Abstract
Be it in services or as part of software features, the adoption of machine learning techniques brings new challenges to access control systems. Considering an operation that uses as operands multiple datasets of fragmented ownership or terms, its result may reveal protected information, although each of the datasets was legitimately accessed. To counter this threat, we propose an obligation model based on Attribute-Based Access Control (ABAC), to allow data owners to express access control constraints on the operation and its operands, but also the formalization of requirements on operation results. Such requirements must be automatically verified by the underlying AC mechanism. We illustrate our approach with a case study.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abadi, M., et al.: Tensorflow: a system for large-scale machine learning. In: 12th \(\{\)USENIX\(\}\) Symposium on Operating Systems Design and Implementation (\(\{\)OSDI\(\}\) 16), pp. 265–283 (2016)
Arthur, D., Vassilvitskii, S.: k-means++: the advantages of careful seeding. In: Proceedings of the 18th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 1027–1035. New Orleans, LA, USA, January 2007
Bertolissi, C., den Hartog, J., Zannone, N.: Using provenance for secure data fusion in cooperative systems. In: Proceedings of the Symposium on Access Control Models and Technologies (SACMAT), pp. 185–194. Toronto, Canada, June 2019
Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Trans. Inf. Syst. Security (TISSEC) 5(1), 1–35 (2002)
Brownstein, J., Cassa, C., Kohane, I., Mandl, K.: An unsupervised classification method for inferring original case locations from low-resolution disease maps. Int. J. Health Geographics 5, 56 (2006)
Curtis, A., Curtis, J., Leitner, M.: Spatial confidentiality and GIS: re-engineering mortality locations from published maps about hurricane katrina. Int. J. Health Geographics 5, 44 (2006)
Di Cerbo, F., Lunardelli, A., Matteucci, I., Martinelli, F., Mori, P.: A declarative data protection approach: from human-readable policies to automatic enforcement. In: International Conference on Web Information Systems and Technologies (WEBIST), pp. 78–98. Seville, Spain, September 2018
Gambs, S., Gmati, A., Hurfin, M.: Reconstruction attack through classifier analysis. In: Proceedings of the 26th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), pp. 274–281. Paris, France, July 2012
den Hartog, J., Zannone, N.: A policy framework for data fusion and derived data control. In: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control (ABAC), pp. 47–57. New Orleans, LA, USA, March 2016
Hay, M., Miklau, G., Jensen, D., Towsley, D., Weis, P.: Resisting structural re-identification in anonymized social networks. Proc. VLDB Endowment 1(1), 102–114 (2008)
Hayes, J., Melis, L., Danezis, G., De Cristofaro, E.: Logan: membership inference attacks against generative models. Proc. Privacy Enhancing Technol. (PoPETs) 2019(1), 133–152 (2019)
Hu, C.T., et al.: Guide to attribute based access control (ABAC) definition and considerations [includes updates as of 02–25-2019]. Tech. rep, NIST (2019)
Jacobs, J.: The Marx-Geo Dataset. https://datadrivensecurity.info/blog/pages/dds-dataset-collection.html (2014)
Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Usage control in cloud systems. In: Proceedings of the 2012 International Conference for Internet Technology and Secured Transactions (ICITST), pp. 202–207. London, UK (2012)
Martinelli, F., Mori, P., Saracino, A., Di Cerbo, F.: Obligation management in usage control systems. In: Proceedings of the 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). pp. 356–364. Pavia, Italy (February 2019)
Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Security (TISSEC) 7(1), 128–174 (2004)
Pyrgelis, A., Troncoso, C., Cristofaro, E.D.: What does the crowd say about you? evaluating aggregation-based location privacy. In: Proceedings of the Privacy Enhancing Technologies Symposium (PETS), pp. 156–176. Minneapolis, MN, USA July 2017
Pyrgelis, A., Troncoso, C., Cristofaro, E.D.: Knock knock, who’s there? membership inference on aggregate location data. In: Proceedings of the Network and Distributed System Security Symposium (NDSS). San Diego, CA, USA, February 2018
Reiff-Marganiec, S., Tilly, M., Janicke, H.: Low-latency service data aggregation using policy obligations. In: 2014 IEEE International Conference on Web Services, pp. 526–533. IEEE (2014)
Rissanen, E., et al.: Extensible access control markup language (xacml) version 3.0. OASIS standard 22 (2013)
Rosa, M., Di Cerbo, F., Lozoya, R.C.: Declarative access control for aggregations of multiple ownership data. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 59–70. Barcelona, Spain, June 2020
Salem, A., Bhattacharya, A., Backes, M., Fritz, M., Zhang, Y.: Updates-leak: data set inference and reconstruction attacks in online learning. arXiv preprint arXiv:1904.01067 (2019)
Scalavino, E., Gowadia, V., Lupu, E.C.: A labelling system for derived data control. In: Proceedings of the 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec). pp. 65–80. Rome, Italy, April 2010
Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: Proceedings of the 2017 IEEE Symposium on Security and Privacy (S&P), pp. 3–18. San Jose, CA, USA, May 2017
Ulusoy, H., Colombo, P., Ferrari, E., Kantarcioglu, M., Pattuk, E.: Guardmr: fine-grained security policy enforcement for mapreduce systems. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 285–296 (2015)
Yan, Y., Ni, B., Song, Z., Ma, C., Yan, Y., Yang, X.: Person re-identification via recurrent feature aggregation. In: European Conference on Computer Vision (ECCV). pp. 701–716. Amsterdam, Netherlands, October 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Di Cerbo, F., Rosa, M., Cabrera Lozoya, R. (2020). On Results of Data Aggregation Operations. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2020. Lecture Notes in Computer Science(), vol 12515. Springer, Cham. https://doi.org/10.1007/978-3-030-64455-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-64455-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-64454-3
Online ISBN: 978-3-030-64455-0
eBook Packages: Computer ScienceComputer Science (R0)