f. li 05/15/06 security & privacy preserved information brokerage system fengjun li...
Post on 16-Dec-2015
216 Views
Preview:
TRANSCRIPT
F. Li 05/15/06
Security & Privacy Preserved Information
Brokerage SystemFengjun Li
fli@ist.psu.eduCollege of IST, Penn State University
F. Li 05/15/06
1 2 3 4 5
Introduction
Information Brokerage
SystemsSecurity-preserved mechanism
Privacy-preserved
mechanism
Conclusion and Q&A
F. Li 05/15/06
content/location discovery
Universal Connectivity
security & privacy risks
poor usability
… …
F. Li 05/15/06
Data sources connected with the help of brokers
User send query to local broker that help route it to targeted data sources
Information Brokerage System
User
User
User
User
User
User
User
User
User
User
Security & privacy?
F. Li 05/15/06
Security Enforcement – from the perspective of performance
– Access Control– Traditional AC enforcement and IBS architecture– Any other choice
Brokerage System
AC
Broker
DBMS
AccessControl Broker
BrokerBroker
AC
ACAC
AC
AC
F. Li 05/15/06
If we could drag the AC out of DBMS …
Brokerage System
AccessControl AC AC
AC
ACAC
AC
BrokerBroker
BrokerBroker
DBMS
Brokerage System
BrokerAC
DBMS
Broker
AccessControl
BrokerAC
BrokerAC
Or further
F. Li 05/15/06
Why dragging security check out of DBMS and pushing it to the brokers?
– A performance based reason
tn3Broker
Broker
Indexer
tn1
Q ti tftn3
DBMS
AccessControl
tn2
(Q, Addr) (Q’, Addr)Indexer
tn1 tn2
Q tiDBMS
AccessControl(Q, Addr) tf Broker
Indexer
tn1 tn2
Q (Q, Addr)titf
tn3DBMS
AccessControl Q’
tp tp tp
F. Li 05/15/06
Preliminary
– XML Access Control Model• Role-based Access Control• 5-tuple access control rules (ACR)
– QFilter: enforcing AC via query written• Using Non-deterministic Finite Automata (NFA) to
hold ACR• Query either rejected or accepted (w/o rewritten)
{ , , , , }ACR subject object action sign type
F. Li 05/15/06
QFilter Example
R1: {`/site/people', 192.168.0.2}
R2: {`//africa/items', 192.168.0.15}
R3: {`//asia/items', 192.168.0.16}
2
categories
3ε *
*
4
item
*
1site0
5
regions
6
7
8
9
10
11
location
quantity
name
description
F. Li 05/15/06
Our Approach
– Merge the QFilters of several roles to an integrated Multi-Role QFilter
• A naïve approach – QFilter Array
– Use the similar NFA-based mechanism to represent the routing information (called index rules)
– Merge index rules into Multi-Role QFilter for further performance improvement
F. Li 05/15/06
site people person name0 1 2 3 4
site people person0 1 2 3
site people person name0 1 2 3 4
11
00
11
00
11
00
01
01
Access ListAccept ListRole 1:
Role 2:
Merged:
Rule 1: {role1, ``/site/people/person'', read, +, RC}
Rule 2: {role2, ``/site/people/person/name'', read, +, RC}
11
10
An Example of Multi-Role QFilter
An Example of Index Rules
R1: {`/site/people', 192.168.0.2}
R2: {`//africa/items', 192.168.0.15}
R3: {`//asia/items', 192.168.0.16}
0
1 2site
people
3ε africa
*4 5items
asia6 7items
192.168.0.2
192.168.0.15
192.168.0.16
F. Li 05/15/06
192.168.0.102
categories
3ε *
*
4
item
*
1site0
5
regions
6
7
8
9
10
11
location
quantity
name
description
192.168.0.102
categories
3ε *
*
4
item
*
1site0
5
regions
6
7
8
9
10
11
location
quantity
name
description
X
192.168.0.102
categories
3ε *
*
4
item
*
1site0
5
regions
6
7
8
9
10
11
location
quantity
name
description
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
192.168.0.102
categories
3ε *
*
4
item
*
1site0
5
regions
6
7
8
9
10
11
location
quantity
name
description
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
(a) The accept case.
(b) The reject case.
(c) Filtering process.
(d) Traversing process.
An Example of Indexed Multi-Role QFilter - Merging index rules into Multi-Role QFilter
F. Li 05/15/06
Why dragging security check out of DBMS and pushing it to the brokers?
– Previous example re-visit
Broker
Indexer
tn1
Q ti
tn3DBMS
tn2
(Q’, Addr)
tp
QFilter
QFilter
…...
Q’
tfBroker
Indexer
tn1
Q ti
tn3DBMS
tn2
(Q’, Addr)
tp
Q’tf
MultiRole QFIlter
Broker
tn1
Q
tfitn3
DBMS
tn2
(Q’, Addr)
tp
Indexed MultiRole QFIlter
F. Li 05/15/06
Performance Metrics 1 - Memory Consumption
Performance Metrics 2 – In-broker Query Response Time & Overall Query Response Time
Performance Metrics 3 –Network Traffic
- Save 87.5% (by analyzing)
F. Li 05/15/06
Privacy Preserving Mechanism
– Possible privacy breaches:• Privacy of the query location• Privacy of the query content• Privacy of the access control rule• Privacy of the data location• Privacy of the data content
F. Li 05/15/06
Information Brokerage System
– New architecture
Coordinator Network
1
43
6 7
2
8
5
9
10
1
3
5
7
6
2
4
Super Site
Broker
Coordinator
Data Source
User
User
User
User
User
User
User
User
User
UserUser
User
User
User
User
User
User
F. Li 05/15/06
Trust Relationship
Privacy UserBroke
rCoordinat
orData Server
Query Location
- Trust Trust Hide
Query Content
- HideTrust
(Partially)Trust
ACR Hide HideTrust
(Partially)
Trust (for double-checking)
Data Location
Hide HideHide
(Partially)-
Data ContentWith
authorizationHide Hide -
F. Li 05/15/06
top related