Access control and inference problem in data integration systems

Mehdi Haddad 1, 2
2 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : In this thesis we are interested in controlling the access to a data integration system. In a data integration system, a mediator is defined. This mediator aims at providing a unique entry point to several heterogeneous sources. In this kind of architecture security aspects and access control in particular represent a major challenge. Indeed, every source, designed independently of the others, defines its own access control policy. The problem is then: "How to define a representative policy at the mediator level that preserves sources’ policies?" Preserving the sources’ policies means that a prohibited access at the source level should also be prohibited at the mediator level. Also, the policy of the mediator needs to protect data against indirect accesses. An indirect access occurs when one could synthesize sensitive information from the combination of non sensitive information and semantic constraints. Detecting all indirect accesses in a given system is referred to as the inference problem. In this manuscript, we propose an incremental methodology able to tackle the inference problem in a data integration context. This methodology has three phases. The first phase, the propagation phase, allows combining source policies and therefore generating a preliminary policy at the mediator level. The second phase, the detection phase, characterizes the role of semantic constraints in inducing inference about sensitive information. We also introduce in this phase a graph-based approach able to enumerate all indirect access that could induce accessing sensitive information. In order to deal with previously detected indirect access, we introduce the reconfiguration phase which provides two solutions. The first solution could be implemented at design time. The second solution could be implemented at runtime.
Document type :
Complete list of metadatas

Cited literature [107 references]  Display  Hide  Download
Contributor : Abes Star <>
Submitted on : Wednesday, March 25, 2015 - 10:37:10 AM
Last modification on : Friday, May 17, 2019 - 10:33:43 AM
Long-term archiving on : Thursday, July 2, 2015 - 6:35:43 AM


Version validated by the jury (STAR)


  • HAL Id : tel-01135300, version 1


Mehdi Haddad. Access control and inference problem in data integration systems. Other [cs.OH]. INSA de Lyon, 2014. English. ⟨NNT : 2014ISAL0107⟩. ⟨tel-01135300⟩



Record views


Files downloads