ABSTRACT
Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.
- Sat4j: Bringing the power of sat technology to the java platform, http://www.sat4j.org/.Google Scholar
- Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf. Design and evaluation of a wide-area event notification service. ACM Transactions on Computer Systems, 19(3):332--383, August 2001. Google ScholarDigital Library
- Guanling Chen, Ming Li, and David Kotz. Design and implementation of a large-scale context fusion network. In Proceedings of the International Conference on Mobile and Ubiquitous Systems: Networking and Services, pages 246--255, August 2004.Google Scholar
- Anind K. Dey, Daniel Salber, and Gregory D. Abowd. A conceptual framework and a toolkit for supporting the rapid prototyping of context-aware applications. Human Computer Interaction Journal, 16(2-4):97--166, 2001. Google ScholarDigital Library
- Josep Domingo-Ferrer, editor. Inference Control in Statistical Databases, From Theory to Practice. Springer-Verlag, London, UK, 2002. Google ScholarDigital Library
- Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. Protection in operating systems. Commun. ACM, 19(8):461--471, 1976. Google ScholarDigital Library
- Jason I. Hong and James A.Landay. An architecture for privacy-sensitive ubiquitous computing. In Proceedings of the international conference on Mobile systems, applications, and services, pages 177--189, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- Marc Langheinrich. Privacy by design- principles of privacy-aware ubiquitous systems. In Proceedings of the International Conference on Ubiquitous Computing (Ubicomp), volume 2201 of Lecture Notes in Computer Science, pages 273--291. Springer-Verlag, 2001. Google ScholarDigital Library
- Ninghui Li and Mahesh V. Tripunitara. On safety in discretionary access control. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 96--109, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
- Ninghui Li, William H. Winsborough, and John C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, page 123, Washington, DC, USA, 2003. IEEE Computer Society. Google ScholarDigital Library
- Zoltan Miklos. Towards an access control mechanism for wide-area publish/subscribe systems. In Proceedings of the International Conference on Distributed Computing Systems, pages 516--524, Washington, DC, USA, 2002. IEEE Computer Society. Google ScholarDigital Library
- Shwetak N. Patel, Matthew S. Reynolds, and Gregory D. Abowd. Detecting human movement by differential air pressure sensing in HVAC system ductwork: An exploration in infrastructure mediated sensing. In Proceedings of the International Conference on Pervasive Computing, Berlin, Ireland, May 2008. Google ScholarDigital Library
- Shwetak N. Patel, Thomas Robertson, Julie A. Kientz1, Matthew S. Reynolds1, and Gregory D. Abowd. At the flick of a switch: Detecting and classifying unique electrical events on the residential power line. In Proceedings of the international conference on Ubiquitous computing, pages 271--288, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- Lauri I. W. Pesonen, David M. Eyers, and Jean Bacon. A capability-based access control architecture for multi-domain publish/subscribe systems. In Proceedings of the International Symposium on Applications on Internet, pages 222--228, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
- Ravi S. Sandhu. The typed access matrix model. In Proceedings of the 1992 IEEE Symposium on Security and Privacy, page 122, Washington, DC, USA, 1992. IEEE Computer Society. Google ScholarDigital Library
- Mark E. Stickel. Elimination of inference channels by optimal upgrading. In Proceedings of the IEEE Symposium on Security and Privacy, page 168, Washington, DC, USA, 1994. IEEE Computer Society. Google ScholarDigital Library
- Tzong-An Su and Gultekin Ozsoyoglu. Controlling FD and MVD inferences in multilevel relational database systems. IEEE Transactions on Knowledge and Data Engineering, 3(4):474--485, 1991. Google ScholarDigital Library
- David Sutherland. A model of information. In Proceedings of the National Computer Security Conference, pages 175--183, September 1986.Google Scholar
- William H. Winsborough and Ninghui Li. Safety in automated trust negotiation. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 147--160. IEEE Computer Society, May 2004.Google Scholar
- Yuanyuan Zhao and Daniel C. Sturman. Dynamic access control in a content-based publish/subscribe system with delivery guarantees. In Proceedings of the IEEE International Conference on Distributed Computing Systems, page 60, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
Index Terms
- Safety in discretionary access control for logic-based publish-subscribe systems
Recommendations
Safety analysis of usage control authorization models
ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications securityThe usage control (UCON) model was introduced as a unified approach to capture a number of extensions for traditional access control models. While the policy specification flexibility and expressive power of this model have been studied in previous work,...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
A Framework for Access Control with Inference Constraints
COMPSAC '11: Proceedings of the 2011 IEEE 35th Annual Computer Software and Applications ConferenceIn this paper we present an approach for investigating the feasibility of reducing inference control to access control, as the latter is a more desirable means of preventing unauthorized access to sensitive data. Access control is preferable over ...
Comments