Protection in operating systems
Communications of the ACM
Design and evaluation of a wide-area event notification service
ACM Transactions on Computer Systems (TOCS)
Controlling FD and MVD Inferences in Multilevel Relational Database Systems
IEEE Transactions on Knowledge and Data Engineering
Inference Control in Statistical Databases, From Theory to Practice
Inference Control in Statistical Databases, From Theory to Practice
Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems
ICDCSW '02 Proceedings of the 22nd International Conference on Distributed Computing Systems
Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems
UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Elimination of Inference Channels by Optimal Upgrading
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
An architecture for privacy-sensitive ubiquitous computing
Proceedings of the 2nd international conference on Mobile systems, applications, and services
On Safety in Discretionary Access Control
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems
SAINT '06 Proceedings of the International Symposium on Applications on Internet
Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Human-Computer Interaction
UbiComp '07 Proceedings of the 9th international conference on Ubiquitous computing
Hi-index | 0.00 |
Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.