Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Emerging Technologies for Authorization and Authentication

ETAA 2020: Emerging Technologies for Authorization and Authentication pp 141–153Cite as

On Results of Data Aggregation Operations

  • Conference paper
  • First Online:

  • 307 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12515))

Abstract

Be it in services or as part of software features, the adoption of machine learning techniques brings new challenges to access control systems. Considering an operation that uses as operands multiple datasets of fragmented ownership or terms, its result may reveal protected information, although each of the datasets was legitimately accessed. To counter this threat, we propose an obligation model based on Attribute-Based Access Control (ABAC), to allow data owners to express access control constraints on the operation and its operands, but also the formalization of requirements on operation results. Such requirements must be automatically verified by the underlying AC mechanism. We illustrate our approach with a case study.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    For this reason, approaches like [7, 14] can be applied, both with obligations or continuous or ongoing conditions. However this latter aspect is deemed out of scope of the current work.

References

  1. Abadi, M., et al.: Tensorflow: a system for large-scale machine learning. In: 12th \(\{\)USENIX\(\}\) Symposium on Operating Systems Design and Implementation (\(\{\)OSDI\(\}\) 16), pp. 265–283 (2016)

    Google Scholar 

  2. Arthur, D., Vassilvitskii, S.: k-means++: the advantages of careful seeding. In: Proceedings of the 18th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 1027–1035. New Orleans, LA, USA, January 2007

    Google Scholar 

  3. Bertolissi, C., den Hartog, J., Zannone, N.: Using provenance for secure data fusion in cooperative systems. In: Proceedings of the Symposium on Access Control Models and Technologies (SACMAT), pp. 185–194. Toronto, Canada, June 2019

    Google Scholar 

  4. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Trans. Inf. Syst. Security (TISSEC) 5(1), 1–35 (2002)

    Google Scholar 

  5. Brownstein, J., Cassa, C., Kohane, I., Mandl, K.: An unsupervised classification method for inferring original case locations from low-resolution disease maps. Int. J. Health Geographics 5, 56 (2006)

    Google Scholar 

  6. Curtis, A., Curtis, J., Leitner, M.: Spatial confidentiality and GIS: re-engineering mortality locations from published maps about hurricane katrina. Int. J. Health Geographics 5, 44 (2006)

    Google Scholar 

  7. Di Cerbo, F., Lunardelli, A., Matteucci, I., Martinelli, F., Mori, P.: A declarative data protection approach: from human-readable policies to automatic enforcement. In: International Conference on Web Information Systems and Technologies (WEBIST), pp. 78–98. Seville, Spain, September 2018

    Google Scholar 

  8. Gambs, S., Gmati, A., Hurfin, M.: Reconstruction attack through classifier analysis. In: Proceedings of the 26th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), pp. 274–281. Paris, France, July 2012

    Google Scholar 

  9. den Hartog, J., Zannone, N.: A policy framework for data fusion and derived data control. In: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control (ABAC), pp. 47–57. New Orleans, LA, USA, March 2016

    Google Scholar 

  10. Hay, M., Miklau, G., Jensen, D., Towsley, D., Weis, P.: Resisting structural re-identification in anonymized social networks. Proc. VLDB Endowment 1(1), 102–114 (2008)

    Article  Google Scholar 

  11. Hayes, J., Melis, L., Danezis, G., De Cristofaro, E.: Logan: membership inference attacks against generative models. Proc. Privacy Enhancing Technol. (PoPETs) 2019(1), 133–152 (2019)

    Article  Google Scholar 

  12. Hu, C.T., et al.: Guide to attribute based access control (ABAC) definition and considerations [includes updates as of 02–25-2019]. Tech. rep, NIST (2019)

    Google Scholar 

  13. Jacobs, J.: The Marx-Geo Dataset. https://datadrivensecurity.info/blog/pages/dds-dataset-collection.html (2014)

  14. Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Usage control in cloud systems. In: Proceedings of the 2012 International Conference for Internet Technology and Secured Transactions (ICITST), pp. 202–207. London, UK (2012)

    Google Scholar 

  15. Martinelli, F., Mori, P., Saracino, A., Di Cerbo, F.: Obligation management in usage control systems. In: Proceedings of the 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). pp. 356–364. Pavia, Italy (February 2019)

    Google Scholar 

  16. Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Security (TISSEC) 7(1), 128–174 (2004)

    Article  Google Scholar 

  17. Pyrgelis, A., Troncoso, C., Cristofaro, E.D.: What does the crowd say about you? evaluating aggregation-based location privacy. In: Proceedings of the Privacy Enhancing Technologies Symposium (PETS), pp. 156–176. Minneapolis, MN, USA July 2017

    Google Scholar 

  18. Pyrgelis, A., Troncoso, C., Cristofaro, E.D.: Knock knock, who’s there? membership inference on aggregate location data. In: Proceedings of the Network and Distributed System Security Symposium (NDSS). San Diego, CA, USA, February 2018

    Google Scholar 

  19. Reiff-Marganiec, S., Tilly, M., Janicke, H.: Low-latency service data aggregation using policy obligations. In: 2014 IEEE International Conference on Web Services, pp. 526–533. IEEE (2014)

    Google Scholar 

  20. Rissanen, E., et al.: Extensible access control markup language (xacml) version 3.0. OASIS standard 22 (2013)

    Google Scholar 

  21. Rosa, M., Di Cerbo, F., Lozoya, R.C.: Declarative access control for aggregations of multiple ownership data. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 59–70. Barcelona, Spain, June 2020

    Google Scholar 

  22. Salem, A., Bhattacharya, A., Backes, M., Fritz, M., Zhang, Y.: Updates-leak: data set inference and reconstruction attacks in online learning. arXiv preprint arXiv:1904.01067 (2019)

  23. Scalavino, E., Gowadia, V., Lupu, E.C.: A labelling system for derived data control. In: Proceedings of the 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec). pp. 65–80. Rome, Italy, April 2010

    Google Scholar 

  24. Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: Proceedings of the 2017 IEEE Symposium on Security and Privacy (S&P), pp. 3–18. San Jose, CA, USA, May 2017

    Google Scholar 

  25. Ulusoy, H., Colombo, P., Ferrari, E., Kantarcioglu, M., Pattuk, E.: Guardmr: fine-grained security policy enforcement for mapreduce systems. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 285–296 (2015)

    Google Scholar 

  26. Yan, Y., Ni, B., Song, Z., Ma, C., Yan, Y., Yang, X.: Person re-identification via recurrent feature aggregation. In: European Conference on Computer Vision (ECCV). pp. 701–716. Amsterdam, Netherlands, October 2016

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Security Research, Mougins, 06250, France

    Francesco Di Cerbo, Marco Rosa & Rocío Cabrera Lozoya

Authors
  1. Francesco Di Cerbo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco Rosa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rocío Cabrera Lozoya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Di Cerbo .

Editor information

Editors and Affiliations

  1. Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Pisa, Italy

    Andrea Saracino

  2. Institute of Informatics and Telematics, Pisa, Italy

    Paolo Mori

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Di Cerbo, F., Rosa, M., Cabrera Lozoya, R. (2020). On Results of Data Aggregation Operations. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2020. Lecture Notes in Computer Science(), vol 12515. Springer, Cham. https://doi.org/10.1007/978-3-030-64455-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64455-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64454-3

  • Online ISBN: 978-3-030-64455-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation