www.dbebooks.com - Free Books & magazines Secure Data Management in Decentralized Systems Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfa, VA 22030-4444 email: jaiodia@nmu.edu The goals of the Springer International Series on ADVANCES IN INFORMATION SECURITY are, one, to establish the state of the art of, and set the course for future research in information security and, two, to serve as a central reference source for advanced and timely topics in information security research and development. The scope of this series includes all aspects of computer and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or that contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treatment. Researchers, as well as developers, are encouraged to contact Professor Sushil Jajodia with ideas for books under this series. Additional titles in the series: NETWORK SECURITY POLICIES AND PROCEDURES by Douglas W. Frye; ISBN: O- 387-30937-3 DATA WAREHOUSING AND DATA MINING TECHNIQUES FOR CYBER SECURITY by Anoop Singhal; ISBN: 978-0-387-26409-7 SECURE LOCALIZATION AND TIME SYNCHRONIZATION FOR WIRELESS SENSOR AND AD HOC NETWORKS edited by Radha Poovcndran, Cliff Wang, and Sumit Roy; ISBN: 0-387-32721-5 PRESERVING PRIVACY IN ON-LINE ANALYTICAL PROCESSING (OLAP) by Lingyu Wang, Sushil Jajodia and Duminda Wijesekera; ISBN: 978-0-387-46273-8 SECURITY FOR WIRELESS SENSOR NETWORKS by Donggang Liu and Peng Ning; ISBN: 978-0-387-32723-5 MALWARE DETECTION edited by Somesh Jha, Cliff Wang, Mihai Christodorescu, Dawn Song, and Douglas Maughan; ISBN: 978-0-387-32720-4 ELECTRONIC POSTAGE SYSTEMS: Technology, Security, Economics by Gerrit Bleumer; ISBN: 978-0-387-29313-2 MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMS by Jintai Ding, Jason E. Gower and Dieter Schmidt; ISBN-13: 978-0-378-32229-2 UNDERSTANDING INTRUSION DETECTION THROUGH VISUALIZATION by Stefan Axelsson; ISBN-10: 0-387-27634-3 QUALITY OF PROTECTION: Security Measurements and Metrics by Dieter Gollmann, Fabio Massacci and Artsiom Yautsiukhin; ISBN-10: 0-387-29016-8 COMPUTER VIRUSES AND MALWARE by John Aycock; ISBN-10: 0-387-30236-0 Additional information about this series can be obtained from http:Nwww.springer.com Secure Data Management in Decentralized Systems edited by Ting Yu North Carolina State University USA Sushi1 Jajodia George Mason University USA Ting Yu Sushi1 Jajodia North Carolina State University George Mason University Dept. Computer Science Center for Secure Information Systems 3254 EB I1 4400 University Drive Raleigh NC 27695 Fairfax VA 22030-4444 yu@csc.ncsu.edu jajodia@gmu.edu Library of Congress Control Number: 2006934665 SECURE DATA MANAGEMENT IN DECENTRALIZED SYSTEMS edited by Ting Yu and Sushil Jajodia ISBN- 13: 978-0-387-27694-6 ISBN- 10: 0-387-27694-7 e-ISBN-13: 978-0-387-27696-0 e-ISBN- 10: 0-387-27696-3 Printed on acid-free paper. O 2007 Springer Science+Business Media, LLC All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now know or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if the are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed in the United States of America. Contents Preface VII Part I Foundation Basic Security Concepts Sushi1 Jajodia, Ting Yu 3 Access Control Policies and Languages in Open Environments S. De Capitani di Vimercati, S. Foresti, S. Jajodia, I! Samarati 21 Trusted Recovery Meng Yu, Peng Liu, Wanyu Zang, Sushi1 Jajodia 59 Part I1 Access Control for Semi-structured Data Access Control Policy Models for XML Michiharu Kudo, Naizhen Qi 97 Optimizing Tree Pattern Queries over Secure XML Databases Hui Wang, Divesh Srivastava, Laks VS. Lakshmanan, SungRan Cho, Sihem Amer-Yahia 127 Part I11 Distributed Trust Management Rule-based Policy Specification Grigoris Antoniou, Matteo Baldoni, Piero A. Bonatti, Wolfgang Nejdl, Daniel Olmedilla 169 Automated lkust Negotiation in Open Systems Adam J. Lee, Kent E. Seamons, Marianne Winslett, Ting Yu .2 17 VI Contents Building Trust and Security in Peer-to-Peer Systems Terry Bearly, Vijay Kumar .259 Part IV Privacy in Cross-Domain Information Sharing Microdata Protection V Ciriani, S. De Capitani di Vimercati, S. Foresti, l? Samarati .291 k-Anonymity V Ciriani, S. De Capitani di Vimercati, S. Foresti, l? Samarati ,323 Preserving Privacy in On-line Analytical Processing Data Cubes Lingyu Wang, Sushi1 Jajodia, Duminda Wijesekera ,355 Part V Security in Emerging Data Services Search on Encrypted Data Hakan Hacigumu~, Bijit Hore, Bala Iyer, Sharad Mehrotra .383 Rights Assessment for Relational Data RaduSion 427 Index 459 Preface Database security is one of the classical topics in the research of information system security. Ever since the early years of database management systems, a great deal of research activity has been conducted. Fruitful results have been produced, many of which are widely adopted in commercial and military database management systems. In recent years, the research scope of database security has been greatly expanded due to the rapid development of the global internetworked infrastructure. Databases are no longer stand-alone systems that are only accessible to internal users of or- ganizations. Instead, allowing selective access from different security domains has become a must for many business practices. Many of the assumptions and problems in traditional databases need to be revisited and readdressed in decentralized envi- ronments. Further, the Internet and the Web offer means for collecting and sharing data with unprecedented flexibility and convenience. New data services are emerg- ing every day, which also bring new challenges to protect of data security. We have witnessed many exciting research works toward identifying and addressing such new challenges. We feel it is necessary to summarize and systematically present works in these new areas to researchers. This book presents a collection of essays, covering a wide range of today's active areas closely related to database security organized as follows. In Part I, We review classical work in database security, and report their recent advances and necessary extensions. In Part 11, We shift our focus to security of the Extensible Markup Lan- guage (XML) and other new data models. The need for cross-domain resource and information sharing dramatically changes the approaches to access control. In Part 111, we present the active work in distributed trust management, including rule-based policies, trust negotiation and security in peer-to-peer systems. Privacy has increas- ingly become a big concern to Internet users, especially when information may be collected online through all kinds of channels. In Part IV, privacy protection efforts from the database community are presented. Topics include micro data release and k-anonymity. In Part V, we include two essays, which are about challenges in the database-as-a-service model and database watermarking. The audience of this book includes graduate students and researchers in secure data management, especially in the context of the Internet. This book serves as help- VIII Preface ful supplementary reading material for graduate-level information system security courses. We would like to express our sincere thanks to Li Wu Chang (Naval Research Laboratory), Rohit Gupta (Iowa State University), Yingjiu Li (Singapore Manage- ment University), Gerome Miklau (University of Massachusetts, Amherst), Clifford B. Neuman (University of Southern California), Tatyana Ryutov (Information Sci- ences Institute), and Yuqing Wu (Indiana University) for their valuable and insightful comments on the chapters of this book. Ting Yu Sushi1 Jajodia Part I Foundation [...]... if the information in object A can flow into object B Information in A can flow into B only if A 5 B As a result, information can either flow upward along the security lattice or stay at the same security class Although there are security models based on information flow, determining information flow is much more complex than determining accesses Thus, its use in computer security is restricted to special... Implicit Information Flows In a lattice-based model, the goal is to regulate the flow of information among objects As a simple example of information flow, consider the program fragment given below: i f (A = 1) D := B else D := C ; Obviously, there is an explicit information flow from B and C into D since the information in B and C is transferred into D However, there is another implicit information... important aspect of information security Besides educating users about good security practices, a secure system should also be designed to be intuitive and user-friendly Though the importance of this principle is well recognized, realizing it in real systems is still a challenging problem References 1 Ross Aderson and Markus Kuhn Tampter Resistance - A Cautionary Note In Proceedings of the 2nd Workshop... and Languages in Open Environments S De Capitani di Vimercatil, S Foresti', S Jajodia2, and P Samarati' Universitit degli Studi di Milano {decapita, foresti, samarati}@dti.unimi.it Center of Secure Information Systems George Mason University jajodia@gmu.edu 1 Introduction Access control is the process of mediating every request to resources and data maintained by a system and determining whether the... memory and disk management Since these parts are shared by multiple users, the way they are managed must be inside the kernel Since trusted subjects are essential for performing certain legitimate tasks, they are implemented as extensions of the security kernel Clearly, trusted subjects must be carefully engineered since it is critical that they work properly 6 Conclusion In this chapter, we introduced... we introduced the basic concepts and terminologies in information system security To build a secure system requires careful integration of security 20 Sushi1 Jajodia and Ting Y u policies, mechanisms and assurance In particular, a system's security is always constrained by available resources, e g , funding and time It is often not practical to have the most stringent security requirements and adopt... Jajodial and Ting Yu2 ' Center of Secure Information Systems George Mason Unversity jajodia@gmu.edu North Carolina State University yu@csc.ncsu.edu 1 Introduction The computer security problem is an adversary problem: there is an adversary who seeks to misuse the storage, processing, or transmittal of data to gain advantage The misuse is classified as either unauthorized observation of data, unauthorized... dominated by L2 (and, equivalently, L2 dominates L1)if L1 5 L2 We use 4 to denote strict domination Thus, L1 is strictly dominated by L2 (and, equivalently, L2 strictly dominates L1),written L1 < L2, if L1 5 L2,but L1 # L2 Since 5 is a partial order, it is possible to have two security classes L1 and L2 such that neither L1 dominates L2 nor L2 dominates L1, in which case L1 and L2 are said to be incomparable... change in the policy would require changing the whole access control system; mechanisms able to enforce multiple policies avoid this drawback The formalization phase between the policy definition and its implementation as a mechanism allows the definition of a formal model representing the policy and its working, making it possible to define and prove security properties that systems enforcing the... - / \ \ / Admin-Sta f f / Secretary Operative-Staf f \ Manager Local-Chie f Fig 3 An example of role hierarchy Users (U) are entities requesting access to objects Abstractions can be defined within the domain of users Intuitively, abstractions allow to define group of users Users together with their groups, denoted G, define a partial order that introduces a hierarchy on the user domain Figure 1 illustrates . Free Books & magazines Secure Data Management in Decentralized Systems Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason. Preserving Privacy in On-line Analytical Processing Data Cubes Lingyu Wang, Sushi1 Jajodia, Duminda Wijesekera ,355 Part V Security in Emerging Data Services Search on Encrypted Data Hakan. Marianne Winslett, Ting Yu .2 17 VI Contents Building Trust and Security in Peer-to-Peer Systems Terry Bearly, Vijay Kumar .259 Part IV Privacy in Cross-Domain Information Sharing Microdata