Romuald Thion

Interactive Mapping Specification with Exemplar Tuples

While schema mapping specification is a cumbersome task for data curation specialists, it becomes unfeasible for non-expert users, who are unacquainted with the semantics and languages of the involved transformations. In this paper, we present an interactive framework for schema mapping specification suited for non-expert users. The underlying key intuition is to leverage a few exemplar tuples to infer the underlying mappings and iterate the inference process via simple user interactions under the form of boolean queries on the validity of the initial exemplar tuples. The approaches available so far are mainly assuming pairs of complete universal data examples, which can be solely provided by data curation experts, or are limited to poorly expressive mappings. We present several exploration strategies of the space of all possible mappings that satisfy arbitrary user exemplar tuples. Along the exploration, we challenge the user to retain the mappings that fit the users requirements at best and to dynamically prune the exploration space, thus reducing the number of user interactions. We prove that after the refinement process, the obtained mappings are correct. We present an extensive experimental analysis devoted to measure the feasibility of our interactive mapping strategies and the inherent quality of the obtained mappings.

Detection of Conflicting Compliance Rules

Web-based dynamic systems and pressured business environments need more than ever formal methods to analyze evolving compliance rules. Providing adequate tools to tackle the problem of debugging conflicting temporal compliance rules is an ongoing research topic. This problem is of paramount importance to achieve automatic support for early declarative design and to support evolution of rules in contract-based or service-based systems. In this paper we investigate the problem of extracting temporal unsatisfiable cores in order to detect the inconsistent part of a specification. We survey existing techniques to extract core and provide a new depth-first-search model checking which also enables to extract small unsatisfiable cores.

Inference Leakage Detection for Authorization Policies over RDF Data

The Semantic Web technologies include entailment regimes that produce new RDF data from existing ones. In the presence of access control, once a user has legitimately received the answer of a query, she/he can derive new data entailed from the answer that should have been forbidden if carried out inside of the RDF store. In this paper, we define a fine-grained authorization model for which it is possible to check in advance whether such a problem will arise. To this end, we provide a static analysis algorithm which can be used at the time of writing the authorization policy and does not require access to the data. We illustrate the expressiveness of the access control model with several conflict resolution strategies including most specific takes precedence as well as the applicability of the algorithm for diagnosis purposes.

Refactoring multi-layered access control policies through (De)composition

Policy-based access control is a well-established paradigm for securing layered IT systems. Access control policies, however, often do not focus on dedicated architecture layers, but increasingly employ concepts of multiple layers. Web application servers, for instance, typically support request filtering on the basis of network addresses. The resulting flexibility comes with increased management complexity and the risk of security-relevant misconfiguration when looking at the various policies in isolation. We therefore propose a flexible access control framework able to provide a comprehensive view of the global access control policy implemented in a given system. The focus of this paper is to lay down the theoretical foundations of this framework that allows (i) to describe authorization policies from different architecture layers, (ii) to capture the semantics of dependencies between layers in order to create a composed view of the global policy, and (iii) to decompose the global policy again into a collection of simpler ones by means of algebraic techniques inspired from database normalization theory.

Access Control Configuration for J2EE Web Applications: A Formal Perspective

Business services are increasingly dependent upon Web applications. Whereas URL-based access control is one of the most prominent and pervasive security mechanism in use, failure to restrict URL accesses is still a major security risk. This paper aims at mitigating this risk by giving a formal semantics for access control constraints standardized in the J2EE Java Servlet Specification, arguably one of the most common framework for web applications. A decision engine and a comparison algorithm for change impact analysis of access control configurations are developed on top of this formal building block.

Découverte automatisée de hiérarchies de rôles pour les politiques de contrôle d'accès

Role-engineering is the task of discovering roles in a system. This task is essential in building efficient role-based access control policies. The classical approach in role-engineering is top-down. It relies on business process analysis to define roles from basic tasks, but ignore existing privileges. This approach is time consuming and expensive. This article presents a new automated role-engineering technique - a role-mining technique. The paradigm used is formal concept analysis, which aim at extracting implicit lattice from binary relation.

Access Control Enforcement for Selective Disclosure of Linked Data

The Semantic Web technologies enable Web-scaled data linking between large RDF repositories. However, it happens that organizations cannot publish their whole datasets but only some subsets of them, due to ethical, legal or confidentiality considerations. Different user profiles may have access to different authorized subsets. In this case, selective disclosure appears as a promising incentive for linked data. In this paper, we show that modular, fine-grained and efficient selective disclosure can be achieved on top of existing RDF stores. We use a data-annotation approach to enforce access control policies. Our results are grounded on previously established formal results proposed in [14]. We present an implementation of our ideas and we show that our solution for selective disclosure scales, is independent of the user query language, and incurs reasonable overhead at runtime.

UPnQ: An Architecture for Personal Information Exploration

Today our lives are being mapped to the binary realm provided by computing devices and their interconnections. The constant increase in both amount and diversity of personal information organized in digital files already turned into an information overload. User files contain an ever augmenting quantity of potential information that can be extracted at a non-negligible processing cost. In this paper we pursue the difficult objective of providing easy and efficient personal information management, in a file-oriented context. To this end, we propose the Universal Plug’n’Query (UPnQ) principled approach for Personal Information Management. UPnQ is based on a virtual database that offers query facilities over potential information from files while tuning resource usage. Our goal is to declaratively query the contents of dynamically discovered files at a fine-grained level. We present an architecture that supports our approach and we conduct a simulation study that explores different caching strategies.

Contrôle d'accès logique au dossier patient informatisé

Le respect de la confidentialite est une problematique majeure de la securite de l information medicale. Definir les reglements, les implementer dans un dispositif de controle d acces et les verifier sont des defis organisationnels, techniques et scientifiques auxquels doivent faire face les etablissements de sante. Cette problematique est d autant plus exacerbee lorsque l information est partagee et repartie. Cet article propose un cadre logique apportant une reponse aux problemes d expression, de stockage, d interrogation et de validation des politiques d autorisation complexes pour les systemes d information medicale. Nous illustrons notre approche sur une application des recommandations du Groupement pour la Modernisation du Systeme d Information Hospitalier et la plateforme d information medicale de la region Rhone-Alpes.

Modeling and inferring on role-based access control policies using data dependencies

Role-Based Access Control (RBAC) models are becoming a de facto standard, greatly simplifying management and administration tasks. Organizational constraints were introduced (e.g.: mutually exclusive roles, cardinality, prerequisite roles) to reflect peculiarities of organizations. Thus, the number of rules is increasing and policies are becoming more and more complex: understanding and analyzing large policies in which several security officers are involved can be a tough job. There is a serious need for administration tools allowing analysis and inference on access control policies. Such tools should help security officers to avoid defining conflicting constraints and inconsistent policies. This paper shows that theoretical tools from relational databases are suitable for expressing and inferring on RBAC policies and their related constraints. We focused on using Constrained Tuple-Generating Dependencies (CTGDs), a class of dependencies which includes traditional other ones. We show that their great expressive power is suitable for all practical relevant aspects of RBAC. Moreover, proof procedures have been developed for CTGDs: they permit to reason on policies. For example, to check their consistency, to verify a new rule is not already implied or to check satisfaction of security properties. A prototype of RBAC policies management tool has been implemented, using CTGDs dedicated proof procedures as the underlying inference engine.