Yonglak Sohn

Privacy-preserving incremental data dissemination

Although the k-anonymity and e-diversity models have led to a number of valuable privacy-protecting techniques and algorithms, the existing solutions are currently limited to static data release. That is, it is assumed that a complete dataset is available at the time of data release. This assumption implies a significant shortcoming, as in many applications data collection is rather a continual process. Moreover, the assumption entails “one-time” data dissemination; thus, it does not adequately address todays strong demand for immediate and up-to-date information. In this paper, we consider incremental data dissemination, where a dataset is continuously incremented with new data. The key issue here is that the same data may be anonymized and published multiple times, each of the time in a different form. Thus, static anonymization (i.e., anonymization which does not consider previously released data) may enable various types of inference. In this paper, we identify such inference issues and discuss some prevention methods.

Systematic control and management of data integrity

Integrity has long been considered a fundamental requirement for secure computerized systems, and especially todays demand for data integrity is stronger than ever as many organizations are in-creasing their reliance on data and information systems. A number of recently enacted data privacy regulations also require high in-tegrity for personal data. In this paper, we discuss various issues concerning systematic control and management of data integrity with a primary focus on access control. We first examine some previously proposed integrity models and define a set of integrity requirements. We then present an architecture for comprehensive integrity control systems, which has its basis on data validation and metadata management. We also provide an integrity control policy language that we believe is flexible and intuitive.

Secure one snapshot protocol for concurrency control in real-time stock trading systems

To prevent any data from being accessed by unauthorized users, it is necessary for stock trading systems (STS) to use multilevel secure database management systems in controlling concurrent executions among multiple transactions. In STS, analytical transactions as well as mission critical transactions are executed concurrently, which makes it difficult to use traditional secure real-time transaction management schemes for STS environment. In this paper, we propose the read-down relationship-based secure one snapshot protocol (SOS) that is devised for the secure real-time transaction management in STS. By maintaining an additional one snapshot as well as working database, SOS blocks covert-channels without causing the priority inversion phenomenon. We Introduce the process of SOS protocol with some examples, present the proofs of devised protocol, and then evaluate the performance gains by means of simulation method.

Verified Order-Based Transaction Scheduling Scheme for Multilevel Secure Database Management Systems

While the secure transaction schedulers in multilevel secure database systems synchronize transactions cleared at different security levels, they must consider the problem of covert channel. Through the covert channel, malicious users leak secret information in a way of intentional interference among the transactions that they invoked. Much work had been done for closing the covert channel. Although they succeeded in closing the covert channel, they unfortunately failed in preserving correctness, sufficient recentness of versions read, or fairness with respect to availability. In this paper, we present a new secure transaction scheduler, named Verified Order-based Transaction Scheduler (VO) that founds on multiversion database. VO overcomes the problems of previous work.

Tightly Secure Transaction Scheduler in Multi-Level Secure Database Management Systems

In multi-level secure database management system (MLS/DBMS), every transaction and data has associated with a unique security. Concurrent transactions on MLS/DBMS potentially have conflicts while accessing the shared data. The conflicts result in some of the conflicting transactions to be delayed. If the delayed transactions have been cleared at low security level, an information may flow downward with the violation of security policy. This kind of communication channel is called covert channel.

Transaction scheduling in multi-level secure database systems

Transactions are vital for multi-level secure database management systems(MLS/DBMSs) because concurrent execution of transactions potentially has conflicts among their accessing to shared data. When conflict occurs, only one transaction is granted to access the shared data, other transactions should be delayed until they can safely use the data. Those conflicts may lead to the security problems in MLS/DBMS. If conspirators produce those conflicts intentionally, they can establish the unexpected communication path called covert channel between high security level users and low security level users. This paper proposes a transaction scheduling scheme called Conflict-Insensible Scheduling (CIS) that hides conflicts from low security level transactions to prevent the covert channels.<<ETX>>

Concurrency control scheme in multi-level secure database management systems

The most critical problem associated with implementing in multi-level secure database management systems (MLS/DBMSs) is a correct concurrency control under the constraints of multilevel security. This paper provides two concurrency control schemes, one based on multiversion scheme and the other based on the two-phase locking scheme.