Haibing Lu

Optimal Boolean Matrix Decomposition: Application to Role Engineering

A decomposition of a binary matrix into two matrices gives a set of basis vectors and their appropriate combination to form the original matrix. Such decomposition solutions are useful in a number of application domains including text mining, role engineering as well as knowledge discovery. While a binary matrix can be decomposed in several ways, however, certain decompositions better characterize the semantics associated with the original matrix in a succinct but comprehensive way. Indeed, one can find different decompositions optimizing different criteria matching various semantics. In this paper, we first present a number of variants to the optimal Boolean matrix decomposition problem that have pragmatic implications. We then present a unified framework for modeling the optimal binary matrix decomposition and its variants using binary integer programming. Such modeling allows us to directly adopt the huge body of heuristic solutions and tools developed for binary integer programming. Although the proposed solutions are applicable to any domain of interest, for providing more meaningful discussions and results, in this paper, we present the binary matrix decomposition problem in a role engineering context, whose goal is to discover an optimal and correct set of roles from existing permissions, referred to as the role mining problem (RMP). This problem has gained significant interest in recent years as role based access control has become a popular means of enforcing security in databases. We consider several variants of the above basic RMP, including the min-noise RMP, delta-approximate RMP and edge-RMP. Solutions to each of them aid security administrators in specific scenarios. We then model these variants as Boolean matrix decomposition and present efficient heuristics to solve them.

Constraint-Aware Role Mining via Extended Boolean Matrix Decomposition

The role mining problem has received considerable attention recently. Among the many solutions proposed, the Boolean matrix decomposition (BMD) formulation has stood out, which essentially discovers roles by decomposing the binary matrix representing user-to-permission assignment (UPA) into two matrices-user-to-role assignment (UA) and permission-to-role assignment (PA). However, supporting certain embedded constraints, such as separation of duty (SoD) and exceptions, is critical to the role mining process. Otherwise, the mined roles may not capture the inherent constraints of the access control policies of the organization. None of the previously proposed role mining solutions, including BMD, take into account these underlying constraints while mining. In this paper, we extend the BMD so that it reflects such embedded constraints by proposing to allow negative permissions in roles or negative role assignments for users. Specifically, by allowing negative permissions in roles, we are often able to use less roles to reconstruct the same given user-permission assignments. Moreover, from the resultant roles we can discover underlying constraints such as separation of duty constraints. This feature is not supported by any existing role mining approaches. Hence, we call the role mining problem with negative authorizations the constraint-aware role mining problem (CRM). We also explore other interesting variants of the CRM, which may occur in real situations. To enable CRM and its variants, we propose a novel approach, extended Boolean matrix decomposition (EBMD), which addresses the ineffectiveness of BMD in its ability of capturing underlying constraints. We analyze the computational complexity for each of CRM variants and present heuristics for problems that are proven to be NP-hard.

Cloud based data sharing with fine-grained proxy re-encryption

Conditional proxy re-encryption (CPRE) enables fine-grained delegation of decryption rights, and has many real-world applications. In this paper, we present a ciphertext-policy attribute based CPRE scheme, together with a formalization of the primitive and its security analysis. We demonstrate the utility of the scheme in a cloud deployment, which achieves fine-grained data sharing. This application implements cloud server-enabled user revocation, offering an alternative yet more efficient solution to the user revocation problem in the context of fine-grained encryption of cloud data. High user-side efficiency is another prominent feature of the application, which makes it possible for users to use resource constrained devices, e.g., mobile phones, to access cloud data. Our evaluations show promising results on the performance of the proposed scheme.

Edge-RMP: Minimizing administrative assignments for role-based access control

Because of its ease of administration, role-based access control (RBAC) has become the norm to enforcing security in most of todays organizations. For implementing RBAC, it is important to devise a complete and correct set of roles. This task, known as role engineering, has been identified as one of the costliest components in deploying RBAC. A key problem with respect to role engineering is that there is no formal metric for measuring the goodness/interestingness of the devised set of roles. Recently, Vaidya et al. [26], formally define the role mining problem (RMP) as the problem of discovering an optimal set of roles from existing user permissions, and analyze its theoretical bounds. Essentially, given a user-permission assignment (UPA), the basic RMP is to discover the user-role assignment relation (UA) and role-permission assignment relation (PA) such that the number of roles required is minimum. In this paper, we present another interesting and useful problem, called the edge-RMP, with a different minimality objective. The edge-RMP, requires the discovery of a complete and correct set of roles such that the discovered |UA|+|PA| is the minimum possible. Minimal |UA|+|PA| is a useful metric as it would minimize the administrative burden since less number of assignments need to be managed. Although the basic-RMP and the edge-RMP appear to be related problems, we demonstrate with concrete examples that they are, in fact, independent of each other. We prove that the edge-RMP is an NP-hard problem by reducing the known “vertex cover problem” to the decision version of the edge-RMP. Another important contribution of this paper is to provide a binary integer programming solution to this problem by showing that the edge-RMP can be formulated in that form. As a result, one can directly borrow existing implementation solutions for binary integer programming and guide further research in this direction. We also propose a heuristic solution for large scale problems, and experimentally validate our algorithm.

Differentially private search log sanitization with optimal output utility

Web search logs contain extremely sensitive data, as evidenced by the recent AOL incident. However, storing and analyzing search logs can be very useful for many purposes (i.e. investigating human behavior). Thus, an important research question is how to privately sanitize search logs. Several search log anonymization techniques have been proposed with concrete privacy models. However, in all of these solutions, the output utility of the techniques is only evaluated rather than being maximized in any fashion. Indeed, for effective search log anonymization, it is desirable to derive the outputs with optimal utility while meeting the privacy standard. In this paper, we propose utility-maximizing sanitization based on the rigorous privacy standard of differential privacy, in the context of search logs. Specifically, we utilize optimization models to maximize the output utility of the sanitization for different applications, while ensuring that the production process satisfies differential privacy. An added benefit is that our novel randomization strategy maintains the schema integrity in the output search logs. A comprehensive evaluation on real search logs validates the approach and demonstrates its robustness and scalability.

Secure and efficient distributed linear programming

In todays networked world, resource providers and consumers are distributed globally and locally, especially under current cloud computing environment. However, with resource constraints, optimization is necessary to ensure the best possible usage of such scarce resources. Distributed linear programming DisLP problems allow collaborative agents to jointly maximize profits or minimize costs with a linear objective function while conforming to several shared as well as local linear constraints. Since each agents share of the global constraints and the local constraints generally refer to its private limitations or capacities, serious privacy problems may arise if such information is revealed. While there have been some solutions raised that allow secure computation of such problems, they typically rely on inefficient protocols with enormous computation and communication cost.In this paper, we study the DisLP problems where constraints are arbitrarily partitioned and every agent privately holds a set of variables, and propose secure and extremely efficient approach based on mathematical transformation in two adversary models --semi-honest and malicious model. Specifically, we first present a secure column generation SCG protocol that securely solves the above DisLP problem amongst two or more agents without any private information disclosure, assuming semi-honest behavior all agents properly follow the protocol but may be curious to derive private information from other agents. Furthermore, we discuss potential selfish actions and colluding issues in malicious model distributed agents may corrupt the protocol to gain extra benefit and propose an incentive compatible protocol to resolve such malicious behavior. To address the effectiveness of our protocols, we present security analysis for both adversary models as well as the communication/computation cost analysis. Finally, our experimental results validate the efficiency of our approach and demonstrate its scalability.

Extended Boolean Matrix Decomposition

With the vast increase in collection and storage of data, the problem of data summarization is most critical for effective data management. Since much of this data is categorical in nature, it can be viewed in terms of a Boolean matrix. Boolean matrix decomposition (BMD) has been used to provide concise and interpretable representations of Boolean data sets. A Boolean matrix can be expressed as a product of two Boolean matrices, where the first matrix represents a set of meaningful concepts, and the second describes how the observed data can be expressed as combinations of those concepts. Typically, the combination is only in terms of the set union. In other words, a successful Boolean matrix decomposition gives a set of concepts and shows how every column of the input data can be expressed as a union of some subset of those concepts. However, this way of modeling only incompletely represents real data semantics. Essentially, it ignores a critical component -- the set difference operation: a column can be expressed as the combination of union of certain concepts as well as the exclusion of other concepts. This has two significant benefits. First, the total number of concepts required to describe the data may itself be reduced. Second, a more succinct summarization may be found for every column. In this paper, we propose the extended Boolean matrix decomposition (EBMD) problem, which aims to factor Boolean matrices using both the set union and set difference operations. We study several variants of the problem, show that they are NP-hard, and propose efficient heuristics to solve them. Extensive experimental results demonstrate the power of EBMD.

Practical inference control for data cubes

The fundamental problem for inference control in data cubes is how to efficiently calculate the lower and upper bounds for each cell value given the aggregations of cell values over multiple dimensions. In this paper, we provide the first practical solution for estimating exact bounds in two-dimensional irregular data cubes (i.e., data cubes in which certain cell values are known to a snooper). Our results imply that the exact bounds cannot be obtained by a direct application of the Frechet bounds in some cases. We then propose a new approach to improve the classic Frechet bounds for any high-dimensional data cube in the most general case. The proposed approach improves upon the Frechet bounds in the sense that it gives bounds that are at least as tight as those computed by Frechet, yet is simpler in terms of time complexity. Based on our solutions to the fundamental problem, we discuss two security applications, privacy protection of released data and fine-grained access control and auditing

Towards Lightweight Anonymous Entity Authentication for IoT Applications

Preservation of individual privacy is an important issue in future IoT applications, which calls for lightweight anonymous entity authentication solutions that can be executed efficiently upon a wide range of resource-constrained IoT devices and gadgets. Existing anonymous credential techniques are not well fitted to the setting of IoT, and it is especially so when credential revocation support is considered. In this paper, leveraging on dynamic accumulator we propose a lightweight anonymous entity authentication scheme with outsource-able witness update, solving the main bottleneck of anonymous credentials. We further improve the performance of the scheme with the idea of self-blinding, in such a way that the computation by the prover works entirely in the compact bilinear group of bilinear map. Our performance evaluation shows that the proposed schemes are good for resource-constrained devices.

Community detection in graphs through correlation

Community detection is an important task for social networks, which helps us understand the functional modules on the whole network. Among different community detection methods based on graph structures, modularity-based methods are very popular recently, but suffer a well-known resolution limit problem. This paper connects modularity-based methods with correlation analysis by subtly reformatting their math formulas and investigates how to fully make use of correlation analysis to change the objective function of modularity-based methods, which provides a more natural and effective way to solve the resolution limit problem. In addition, a novel theoretical analysis on the upper bound of different objective functions helps us understand their bias to different community sizes, and experiments are conducted on both real life and simulated data to validate our findings.