Stéphane Coulondre

A top-down proof procedure for generalized data dependencies

Abstract. Data dependencies are well known in the context of relational database. They aim to specify constraints that the data must satisfy to model correctly the part of the world under consideration. The implication problem for dependencies is to decide whether a given dependency is logically implied by a given set of dependencies. A proof procedure for the implication problem, called “chase”, has already been studied in the generalized case of tuple-generating and equality-generating dependencies. The chase is a bottom-up procedure: from hypotheses to conclusion, and thus is not goal-directed. It also entails in the case of TGDs the dynamic creation of new constants, which can turn out to be a costly operation. This paper introduces a new proof procedure which is top-down: from conclusion to hypothesis, that is goal-directed. The originality of this procedure is that it does not act as classical theorem proving procedures, which require a special form of expressions, such as clausal form, obtained after Skolemization. We show, with our procedure, that this step is useless, and that the notion of piece allows infering directly on dependencies, thus saving the cost of Skolemizing the dependencies set and, morever, that the inference can be performed without dynamically creating new constants. Although top-down approaches are known to be less efficient in time than bottom-up ones, the notion of piece cuts down irrelevant goals usually generated, leading to a usable top-down method. With the more recent introduction of constrained and ordered dependencies, some interesting perspectives also arise.

A sound and complete chase procedure for constrained tuple-generating dependencies

We present a chase procedure for solving the implication problem of constrained tuple-generating dependencies (ctgds), a general class of database dependencies that is also able to handle data and predicates on interpreted domains. Current chase procedures for ctgds are sound but not complete, in the sense that they are unguaranteed to stop successfully whenever implication is true. The procedure we present is sound and complete, the first to our knowledge. It follows a linear reasoning over constraint domains that have the Independence of Negative Constraints property. We then soundly extend this procedure by a disjunctive reasoning over unrestricted constraint domains. To achieve these results, we used a different approach. Previous chases act like a closure operator, whereas we used a goal-directed design.

Découverte automatisée de hiérarchies de rôles pour les politiques de contrôle d'accès

Role-engineering is the task of discovering roles in a system. This task is essential in building efficient role-based access control policies. The classical approach in role-engineering is top-down. It relies on business process analysis to define roles from basic tasks, but ignore existing privileges. This approach is time consuming and expensive. This article presents a new automated role-engineering technique - a role-mining technique. The paradigm used is formal concept analysis, which aim at extracting implicit lattice from binary relation.

Detecting Privacy Violations in Multiple Views Publishing

We present a sound data-value-dependent method of detecting privacy violations in the context of multiple views publishing. We assume that privacy violation takes the form of linkages, that is, identifier-privacy value pair appearing in the same data record. At first, we perform a theoretical study of the following security problem: given a set of views to be published, if linking of two views does not violate privacy, how about three or more of them? And how many potential leaking channels are there? Then we propose a pre-processing algorithm of views which can turn multi-view violation detection problem into the single view case. Next, we build a benchmark with publicly available data set, Adult Database, at the UC Irvine Machine Learning Repository, and identity data set generated using a coherent database generator called Fake Name Generator on the internet. Finally, we conduct some experiments via Cayuga complex event processing system, the results demonstrate that our approach is practical, and well-suited to efficient privacy-violation detection.

Disclosure detection over data streams in database publishing

As huge amount of personal data collected into databases of service providers increase, so does the risk of private information disclosure. Recently, a number of privacy-preserving techniques have been proposed, however, they are either pre-controls or post-controls and limited in protection of privacy without information loss or distortion, quite a few techniques can be seen among literatures for detecting information disclosure in the process of data transmission. In this paper, we focus on disclosure detection related to database publishing, and present a novel approach of detecting privacy leakages over data streams on querying databases by using dynamic pattern matching and data stream processing techniques. Experimental results via Cayuga system verified the feasibility of our proposal.

Contrôle d'accès logique au dossier patient informatisé

Le respect de la confidentialite est une problematique majeure de la securite de l information medicale. Definir les reglements, les implementer dans un dispositif de controle d acces et les verifier sont des defis organisationnels, techniques et scientifiques auxquels doivent faire face les etablissements de sante. Cette problematique est d autant plus exacerbee lorsque l information est partagee et repartie. Cet article propose un cadre logique apportant une reponse aux problemes d expression, de stockage, d interrogation et de validation des politiques d autorisation complexes pour les systemes d information medicale. Nous illustrons notre approche sur une application des recommandations du Groupement pour la Modernisation du Systeme d Information Hospitalier et la plateforme d information medicale de la region Rhone-Alpes.

Modeling and inferring on role-based access control policies using data dependencies

Role-Based Access Control (RBAC) models are becoming a de facto standard, greatly simplifying management and administration tasks. Organizational constraints were introduced (e.g.: mutually exclusive roles, cardinality, prerequisite roles) to reflect peculiarities of organizations. Thus, the number of rules is increasing and policies are becoming more and more complex: understanding and analyzing large policies in which several security officers are involved can be a tough job. There is a serious need for administration tools allowing analysis and inference on access control policies. Such tools should help security officers to avoid defining conflicting constraints and inconsistent policies. This paper shows that theoretical tools from relational databases are suitable for expressing and inferring on RBAC policies and their related constraints. We focused on using Constrained Tuple-Generating Dependencies (CTGDs), a class of dependencies which includes traditional other ones. We show that their great expressive power is suitable for all practical relevant aspects of RBAC. Moreover, proof procedures have been developed for CTGDs: they permit to reason on policies. For example, to check their consistency, to verify a new rule is not already implied or to check satisfaction of security properties. A prototype of RBAC policies management tool has been implemented, using CTGDs dedicated proof procedures as the underlying inference engine.