Security Mechanisms Planning to Enforce Security Policies

  • Anis BkakriaEmail author
  • Frédéric Cuppens
  • Nora Cuppens-Boulahia
  • David Gross-Amblard
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9482)


This paper presents an approach allowing for a given security and utility requirements, the selection of a combination of mechanisms and the way it will be applied to enforce them. To achieve this goal, we firstly use an expressive formal language to specify the security and utility properties required by data owners and the security mechanisms that can be used to enforce them. Second, we extend and use a Graphplan-based approach to build a planning graph representing all possible transformations of the system resulting from the application of security mechanisms. Finally, we define a method to search the best security mechanisms execution plan to transform the used system from its initial state to a state in which the security requirements are enforced.


Security Mechanisms Enforce Security Policies Utility Requirements Data Owner Planar Graphs 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bkakria, A., Cuppens, F., Cuppens-Boulahia, N., Fernandez, J.M., et al.: Confidentiality-preserving query execution of fragmented outsourced data. In: Mustofa, K., Neuhold, E.J., Tjoa, T.J., Weippl, E., You, I. (eds.) ICT-EurAsia 2013. LNCS, vol. 7804, pp. 426–440. Springer, Heidelberg (2013)Google Scholar
  2. 2.
    Bkakria, A., Cuppens, F., Cuppens-Boulahia, N., Fernandez, J.M., Gross-Amblard, D.: Preserving multi-relational outsourced databases confidentiality using fragmentation and encryption. JoWUA 4(2), 39–62 (2013)Google Scholar
  3. 3.
    Bkakria, A., Cuppens, F., Cuppens-Boulahia, N., Gross-Amblard, D.: Specification and deployment of integrated security policies for outsourced data. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 17–32. Springer, Heidelberg (2014)Google Scholar
  4. 4.
    Bkakria, A., Schaad, A., Kerschbaum, F., Cuppens, F., Cuppens-Boulahia, N., Gross-Amblard, D.: Optimized and controlled provisioning of encrypted outsourced data. In: 19th ACM Symposium on Access Control Models and Technologies, SACMAT 2014, London, ON, Canada, 25–27 June 2014, pp. 141–152 (2014)Google Scholar
  5. 5.
    Blum, A., Furst, M.L.: Fast planning through planning graph analysis. In: Proceedings of the Fourteenth International Joint Conference on Artificial Intelligence, IJCAI 1995, Montréal Québec, Canada, 20–25 August 1995, vol. 2, pp. 1636–1642 (1995)Google Scholar
  6. 6.
    Boho, A., Van Wallendael, G., Dooms, A., De Cock, J., Braeckman, G., Schelkens, P., Preneel, B., Van de Walle, R.: End-to-end security for video distribution: the combination of encryption, watermarking, and video adaptation. IEEE Sig. Process. Mag. 30(2), 97–107 (2013)CrossRefGoogle Scholar
  7. 7.
    Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A., et al.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and encryption to enforce privacy in data storage. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 171–186. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Fikes, R., Nilsson, N.J.: STRIPS: a new approach to the application of theorem proving to problem solving. Artif. Intell. 2(3/4), 189–208 (1971)CrossRefzbMATHGoogle Scholar
  10. 10.
    Gabbay, D., Pnueli, A., Shelah, S., Stavi, J.: On the temporal analysis of fairness. In: Proceedings of the 7th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1980, pp. 163–173. ACM, New York (1980)Google Scholar
  11. 11.
    Gross-Amblard, D.: Query-preserving watermarking of relational databases and xml documents. ACM Trans. Database Syst. 36(1), 3 (2011)CrossRefGoogle Scholar
  12. 12.
    Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, Madison, Wisconsin, 3–6 June 2002, pp. 216–227 (2002)Google Scholar
  13. 13.
    Kautz, H.A., Selman, B.: Pushing the envelope: planning, propositional logic and stochastic search. In: Proceedings of the Thirteenth National Conference on Artificial Intelligence and Eighth Innovative Applications of Artificial Intelligence Conference, AAAI 1996, IAAI 1996, Portland, Oregon, 4–8 August 1996, vol. 2, pp. 1194–1201 (1996)Google Scholar
  14. 14.
    Kautz, H.A., Selman, B., Hoffmann, J.: SatPlan: planning as satisfiability. In: Abstracts of the 5th International Planning Competition (2006)Google Scholar
  15. 15.
    Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, San Diego, California (2004)Google Scholar
  16. 16.
    Narasimha, M., Tsudik, G.: DSAC: an approach to ensure integrity of outsourced databases using signature aggregation and chaining. IACR Cryptology ePrint Arch. 2005, 297 (2005)Google Scholar
  17. 17.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Pipatsrisawat, K., Darwiche, A.: Rsat 2.0: Sat solver description. Technical report (2007)Google Scholar
  19. 19.
    Popa, R.A., Redfield, Catherine M. S Zeldovich, N., Balakrishnan, H.: Cryptdb: protecting confidentiality with encrypted query processing. In: Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP 2011, Cascais, Portugal, 23–26 October 2011, pp. 85–100 (2011)Google Scholar
  20. 20.
    Robinson, N., Gretton, C., Pham, D.-N.: Co-plan: combining sat-based planning with forward-search. In: Proceedings of IPC-6 (2008)Google Scholar
  21. 21.
    Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty, Fuzziness Knowl.Based Syst. 10(5), 557–570 (2002)CrossRefMathSciNetzbMATHGoogle Scholar
  22. 22.
    Xiao, L., Yen, I.-L.: Security analysis for order preserving encryption schemes. In: 46th Annual Conference on Information Sciences and Systems, CISS , Princeton, 21–23 March 2012, pp. 1–6 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Anis Bkakria
    • 1
    Email author
  • Frédéric Cuppens
    • 1
  • Nora Cuppens-Boulahia
    • 1
  • David Gross-Amblard
    • 2
  1. 1.Télécom BretagneRennesFrance
  2. 2.IRISAUniversité de Rennes 1RennesFrance

Personalised recommendations