Safety in discretionary access control for logic-based publish-subscribe systems

Kazuhiro Minami; Nikita Borisov; Carl A. Gunter

doi:10.1145/1542207.1542211

Safety in discretionary access control for logic-based publish-subscribe systems

Kazuhiro Minami, Nikita Borisov, Carl A. Gunter

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.

Original language	English (US)
Title of host publication	SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies
Pages	3-12
Number of pages	10
DOIs	https://doi.org/10.1145/1542207.1542211
State	Published - 2009
Event	14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009 - Stresa, Italy Duration: Jun 3 2009 → Jun 5 2009

Publication series

Name	Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other	14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009
Country/Territory	Italy
City	Stresa
Period	6/3/09 → 6/5/09

Keywords

Access control
Inference control
Logical language
Publish-subscribe systems
Safety

ASJC Scopus subject areas

Software
Computer Networks and Communications
Safety, Risk, Reliability and Quality
Information Systems

Online availability

10.1145/1542207.1542211

Library availability

Discover UIUC Full Text

Cite this

Safety in discretionary access control for logic-based publish-subscribe systems. / Minami, Kazuhiro; Borisov, Nikita ; Gunter, Carl A.

SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. 2009. p. 3-12 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Minami, K, Borisov, N & Gunter, CA 2009, Safety in discretionary access control for logic-based publish-subscribe systems. in SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 3-12, 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, Stresa, Italy, 6/3/09. https://doi.org/10.1145/1542207.1542211

@inproceedings{fdc3af8f295643109797224ee9f949ac,

title = "Safety in discretionary access control for logic-based publish-subscribe systems",

abstract = "Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.",

keywords = "Access control, Inference control, Logical language, Publish-subscribe systems, Safety",

author = "Kazuhiro Minami and Nikita Borisov and Gunter, {Carl A.}",

year = "2009",

doi = "10.1145/1542207.1542211",

language = "English (US)",

isbn = "9781605585376",

series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",

pages = "3--12",

booktitle = "SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies",

note = "14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009 ; Conference date: 03-06-2009 Through 05-06-2009",

}

TY - GEN

T1 - Safety in discretionary access control for logic-based publish-subscribe systems

AU - Minami, Kazuhiro

AU - Borisov, Nikita

AU - Gunter, Carl A.

PY - 2009

Y1 - 2009

N2 - Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.

AB - Publish-subscribe (pub-sub) systems are useful for many applications, including pervasive environments. In the latter context, however, great care must be taken to preserve the privacy of sensitive information, such as users' location and activities. Traditional access control schemes provide at best a partial solution, since they do not capture potential inference regarding sensitive data that a subscriber may make. We propose a logic-based pub-sub system, where inference rules are used to both derive high-level events for use in applications as well as specify potentially harmful inferences that could be made regarding data. We provide a formal definition of safety in such a system that captures the possibility of indirect information flows. We show that the safety problem is co-NP-complete; however, problems of realistic size can be reduced to a satisfiability problem that can be efficiently decided by a SAT solver.

KW - Access control

KW - Inference control

KW - Logical language

KW - Publish-subscribe systems

KW - Safety

UR - http://www.scopus.com/inward/record.url?scp=70450265320&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70450265320&partnerID=8YFLogxK

U2 - 10.1145/1542207.1542211

DO - 10.1145/1542207.1542211

M3 - Conference contribution

AN - SCOPUS:70450265320

SN - 9781605585376

T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

SP - 3

EP - 12

BT - SACMAT'09 - Proceedings of the 14th ACM Symposium on Access Control Models and Technologies

T2 - 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009

Y2 - 3 June 2009 through 5 June 2009

ER -

Safety in discretionary access control for logic-based publish-subscribe systems

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this