A Formal Study of Collaborative Access Control in Distributed Datalog

A Formal Study of Collaborative Access Control in Distributed Datalog

Authors Serge Abiteboul, Pierre Bourhis, Victor Vianu



PDF
Thumbnail PDF

File

LIPIcs.ICDT.2016.10.pdf
  • Filesize: 0.49 MB
  • 17 pages

Document Identifiers

Author Details

Serge Abiteboul
Pierre Bourhis
Victor Vianu

Cite As Get BibTex

Serge Abiteboul, Pierre Bourhis, and Victor Vianu. A Formal Study of Collaborative Access Control in Distributed Datalog. In 19th International Conference on Database Theory (ICDT 2016). Leibniz International Proceedings in Informatics (LIPIcs), Volume 48, pp. 10:1-10:17, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2016) https://doi.org/10.4230/LIPIcs.ICDT.2016.10

Abstract

We formalize and study a declaratively specified collaborative access control mechanism for data dissemination in a distributed environment. Data dissemination is specified using distributed datalog. Access control is also defined by datalog-style rules, at the relation level for extensional relations, and at the tuple level for intensional ones, based on the derivation of tuples. The model also includes a mechanism for "declassifying" data, that allows circumventing overly restrictive access control. We consider the complexity of determining whether a peer is allowed to access a given fact, and address the problem of achieving the goal of disseminating certain information under some access control policy. We also investigate the problem of information leakage, which occurs when a peer is able to infer facts to which the peer is not allowed access by the policy.  Finally, we consider access control extended to facts equipped with provenance information, motivated by  the many applications where such information is required. We provide semantics for access control with provenance, and establish the complexity of determining whether a peer may access a given fact together with its provenance. This work is motivated by the access control of the Webdamlog system, whose core features it formalizes.

Subject Classification

Keywords
  • Distributed datalog
  • access control
  • provenance

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Martin Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A calculus for access control in distributed systems. In ACM Trans. Program. Lang. Syst., pages 706-734, 1993. Google Scholar
  2. Serge Abiteboul, Emilien Antoine, Gerome Miklau, Julia Stoyanovich, and Jules Testard. [Demo] rule-based application development using WebdamLog. In SIGMOD, 2013. Google Scholar
  3. Serge Abiteboul, Meghyn Bienvenu, Alban Galland, and Emilien Antoine. A rule-based language for Web data management. In PODS, 2011. Google Scholar
  4. Serge Abiteboul and Oliver M Duschka. Complexity of answering queries using materialized views. In PODS, pages 254-263. ACM, 1998. Google Scholar
  5. Serge Abiteboul, Alban Galland, and Neoklis Polyzotis. A model for web information management with access control. In WebDB Workshop, 2011. Google Scholar
  6. Serge Abiteboul, Richard Hull, and Victor Vianu. Foundations of Databases. Addison-Wesley, 1995. Google Scholar
  7. Y. Amsterdamer, D. Deutch, and V. Tannen. Provenance for aggregate queries. In PODS, 2011. Google Scholar
  8. Vince Bárány, Balder ten Cate, and Martin Otto. Queries with guarded negation. PVLDB, 5(11):1328-1339, 2012. Google Scholar
  9. Berkeley Orders Of Magnitude Project. Bloom programming language. URL: http://www.bloom-lang.net/.
  10. Elisa Bertino and Ravi Sandhu. Database security-concepts, approaches, and challenges. Dependable and Secure Computing, IEEE Transactions on, 2(1):2-19, 2005. Google Scholar
  11. Anthony Bonner. Transaction datalog: A compositional language for transaction programming. In DBPL. Springer, 1997. Google Scholar
  12. Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, and Bhavani Thuraisingham. A semantic web based framework for social network access control. In SACMAT, pages 177-186, 2009. URL: http://dx.doi.org/10.1145/1542207.1542237.
  13. Surajit Chaudhuri, Tanmoy Dutta, and S Sudarshan. Fine grained authorization through predicated grants. In ICDE, pages 1174-1183. IEEE, 2007. Google Scholar
  14. Elena Ferrari. Access Control in Data Management Systems. Synthesis Lectures on Data Management. Morgan &Claypool Publishers, 2010. Google Scholar
  15. Todd J. Green, Grigoris Karvounarakis, and Val Tannen. Provenance semirings. In PODS, pages 31-40, 2007. Google Scholar
  16. Guy Hulin. Parallel processing of recursive queries in distributed architectures. In VLDB, pages 87-96, San Francisco, CA, USA, 1989. Morgan Kaufmann Publishers Inc. Google Scholar
  17. Avinash Lakshman and Prashant Malik. Cassandra: A decentralized structured storage system. SIGOPS Oper. Syst. Rev., 44(2):35-40, 2010. Google Scholar
  18. Kristen LeFevre, Rakesh Agrawal, Vuk Ercegovac, Raghu Ramakrishnan, Yirong Xu, and David DeWitt. Limiting disclosure in hippocratic databases. In VLDB, pages 108-119. VLDB Endowment, 2004. Google Scholar
  19. Vera Zaychik Moffit, Julia Stoyanovich, Serge Abiteboul, and Gerome Miklau. Collaborative access control in WebdamLog. In SIGMOD, 2015. Google Scholar
  20. Wolfgang Nejdl, Stefano Ceri, and Gio Wiederhold. Evaluating recursive queries in distributed databases. Knowledge and Data Engineering, IEEE Transactions on, 5(1):104-121, 1993. Google Scholar
  21. Lars E. Olson, Carl A. Gunter, and P. Madhusudan. A formal framework for reflective database access control policies. In CCS'08: Proceedings of the 15th ACM conference on Computer and communications security, pages 289-298, New York, NY, USA, 2008. ACM. URL: http://dx.doi.org/10.1145/1455770.1455808.
  22. M. Tamer Özsu and Patrick Valduriez. Principles of Distributed Database Systems, Third Edition. Springer, 2011. Google Scholar
  23. Jaehong Park, Dang Nguyen, and R. Sandhu. A provenance-based access control model. In International Conference on Privacy, Security and Trust, pages 137-144, 2012. URL: http://dx.doi.org/10.1109/PST.2012.6297930.
  24. Anand Rajaraman, Yehoshua Sagiv, and Jeffrey D Ullman. Answering queries using templates with binding patterns. In PODS, pages 105-112. ACM, 1995. Google Scholar
  25. Shariq Rizvi, Alberto Mendelzon, S. Sudarshan, and Prasan Roy. Extending query rewriting techniques for fine-grained access control. In SIGMOD, pages 551-562, New York, NY, USA, 2004. ACM Press. URL: http://dx.doi.org/10.1145/1007568.1007631.
  26. Patricia G. Selinger, Morton M. Astrahan, Donald D. Chamberlin, Raymond A. Lorie, and Thomas G. Price. Access path selection in a relational database management system. In SIGMOD Conference, pages 23-34, 1979. Google Scholar
  27. Michael Stonebraker, Gerald Held, Eugene Wong, and Peter Kreps. The design and implementation of INGRES. ACM Trans. Database Syst., 1(3):189-222, September 1976. URL: http://dx.doi.org/10.1145/320473.320476.
  28. Prasang Upadhyaya, Magdalena Balazinska, and Dan Suciu. Automatic enforcement of data use policies with datalawyer. In SIGMOD, pages 213-225, 2015. Google Scholar
  29. Qihua Wang, Ting Yu, Ninghui Li, Jorge Lobo, Elisa Bertino, Keith Irwin, and Ji-Won Byun. On the correctness criteria of fine-grained access control in relational databases. In VLDB, pages 555-566, 2007. Google Scholar
  30. Hong Zhu, Jie Shi, Yuanzhen Wang, and Yucai Feng. Controlling information leakage of fine-grained access model in dbmss. In WAIM, pages 583-590. IEEE, 2008. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail