ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Safety in discretionary access control for logic-based publish-subscribe systems
Full text PdfPdf (522 KB)
Source
Symposium on Access Control Models and Technologies archive
Proceedings of the 14th ACM symposium on Access control models and technologies table of contents
Stresa, Italy
SESSION: Security analysis and verification table of contents
Pages 3-12  
Year of Publication: 2009
ISBN:978-1-60558-537-6
Authors
Kazuhiro Minami  University of Illinois at Urbana-Champaign, Urbana, IL, USA
Nikita Borisov  University of Illinois at Urbana-Champaign, Urbana, IL, USA
Carl A. Gunter  University of Illinois at Urbana-Champaign, Urbana, IL, Uae
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 64,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1542207.1542211
What is a DOI?

ABSTRACT

Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Sat4j: Bringing the power of sat technology to the java platform, http://www.sat4j.org/.
2
Antonio Carzaniga , David S. Rosenblum , Alexander L. Wolf, Design and evaluation of a wide-area event notification service, ACM Transactions on Computer Systems (TOCS), v.19 n.3, p.332-383, Aug. 2001  [doi>10.1145/380749.380767]
 
3
Guanling Chen, Ming Li, and David Kotz. Design and implementation of a large-scale context fusion network. In Proceedings of the International Conference on Mobile and Ubiquitous Systems: Networking and Services, pages 246--255, August 2004.
 
4
Anind K. Dey , Gregory D. Abowd , Daniel Salber, A conceptual framework and a toolkit for supporting the rapid prototyping of context-aware applications, Human-Computer Interaction, v.16 n.2, p.97-166, December 2001  [doi>10.1207/S15327051HCI16234_02]
 
5
Inference Control in Statistical Databases, From Theory to Practice, January 2002
6
Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976  [doi>10.1145/360303.360333]
7
Jason I. Hong , James A. Landay, An architecture for privacy-sensitive ubiquitous computing, Proceedings of the 2nd international conference on Mobile systems, applications, and services, June 06-09, 2004, Boston, MA, USA  [doi>10.1145/990064.990087]
 
8
Marc Langheinrich, Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems, Proceedings of the 3rd international conference on Ubiquitous Computing, p.273-291, September 30-October 02, 2001, Atlanta, Georgia, USA
 
9
Ninghui Li , Mahesh V. Tripunitara, On Safety in Discretionary Access Control, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.96-109, May 08-11, 2005  [doi>10.1109/SP.2005.14]
 
10
Ninghui Li , William H. Winsborough , John C. Mitchell, Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.123, May 11-14, 2003
 
11
Zoltán Miklós, Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems, Proceedings of the 22nd International Conference on Distributed Computing Systems, p.516-524, July 02-05, 2002
 
12
Shwetak N. Patel , Matthew S. Reynolds , Gregory D. Abowd, Detecting Human Movement by Differential Air Pressure Sensing in HVAC System Ductwork: An Exploration in Infrastructure Mediated Sensing, Proceedings of the 6th International Conference on Pervasive Computing, May 19-22, 2008, Sydney, Australia  [doi>10.1007/978-3-540-79576-6_1]
 
13
Shwetak N. Patel, Thomas Robertson, Julie A. Kientz1, Matthew S. Reynolds1, and Gregory D. Abowd. At the flick of a switch: Detecting and classifying unique electrical events on the residential power line. In Proceedings of the international conference on Ubiquitous computing, pages 271--288, New York, NY, USA, 2007. ACM.
 
14
Lauri I. W. Pesonen , David M. Eyers , Jean Bacon, A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems, Proceedings of the International Symposium on Applications on Internet, p.222-228, January 23-27, 2006  [doi>10.1109/SAINT.2006.1]
 
15
Ravi S. Sandhu, The Typed Access Matrix Model, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.122, May 04-06, 1992
 
16
Mark E. Stickel, Elimination of Inference Channels by Optimal Upgrading, Proceedings of the 1994 IEEE Symposium on Security and Privacy, p.168, May 16-18, 1994
 
17
T. -A. Su , G. Ozsoyoglu, Controlling FD and MVD Inferences in Multilevel Relational Database Systems, IEEE Transactions on Knowledge and Data Engineering, v.3 n.4, p.474-485, December 1991  [doi>10.1109/69.109108]
 
18
David Sutherland. A model of information. In Proceedings of the National Computer Security Conference, pages 175--183, September 1986.
 
19
William H. Winsborough and Ninghui Li. Safety in automated trust negotiation. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 147--160. IEEE Computer Society, May 2004.
 
20
Yuanyuan Zhao , Daniel C. Sturman, Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees, Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, p.60, July 04-07, 2006  [doi>10.1109/ICDCS.2006.32]

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.4 Distributed Systems
          Subjects: Distributed applications


General Terms:
Security


Keywords:
access control, inference control, logical language, publish-subscribe system, safety

Collaborative Colleagues:
Kazuhiro Minami: colleagues
Nikita Borisov: colleagues
Carl A. Gunter: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player