S. De Capitani di Vimercati

Controlling access to XML documents

Access control techniques for XML provide a simple way to protect confidential information at the same granularity level provided by XML schemas. In this article, we describe our approach to these problems and the design guidelines that led to our current implementation of an access control system for XML information.

Implementation of a Storage Mechanism for Untrusted DBMSs

Several architectures have been recently proposed that store relational data in encrypted form on untrusted relational databases. Such architectures permit the creation of novel Internet services and also offer an opportunity for a better construction of ASP solutions. Environments where there are limited resources that do not permit an efficient management of databases or where it is critical to offer a robust Internet access to private data may all benefit from the above architectures. In this paper we analyze the impact that this architecture has on the typical services of a database. The analysis is based on the experience gained in the construction of a prototype of a complete architecture for the management of encrypted databases. Specifically, we illustrate the impact on query translation and optimization, and the main components of the software architecture of the prototype.

Expressive and Deployable Access Control in Open Web Service Applications

Traditional access control solutions, based on preliminary identification and authentication of the access requester, are not adequate for the context of open web service systems, where servers generally do not have prior knowledge of the requesters. The research community has acknowledged such a paradigm shift and several investigations have been carried out for new approaches to regulate access control in open dynamic settings. Typically based on logic, such approaches, while appealing for their expressiveness, result not applicable in practice, where simplicity, efficiency, and consistency with consolidated technology are crucial. The eXtensible Access Control Markup Language (XACML) has established itself as the emerging technological solution for controlling access in an interoperable and flexible way. Although supporting the most common policy representation mechanisms and having acquired a significant spread in the research community and the industry, XACML still suffers from some limitations which impact its ability to support actual requirements of open web-based systems. In this paper, we provide a simple and effective formalization of novel concepts that have to be supported for enforcing the new access control paradigm needed in open scenarios, toward the aim of providing an expressive solution actually deployable with todays technology. We illustrate how the concepts of our model can be deployed in the XACML standard by exploiting its extension points for the definition of new functions, and introducing a dialog management framework to enable access control interactions between web service clients and servers.

k -Anonymous Data Mining: A Survey

Data mining technology has attracted significant interest as a means of identifying patterns and trends from large collections of data. It is however evident that the collection and analysis of data that include personal information may violate the privacy of the individuals to whom information refers. Privacy protection in data mining is then becoming a crucial issue that has captured the attention of many researchers. In this chapter, we first describe the concept of k-anonymity and illustrate different approaches for its enforcement. We then discuss how the privacy requirements characterized by k-anonymity can be violated in data mining and introduce possible approaches to ensure the satisfaction of k-anonymity in data mining.

Securing SOAP e-services

Abstract.Remote service invocation via HTTP and XML promises to become an important component of the Internet infrastructure. Work is ongoing in the W3C XML Protocol Working Group to define a common standard, and solutions like SOAP and XML-RPC are already used in a few situations, demonstrating the potential. However, no standard technique for access control security is currently defined for these protocols. In this paper, we propose an approach that relies on the XML structure of SOAP requests to support fine-grained authorizations at the level of individual XML elements and attributes that comprise a SOAP call. The result is a simple yet general technique to specify and enforce fine-grained access control for e-services.

Specification and enforcement of classification and inference constraints

Although mandatory access control in database systems has been extensively studied in recent years, and several models and systems have been proposed, capabilities for enforcement of mandatory constraints remain limited. Lack of support for expressing and combating inference channels that improperly leak protected information remains a major limitation in todays multilevel systems. Moreover the working assumption that data are classified at insertion time makes previous approaches inapplicable to the classification of existing, possibly historical, data repositories that need to be classified for release. Such a capability would be of great benefit to, and appears to be in demand by, governmental, public and private institutions. We address the problem of classifying existing data repositories by taking into consideration explicit data classification as well as association and inference constraints. Constraints are expressed in a unified, DBMS- and model-independent framework, making the approach largely applicable. We introduce the concept of minimal classification as a labeling of data elements that while satisfying the constraints, ensures that no data element is classified at a level higher than necessary. We also describe a technique and present an algorithm for generating data classifications that are both minimal and preferred according to certain criteria. Our approach is based on preprocessing, or compiling, constraints to produce a set of simple classification assignments that can then be efficiently applied to classify any database instance.

Encryption-Based Policy Enforcement for Cloud Storage

Nowadays, users are more and more exploiting external storage and connectivity for sharing and disseminating user-generated content. To this aim, they can benefit of the services offered by Internet companies, which however assume that the service provider is entitled to access the resources. To overcome this limitation, we present an approach that does not require complete trust in the external service w.r.t. both resource content and authorization management, while at the same time allowing users to delegate to the provider the enforcement of the access control policy on their resources. Our solution relies on the translation of the access control policy into an equivalent encryption policy on resources and on a hierarchical key structure that limits both the number of keys to be maintained and the amount of encryption to be enforced.

An Experimental Evaluation of Multi-Key Strategies for Data Outsourcing

Data outsourcing is emerging today as a successful solution for organizations looking for a cost-effective way to make their data available for on-line querying. To protect outsourced data from unauthorized accesses, even from the (honest but curious) host server, data are encrypted and indexes associated with them enable the server to execute queries without the need of accessing cleartext. Current solutions consider the whole database as encrypted with a single key known only to the data owner, which therefore has to be kept involved in the query execution process. In this paper, we propose different multi-key data encryption strategies for enforcing access privileges. Our strategies exploit different keys, which are distributed to the users, corresponding to the different authorizations. We then present some experiments evaluating the quality of the proposed strategies with respect to the amount of cryptographic information to be produced and maintained.

Recent Advances in Access Control

Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. Traditional access control models and languages result limiting for emerging scenarios, whose open and dynamic nature requires the development of new ways of enforcing access control. Access control is then evolving with the complex open environments that it supports, where the decision to grant an access may depend on the properties (attributes) of the requestor rather than her dentity and where the access control restrictions to be enforced may come from different authorities. These issues pose several new challenges to the design and implementation of access control systems. In this chapter, we present the emerging trends in the access control field to address the new needs and desiderata of today’s systems.

Assessing efficiency of trust management in peer-to-peer systems

P2P applications support exchanging resources while preserving total or partial anonymity of both requestors and providers. However, concerns have been raised about the possibility that anonymity may encourage malicious peers to spread tampered-with resources (e.g., malicious programs and viruses). A considerable amount of research is now being carried out on the development of trust and reputation models in P2P networks. In this paper, we assess the efficiency of our approach to the design of reputation systems involving flexible techniques for collecting and aggregating peers opinions via comparison with probabilistic approaches.