fQuery: SPARQL query rewriting to enforce data confidentiality

Authors:
Said Oulmakhzoune;Nora Cuppens-Boulahia;Frédéric Cuppens;Stephane Morucci
Affiliations:
IT, Telecom-Bretagne, Cesson Sevigne, France;IT, Telecom-Bretagne, Cesson Sevigne, France;IT, Telecom-Bretagne, Cesson Sevigne, France;Swid, Rennes, France
Venue:
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Year:
2010

Citing 10
Cited 2

XML document security based on provisional authorization

Proceedings of the 7th ACM conference on Computer and communications security
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
A fine-grained access control system for XML documents

ACM Transactions on Information and System Security (TISSEC)
Access control in a relational data base management system by query modification

ACM '74 Proceedings of the 1974 annual conference - Volume 1
Organization based access control

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Extending query rewriting techniques for fine-grained access control

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
The case for access control on XML relationships

Proceedings of the 14th ACM international conference on Information and knowledge management
On the correctness criteria of fine-grained access control in relational databases

VLDB '07 Proceedings of the 33rd international conference on Very large data bases
A formal access control model for XML databases

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Protection of relationships in XML documents with the XML-BB model

ICISS'05 Proceedings of the First international conference on Information Systems Security

Rewriting of SPARQL/update queries for securing data access

ICICS'10 Proceedings of the 12th international conference on Information and communications security
PAIRSE: a privacy-preserving service-oriented data integration system

ACM SIGMOD Record

Quantified Score

Hi-index	0.00

Visualization

Abstract

RDF is an increasingly used framework for describing Web resources, including sensitive and confidential resources. In this context, we need an expressive language to query RDF databases. SPARQL has been defined to easily localize and extract data in an RDF graph. Since confidential data are accessed, SPARQL queries must be filtered so that only authorized data are returned with respect to some confidentiality policy. In this paper, we model a confidentiality policy as a set of positive and negative filters (corresponding respectively to permissions and prohibitions) that apply to SPARQL queries. We then define rewriting algorithms that transform the queries so that the results returned by transformed queries are compliant with the confidentiality policy.