Catálogo de publicaciones - libros

Controlled Query Evaluation (CQE) is an approach to enforcing confidentiality in information systems at runtime. At each query, a censor checks whether the answer to that query would enable the user to infer any information he is not allowed to know according to some specified confidentiality policy. If this is the case, the answer is distorted, either by refusing to answer or by returning a modified answer. In this paper, we consider incomplete logic databases and investigate the semantic ways of protecting a piece of information. We give a formal definition of such confidentiality policies, and show how to enforce them by reusing the existing methods for CQE.

In this paper, we take a closer look at the security of outsourced databases (aka Database-as-the-Service or DAS), a topic of emerging importance. DAS allows users to store sensitive data on a remote, untrusted server and retrieve desired parts of it on request. At first we focus on basic, exact-match query functionality, and then extend our treatment to prefix-matching and, to a more limited extent, range queries as well. We propose several searchable encryption schemes that are not only practical enough for use in DAS in terms of query-processing efficiency but also provably-provide privacy and authenticity of data under new definitions of security that we introduce. The schemes are easy to implement and are based on standard cryptographic primitives such as block ciphers, symmetric encryption schemes, and message authentication codes. As we are some of the first to apply the provable-security framework of modern cryptography to this context, we believe our work will help to properly analyze future schemes and facilitate further research on the subject in general.

We present a general method, based on the usage of typical DBMS primitives, for maintaining authenticated relational tables. The authentication process is managed by an application external to the DBMS, that stores just one hash information of the authentication structure. The method exploits techniques to represent hierarchical data structures into relational tables and queries that allow an efficient selection of the elements needed for authentication.

The widespread adoption of mobile communication devices combined with technical improvements of location technologies are fostering the development of a new wave of applications that manage physical positions of individuals to offer location-based services for business, social or informational purposes. As an effect of such innovative services, however, privacy concerns are increasing, calling for more sophisticated solutions for providing users with different and manageable levels of privacy. In this work, we propose a way to express users privacy preferences on location information in a straightforward and intuitive way. Then, based on such location privacy preferences, we discuss a new solution, based on obfuscation techniques, which permits us to achieve, and quantitatively estimate through a metric, different degrees of location privacy.

Location based services, one of the promising markets of mobile commerce, aims at delivering point of need personalized information. Often, these services to be delivered are based on the prior knowledge of the profiles of mobile customers and security and privacy policies dictated by them. These policies may specify revealing the sensitive information of mobile customers (e.g., age, salary) selectively to specific merchants in return of receiving certain benefits (e.g., coupons, special discounts, etc.). As a result, the security policies in such an environment are characterized by spatial and temporal attributes of the mobile customers (location and time), as well as their profile attributes. The focus of this paper is to efficiently enforce such policies. In this regard, we propose a unified structure that is capable of indexing mobile customer (mobile object) locations and their profiles, and the authorizations stating their security and privacy policies.

The event-condition-action (ECA) paradigm holds enormous potential in pervasive computing environments. However, the problem of reliable delivery of event data, generated by low capability sensor devices, to more capable processing points and vice versa, needs to be addressed for the success of the ECA paradigm in this environment. The problem becomes interesting because strong cryptographic techniques for achieving integrity impose unacceptable overhead in many pervasive computing environments. We address this problem by sending the data over the path from the sensor node to the processing point that provides the best opportunity of reliable delivery among competing paths. This allows using much weaker cryptographic techniques for achieving security. The problem is modeled as a problem of determining the most reliable path – similar to routing problems in networks. We propose a trust-based metric for measuring reliability of paths. The higher the trust value of a path the more reliable it is considered. We propose techniques for estimating the trust levels of paths and propose a new algorithm for identifying the desired path.

The problem of is to define among schema or ontology elements. Such mappings are typically defined between two schemas or two ontologies at a time. Ideally, using the defined mappings, one would be able to issue a single query that will be rewritten automatically to all the databases, instead of manually writing a query to each database. In a centrally mediated architecture a query is written in terms of a global schema or ontology that integrates all the database schemas or ontologies, while in a peer-to-peer architecture a query is written in terms of the schema or of the ontology of any of the peer databases.

The Broadcast Encryption methods, often referred to as revocation schemes, allow data to be efficiently broadcast to a dynamically changing group of users. A special case is when the receivers are stateless [2,1]. Naor et al. [2] propose the Complete Subset Method (CSM) and the Subset Difference Method (SDM). Asano [1] puts forth two other methods, AM1 and AM2, which use public prime parameters to generate the decryption keys. The efficiency of broadcast encryption methods is measured by three parameters: (i) message size - the number of transmitted ciphertexts; (ii) storage at receiver - the number of private keys each receiver is required to store; and (iii) key derivation time - the computational overhead needed to access the decryption keys.

Today’s computer systems face sophisticated intrusions during which multiple vulnerabilities can be combined for reaching an attack goal. The overall security of a network system cannot simply be determined based on the number of vulnerabilities. To quantitatively assess the security of networked systems, one must first understand which and how vulnerabilities can be combined for an attack. Such an understanding becomes possible with recent advances in modeling the composition of vulnerabilities as . Based on our experiences with attack graph analysis, we explore different concepts and issues on a metric to quantify potential attacks. To accomplish this, we present an metric for assessing and comparing the security of different network configurations. This paper describes the metric at an abstract level as two composition operators with features for expressing additional constraints. We consider two concrete cases. The first case assumes the domain of attack resistance to be real number and the second case represents resistances as a set of initial security conditions. We show that the proposed metric satisfies desired properties and that it adheres to common sense. At the same time, it generalizes a previously proposed metric that is also based on attack graphs. It is our belief that the proposed metric will lead to novel quantitative approaches to vulnerability analysis, network hardening, and attack responses.

The growing number of distributed information systems such as the internet has created a need for security in data sharing. When several autonomous parties attempt to share data, there is not necessarily any guarantee that the participants will share data truthfully. In fact, there is often a large incentive to engage in behavior that can sabotage the effectiveness of such a system. We analyze these situations in light of game theory, a mathematical model which permits us to consider behavior and choices for any autonomous party. This paper uses this theory to create a behavior enforcement method that does not need a central management system. We use a simple punishment method that is inherently available in most scenarios. Our approach is applicable to a variety of assured information sharing applications where the members of a coalition have to work together to solve a problem.