Skip to main content
SpringerLink
Log in

Security Mechanisms Planning to Enforce Security Policies

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9482))

Included in the following conference series:

  • 682 Accesses

Abstract

This paper presents an approach allowing for a given security and utility requirements, the selection of a combination of mechanisms and the way it will be applied to enforce them. To achieve this goal, we firstly use an expressive formal language to specify the security and utility properties required by data owners and the security mechanisms that can be used to enforce them. Second, we extend and use a Graphplan-based approach to build a planning graph representing all possible transformations of the system resulting from the application of security mechanisms. Finally, we define a method to search the best security mechanisms execution plan to transform the used system from its initial state to a state in which the security requirements are enforced.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Databases composed of only one table.

References

  1. Bkakria, A., Cuppens, F., Cuppens-Boulahia, N., Fernandez, J.M., et al.: Confidentiality-preserving query execution of fragmented outsourced data. In: Mustofa, K., Neuhold, E.J., Tjoa, T.J., Weippl, E., You, I. (eds.) ICT-EurAsia 2013. LNCS, vol. 7804, pp. 426–440. Springer, Heidelberg (2013)

    Google Scholar 

  2. Bkakria, A., Cuppens, F., Cuppens-Boulahia, N., Fernandez, J.M., Gross-Amblard, D.: Preserving multi-relational outsourced databases confidentiality using fragmentation and encryption. JoWUA 4(2), 39–62 (2013)

    Google Scholar 

  3. Bkakria, A., Cuppens, F., Cuppens-Boulahia, N., Gross-Amblard, D.: Specification and deployment of integrated security policies for outsourced data. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 17–32. Springer, Heidelberg (2014)

    Google Scholar 

  4. Bkakria, A., Schaad, A., Kerschbaum, F., Cuppens, F., Cuppens-Boulahia, N., Gross-Amblard, D.: Optimized and controlled provisioning of encrypted outsourced data. In: 19th ACM Symposium on Access Control Models and Technologies, SACMAT 2014, London, ON, Canada, 25–27 June 2014, pp. 141–152 (2014)

    Google Scholar 

  5. Blum, A., Furst, M.L.: Fast planning through planning graph analysis. In: Proceedings of the Fourteenth International Joint Conference on Artificial Intelligence, IJCAI 1995, Montréal Québec, Canada, 20–25 August 1995, vol. 2, pp. 1636–1642 (1995)

    Google Scholar 

  6. Boho, A., Van Wallendael, G., Dooms, A., De Cock, J., Braeckman, G., Schelkens, P., Preneel, B., Van de Walle, R.: End-to-end security for video distribution: the combination of encryption, watermarking, and video adaptation. IEEE Sig. Process. Mag. 30(2), 97–107 (2013)

    Article  Google Scholar 

  7. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A., et al.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and encryption to enforce privacy in data storage. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 171–186. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Fikes, R., Nilsson, N.J.: STRIPS: a new approach to the application of theorem proving to problem solving. Artif. Intell. 2(3/4), 189–208 (1971)

    Article  MATH  Google Scholar 

  10. Gabbay, D., Pnueli, A., Shelah, S., Stavi, J.: On the temporal analysis of fairness. In: Proceedings of the 7th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1980, pp. 163–173. ACM, New York (1980)

    Google Scholar 

  11. Gross-Amblard, D.: Query-preserving watermarking of relational databases and xml documents. ACM Trans. Database Syst. 36(1), 3 (2011)

    Article  Google Scholar 

  12. Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, Madison, Wisconsin, 3–6 June 2002, pp. 216–227 (2002)

    Google Scholar 

  13. Kautz, H.A., Selman, B.: Pushing the envelope: planning, propositional logic and stochastic search. In: Proceedings of the Thirteenth National Conference on Artificial Intelligence and Eighth Innovative Applications of Artificial Intelligence Conference, AAAI 1996, IAAI 1996, Portland, Oregon, 4–8 August 1996, vol. 2, pp. 1194–1201 (1996)

    Google Scholar 

  14. Kautz, H.A., Selman, B., Hoffmann, J.: SatPlan: planning as satisfiability. In: Abstracts of the 5th International Planning Competition (2006)

    Google Scholar 

  15. Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, San Diego, California (2004)

    Google Scholar 

  16. Narasimha, M., Tsudik, G.: DSAC: an approach to ensure integrity of outsourced databases using signature aggregation and chaining. IACR Cryptology ePrint Arch. 2005, 297 (2005)

    Google Scholar 

  17. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)

    Google Scholar 

  18. Pipatsrisawat, K., Darwiche, A.: Rsat 2.0: Sat solver description. Technical report (2007)

    Google Scholar 

  19. Popa, R.A., Redfield, Catherine M. S Zeldovich, N., Balakrishnan, H.: Cryptdb: protecting confidentiality with encrypted query processing. In: Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP 2011, Cascais, Portugal, 23–26 October 2011, pp. 85–100 (2011)

    Google Scholar 

  20. Robinson, N., Gretton, C., Pham, D.-N.: Co-plan: combining sat-based planning with forward-search. In: Proceedings of IPC-6 (2008)

    Google Scholar 

  21. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty, Fuzziness Knowl.Based Syst. 10(5), 557–570 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  22. Xiao, L., Yen, I.-L.: Security analysis for order preserving encryption schemes. In: 46th Annual Conference on Information Sciences and Systems, CISS , Princeton, 21–23 March 2012, pp. 1–6 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Télécom Bretagne, Rennes, France

    Anis Bkakria, Frédéric Cuppens & Nora Cuppens-Boulahia

  2. IRISA, Université de Rennes 1, Rennes, France

    David Gross-Amblard

Authors
  1. Anis Bkakria
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Gross-Amblard
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anis Bkakria .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. School of Computer Science, Carleton University, Ottawa, Ontario, Canada

    Evangelos Kranakis

  3. École des Mines de Nancy, Université de Lorraine, Nancy Cedex, France

    Guillaume Bonfante

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Bkakria, A., Cuppens, F., Cuppens-Boulahia, N., Gross-Amblard, D. (2016). Security Mechanisms Planning to Enforce Security Policies. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds) Foundations and Practice of Security. FPS 2015. Lecture Notes in Computer Science(), vol 9482. Springer, Cham. https://doi.org/10.1007/978-3-319-30303-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30303-1_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30302-4

  • Online ISBN: 978-3-319-30303-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation