Shifting inference control to user side: Architecture and protocol
Inference has been a longstanding issue in database security, and inference control, aiming to curb inference, provides an extra line of defense to the confidentiality of databases by complementing access control. However, in traditional inference control architecture, database server is a crucial b...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2010
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4919 https://ink.library.smu.edu.sg/context/sis_research/article/5922/viewcontent/Shifting_Inference_Control_av.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5922 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-59222020-02-13T06:55:49Z Shifting inference control to user side: Architecture and protocol YANG, Yanjiang LI, Yingjiu DENG, Robert H. BAO, Feng Inference has been a longstanding issue in database security, and inference control, aiming to curb inference, provides an extra line of defense to the confidentiality of databases by complementing access control. However, in traditional inference control architecture, database server is a crucial bottleneck, as it enforces highly computation-intensive auditing for all users who query the protected database. As a result, most auditing methods, though rigorously studied, are not practical for protecting large-scale real-world database systems. In this paper, we shift this paradigm by proposing a new inference control architecture, entrusting inference control to each user's platform that is equipped with trusted computing technology. The trusted computing technology is designed to attest the state of a user's platform to the database server, so as to assure the server that inference control could be enforced as prescribed. A generic protocol is proposed to formalize the interactions between the user's platform and database server. The authentication property of the protocol is formally proven. Since inference control is enforced in a distributed manner, our solution avoids the bottleneck in the traditional architecture, thus can potentially support a large number of users making queries. 2010-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4919 info:doi/10.1109/TDSC.2008.70 https://ink.library.smu.edu.sg/context/sis_research/article/5922/viewcontent/Shifting_Inference_Control_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Inference control trusted computing database auditing security protocol Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Inference control trusted computing database auditing security protocol Information Security |
| spellingShingle |
Inference control trusted computing database auditing security protocol Information Security YANG, Yanjiang LI, Yingjiu DENG, Robert H. BAO, Feng Shifting inference control to user side: Architecture and protocol |
| description |
Inference has been a longstanding issue in database security, and inference control, aiming to curb inference, provides an extra line of defense to the confidentiality of databases by complementing access control. However, in traditional inference control architecture, database server is a crucial bottleneck, as it enforces highly computation-intensive auditing for all users who query the protected database. As a result, most auditing methods, though rigorously studied, are not practical for protecting large-scale real-world database systems. In this paper, we shift this paradigm by proposing a new inference control architecture, entrusting inference control to each user's platform that is equipped with trusted computing technology. The trusted computing technology is designed to attest the state of a user's platform to the database server, so as to assure the server that inference control could be enforced as prescribed. A generic protocol is proposed to formalize the interactions between the user's platform and database server. The authentication property of the protocol is formally proven. Since inference control is enforced in a distributed manner, our solution avoids the bottleneck in the traditional architecture, thus can potentially support a large number of users making queries. |
| format |
text |
| author |
YANG, Yanjiang LI, Yingjiu DENG, Robert H. BAO, Feng |
| author_facet |
YANG, Yanjiang LI, Yingjiu DENG, Robert H. BAO, Feng |
| author_sort |
YANG, Yanjiang |
| title |
Shifting inference control to user side: Architecture and protocol |
| title_short |
Shifting inference control to user side: Architecture and protocol |
| title_full |
Shifting inference control to user side: Architecture and protocol |
| title_fullStr |
Shifting inference control to user side: Architecture and protocol |
| title_full_unstemmed |
Shifting inference control to user side: Architecture and protocol |
| title_sort |
shifting inference control to user side: architecture and protocol |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2010 |
| url |
https://ink.library.smu.edu.sg/sis_research/4919 https://ink.library.smu.edu.sg/context/sis_research/article/5922/viewcontent/Shifting_Inference_Control_av.pdf |
| _version_ |
1770575095470751744 |