be exploited for query evaluation.
Part of this chapter appeared under S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “Assessing Query Privileges via Safe and Efficient Permission Composition,” in Proc. of the 15th ACM Conference Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, October 2008 [42] ©2008 ACM, Inc. Reprinted by permission http://doi.acm.org/10.1145/1455770.1455810; and under ©2008 IEEE, reprinted, with permission, from S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati,“Controlled Information Sharing in Collaborative Distributed Query Processing,” in Proc. of the 28th International Conference on Distributed Computing Systems (ICDCS 2008), Beijing, China, June 2008 [43].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer US
About this chapter
Cite this chapter
Foresti, S. (2011). Distributed Query Processing under Safely Composed Permissions. In: Preserving Privacy in Data Outsourcing. Advances in Information Security, vol 51. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7659-8_5
Download citation
DOI: https://doi.org/10.1007/978-1-4419-7659-8_5
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-7658-1
Online ISBN: 978-1-4419-7659-8
eBook Packages: Computer ScienceComputer Science (R0)