A security model for full-text file system search in multi-user environments

Authors:
Stefan Büttcher;Charles L. A. Clarke
Affiliations:
School of Computer Science, University of Waterloo, Waterloo, Ontario, Canada;School of Computer Science, University of Waterloo, Waterloo, Ontario, Canada
Venue:
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Year:
2005

Citing 13
Cited 6

Implementations of partial document ranking using inverted files

Information Processing and Management: an International Journal
Database security: research and practice

Information Systems
Query evaluation: strategies and optimizations

Information Processing and Management: an International Journal
Filtered document retrieval with frequency-sorted indexes

Journal of the American Society for Information Science
Real life information retrieval: a study of user queries on the Web

ACM SIGIR Forum
On an authorization mechanism

ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system

ACM Transactions on Database Systems (TODS)
The UNIX time-sharing system

Communications of the ACM
An Extended Authorization Model for Relational Databases

IEEE Transactions on Knowledge and Data Engineering
Adding Full Text Indexing to the Operating System

ICDE '97 Proceedings of the Thirteenth International Conference on Data Engineering
Fast Incremental Indexing for Full-Text Information Retrieval

VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Efficient single-pass index construction for text databases

Journal of the American Society for Information Science and Technology
In-place versus re-build versus re-merge: index maintenance strategies for text retrieval systems

ACSC '04 Proceedings of the 27th Australasian conference on Computer science - Volume 26

Zerber: r-confidential indexing for distributed documents

EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
Privacy preserving document indexing infrastructure for a distributed environment

Proceedings of the VLDB Endowment
Zerber+R: top-k retrieval from a confidential index

Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
Spyglass: fast, scalable metadata search for large-scale storage systems

FAST '09 Proccedings of the 7th conference on File and storage technologies
Search-as-a-service: Outsourced search over outsourced storage

ACM Transactions on the Web (TWEB)
Search in social networks with access control

Proceedings of the 2nd International Workshop on Keyword Search on Structured Data

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most desktop search systems maintain per-user indices to keep track of file contents. In a multi-user environment, this is not a viable solution, because the same file has to be indexed many times, once for every user that may access the file, causing both space and performance problems. Having a single system-wide index for all users, on the other hand, allows for efficient indexing but requires special security mechanisms to guarantee that the search results do not violate any file permissions. We present a security model for full-text file system search, based on the UNIX security model, and discuss two possible implementations of the model. We show that the first implementation, based on a postprocessing approach, allows an arbitrary user to obtain information about the content of files for which he does not have read permission. The second implementation does not share this problem. We give an experimental performance evaluation for both implementations and point out query optimization opportunities for the second one.