Safety in discretionary access control for logic-based publish-subscribe systems

Authors:
Kazuhiro Minami;Nikita Borisov;Carl A. Gunter
Affiliations:
University of Illinois at Urbana-Champaign, Urbana, IL, USA;University of Illinois at Urbana-Champaign, Urbana, IL, USA;University of Illinois at Urbana-Champaign, Urbana, IL, Uae
Venue:
Proceedings of the 14th ACM symposium on Access control models and technologies
Year:
2009

Citing 15
Cited 0

Protection in operating systems

Communications of the ACM
Design and evaluation of a wide-area event notification service

ACM Transactions on Computer Systems (TOCS)
Controlling FD and MVD Inferences in Multilevel Relational Database Systems

IEEE Transactions on Knowledge and Data Engineering
Inference Control in Statistical Databases, From Theory to Practice

Inference Control in Statistical Databases, From Theory to Practice
Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems

ICDCSW '02 Proceedings of the 22nd International Conference on Distributed Computing Systems
Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems

UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
The Typed Access Matrix Model

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Elimination of Inference Channels by Optimal Upgrading

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
An architecture for privacy-sensitive ubiquitous computing

Proceedings of the 2nd international conference on Mobile systems, applications, and services
On Safety in Discretionary Access Control

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems

SAINT '06 Proceedings of the International Symposium on Applications on Internet
Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees

ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
A conceptual framework and a toolkit for supporting the rapid prototyping of context-aware applications

Human-Computer Interaction
At the flick of a switch: detecting and classifying unique electrical events on the residential power line

UbiComp '07 Proceedings of the 9th international conference on Ubiquitous computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.