Showing 1–2 of 2 results for author: Turan, U

Graph Based Proactive Secure Decomposition Algorithm for Context Dependent Attribute Based Inference Control Problem

Authors: Ugur Turan, Ismail H. Toroslu, Murat Kantarcioglu

Abstract: Relational DBMSs continue to dominate the database market, and inference problem on external schema of relational DBMS's is still an important issue in terms of data privacy.Especially for the last 10 years, external schema construction for application-specific database usage has increased its independency from the conceptual schema, as the definitions and implementations of views and procedures h… ▽ More Relational DBMSs continue to dominate the database market, and inference problem on external schema of relational DBMS's is still an important issue in terms of data privacy.Especially for the last 10 years, external schema construction for application-specific database usage has increased its independency from the conceptual schema, as the definitions and implementations of views and procedures have been optimized. This paper offers an optimized decomposition strategy for the external schema, which concentrates on the privacy policy and required associations of attributes for the intended user roles. The method proposed in this article performs a proactive decomposition of the external schema, in order to satisfy both the forbidden and required associations of attributes.Functional dependency constraints of a database schema can be represented as a graph, in which vertices are attribute sets and edges are functional dependencies. In this representation, inference problem can be defined as a process of searching a subtree in the dependency graph containing the attributes that need to be related. The optimized decomposition process aims to generate an external schema, which guarantees the prevention of the inference of the forbidden attribute sets while guaranteeing the association of the required attribute sets with a minimal loss of possible association among other attributes, if the inhibited and required attribute sets are consistent with each other. Our technique is purely proactive, and can be viewed as a normalization process. Due to the usage independency of external schema construction tools, it can be easily applied to any existing systems without rewriting data access layer of applications. Our extensive experimental analysis shows the effectiveness of this optimized proactive strategy for a wide variety of logical schema volumes. △ Less

Submitted 1 March, 2018; originally announced March 2018.

Secure Logical Schema and Decomposition Algorithm for Proactive Context Dependent Attribute Based Access Control

Authors: Ugur Turan, Ismail Hakki Toroslu

Abstract: Traditional database access control mechanisms use role based methods, with generally row based and attribute based constraints for granularity, and privacy is achieved mainly by using views. However if only a set of views according to policy are made accessible to users, then this set should be checked against the policy for the whole probable query history. The aim of this work is to define a pr… ▽ More Traditional database access control mechanisms use role based methods, with generally row based and attribute based constraints for granularity, and privacy is achieved mainly by using views. However if only a set of views according to policy are made accessible to users, then this set should be checked against the policy for the whole probable query history. The aim of this work is to define a proactive decomposition algorithm according to the attribute based policy rules and build a secure logical schema in which relations are decomposed into several ones in order to inhibit joins or inferences that may violate predefined privacy constraints. The attributes whose association should not be inferred, are defined as having security dependency among them and they form a new kind of context dependent attribute based policy rule named as security dependent set. The decomposition algorithm works on a logical schema with given security dependent sets and aims to prohibit the inference of the association among the elements of these sets. It is also proven that the decomposition technique generates a secure logical schema that is in compliance with the given security dependent set constraints. △ Less

Submitted 17 July, 2014; v1 submitted 24 February, 2014; originally announced February 2014.

Comments: 12 pages