Security issues in heterogeneous data federations

Abstract

Data federations allow the contents of multiple source databases to be accessed in a consistent manner. Since each source database is typically administered independently, heterogeneity often results, both in terms of how data is represented (i.e., the database schema), and in how controlled access to data is regulated. Typically, each data source exports data in relational format where it is combined into a semi-structured representation (e.g., XML). In this thesis, we address two aspects of securing heterogeneous data federations. The first deals with the accurate translation of access control policies specified over source databases into a single, unified access control policy applicable to the wider data federation. Such a translation involves mapping each local identity to one or federated identities, and ensuring that the semantics of each original source policy are preserved (i.e., that no federated identity receives access to a larger region of federated data than intended by any source policy). We outline an efficient algorithm for automating policy translation. We also underscore the importance of automated translation methods by showing that in many realistic scenarios, verifying that a federated policy satisfies all source policies is intractable. Finally, we contribute an algorithm for minimizing the size of a translated policy. The second problem we address is the prevention of information disclosures at the federated level. A disclosure risk is present when a user is able to combine the result of one or more allowable queries (i.e., queries which are permitted under the federated access control policy) with prior background knowledge in order to obtain a sufficiently high certainty of the answer to a disallowed query. We classify potential disclosure risks based on whether they can be detected at database design-time, or only when the contents of the database are known. We also describe a new measure for evaluating the magnitude of instance-based disclosure risks at query-time. Finally, we discuss the implementation of a prototype system, and conduct experiments that demonstrate the effectiveness and scalability of the proposed solution.