research-article

An authorization model for multi provider queries

Authors:

Sabrina De Capitani di Vimercati,

Sushil Jajodia,

Giovanni Livraga,

Stefano Paraboschi,

Pierangela SamaratiAuthors Info & Claims

Proceedings of the VLDB Endowment, Volume 11, Issue 3

Pages 256 - 268

https://doi.org/10.14778/3157794.3157796

Published: 01 November 2017 Publication History

Abstract

We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced in the query execution by possibly restricting operation assignments to other parties and by adjusting visibility of data on-the-fly. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.

References

[1]

R. Agrawal, D. Asonov, M. Kantarcioglu, and Y. Li. Sovereign joins. In Proc. of ICDE, Atlanta, GA, April 2006.

Digital Library

[2]

M. Armbrust, R. S. Xin, C. Lian, Y. Huai, D. Liu, J. K. Bradley, X. Meng, T. Kaftan, M. J. Franklin, A. Ghodsi, and M. Zaharia. Spark SQL: Relational data processing in Spark. In Proc. of SIGMOD, pages 1383--1394, Melbourne, Australia, May-June 2015.

Digital Library

[3]

J. Bater, G. Elliott, C. Eggen, S. Goel, A. Kho, and J. Duggan. SMCQL: Secure query processing for private data networks. PVLDB, 10(6):673--684, 2017.

Digital Library

[4]

M. Benedikt, J. Leblay, and E. Tsamoura. Querying with access patterns and integrity constraints. PVLDB, 8(6):690--701, 2015.

Digital Library

[5]

S. S. Chow, J.-H. Lee, and L. Subramanian. Two-party computation model for privacy-preserving queries over distributed databases. In Proc. of NDSS, San Diego, CA, February 2009.

[6]

J. Cohen, B. Dolan, M. Dunlap, J. M. Hellerstein, and C. Welton. Mad skills: New analysis practices for big data. PVLDB, 2(2):1481--1492, 2009.

Digital Library

[7]

S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, and P. Samarati. Fragmentation in presence of data dependencies. IEEE TDSC, 11(6):510--523, 2014.

[8]

S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Authorization enforcement in distributed query evaluation. JCS, 19(4):751--794, 2011.

Digital Library

[9]

S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Efficient integrity checks for join queries in the cloud. JCS, 24(3):347--378, 2016.

[10]

S. De Capitani di Vimercati, S. Foresti, G. Livraga, and P. Samarati. Practical techniques building on encryption for protecting and managing data in the cloud. In P. Ryan, D. Naccache, and J.-J. Quisquater, editors, Festschrift for David Kahn, pages 205--239. Springer, 2016.

Digital Library

[11]

N. Farnan, A. Lee, P. Chrysanthis, and T. Yu. PAQO: Preference-aware query optimization for decentralized database systems. In Proc. of ICDE, pages 424--435, Chicago, IL, March-April 2014.

[12]

P. Grofig et al. Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data. In Proc. of Sicherheit, pages 115--125, Vienna, Austria, March 2014.

[13]

M. Guarnieri and D. Basin. Optimal security-aware query processing. PVLDB, 7(12):1307--1318, 2014.

Digital Library

[14]

H. Hacigümüs, B. Iyer, S. Mehrotra, and C. Li. Executing SQL over encrypted data in the database-service-provider model. In Proc. of SIGMOD, pages216--227, Madison, WI, June 2002.

Digital Library

[15]

D. Kossmann. The state of the art in distributed query processing. ACM CSUR, 32(4):422--469, 2000.

Digital Library

[16]

M. M. Kwakye and K. Barker. Privacy-preservation in the integration and querying of multidimensional data models. In Proc of PST, pages 255--263, Auckland, New Zealand, December 2016.

[17]

A. Y. Levy, D. Srivastava, and T. Kirk. Data model and query evaluation in global information systems. JIIS, 5(2):121--143, 1995.

Digital Library

[18]

K. Y. Oktay, M. Kantarcioglu, and S. Mehrotra. Secure and efficient query processing over hybrid clouds. In Proc. of ICDE, pages 733--744, San Diego, CA, April 2017.

[19]

R. Popa, C. Redfield, N. Zeldovich, and H. Balakrishnan. CryptDB: Protecting confidentiality with encrypted query processing. In Proc. of SOSP, pages 85--100, Cascais, Portugal, October 2011.

Digital Library

[20]

A. Rheinländer, U. Leser, and G. Graefe. Optimization of complex dataflows with user-defined functions. ACM CSUR, 50(3):38:1--38:39, 2017.

Digital Library

[21]

S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy. Extending query rewriting techniques for fine-grained access control. In Proc. of SIGMOD, pages 551--562, Paris, France, June 2004.

Digital Library

[22]

S. Tu, M. Kaashoek, S. Madden, and N. Zeldovich. Processing analytical queries over encrypted data. PVLDB, 6(5):289--300, 2013.

Digital Library

[23]

J. Vaidya. Privacy in the context of digital government. In Proc. of DG.O, pages 302--303, College Park, MD, June 2012.

Digital Library

[24]

Q. Zeng, M. Zhao, P. Liu, P. Yadav, S. Calo, and J. Lobo. Enforcement of autonomous authorizations in collaborative distributed query evaluation. IEEE TKDE, 27(4):979--992, 2015.

Cited By

Salvaneschi GKöhler MSokolowski DHaller PErdweg SMezini M(2019)Language-integrated privacy-aware distributed queriesProceedings of the ACM on Programming Languages10.1145/33605933:OOPSLA(1-30)Online publication date: 10-Oct-2019
https://dl.acm.org/doi/10.1145/3360593
Dimitrova EChrysanthis PLee AHung CPapadopoulos G(2019)Authorization-aware optimization for multi-provider queriesProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3299731(431-438)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3299731

An authorization model for multi provider queries
1. Information systems
  1. Data management systems
    1. Database management system engines
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory

Recommendations

Authorization-aware optimization for multi-provider queries
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

The sharing of sensitive personal information via cloud platforms motivates the need for measures that aim to minimize information leakage to unauthorized users. In this work, we propose a novel SQL optimizer that strikes a balance between query runtime ...
PERMIS: a modular authorization infrastructure
UK e-Science All Hands Meeting 2006

Authorization infrastructures manage privileges and render access control decisions, allowing applications to adjust their behavior according to the privileges allocated to users. This paper describes the PERMIS role-based authorization infrastructure ...
An Extended Permission-Based Delegation Authorization Model
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03

The characteristics of delegation are analyzed and defined in this paper, including time, totality, level, multi-delegation, agreement and revocation. Based on RBAC, an extended role and permission-based delegation model is redefined by separating ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the VLDB Endowment

Proceedings of the VLDB Endowment Volume 11, Issue 3

November 2017

150 pages

ISSN:2150-8097

Editors:
Jian Pei
Simon Fraser University
,
Sihem Amer-Yahia
University of Grenoble Alpes, CNRS

Issue’s Table of Contents

Publisher

VLDB Endowment

Publication History

Published: 01 November 2017

Published in PVLDB Volume 11, Issue 3

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
76
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Salvaneschi GKöhler MSokolowski DHaller PErdweg SMezini M(2019)Language-integrated privacy-aware distributed queriesProceedings of the ACM on Programming Languages10.1145/33605933:OOPSLA(1-30)Online publication date: 10-Oct-2019
https://dl.acm.org/doi/10.1145/3360593
Dimitrova EChrysanthis PLee AHung CPapadopoulos G(2019)Authorization-aware optimization for multi-provider queriesProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3299731(431-438)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3299731

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents