A formal study of collaborative access control in distributed datalog

Serge Abiteboul; Pierre Bourhis; Victor Vianu

doi:10.4230/LIPIcs.ICDT.2016.10

A formal study of collaborative access control in distributed datalog

Serge Abiteboul
, Pierre Bourhis
, Victor Vianu

École Polytechnique

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We formalize and study a declaratively specified collaborative access control mechanism for data dissemination in a distributed environment. Data dissemination is specified using distributed datalog. Access control is also defined by datalog-style rules, at the relation level for extensional relations, and at the tuple level for intensional ones, based on the derivation of tuples. The model also includes a mechanism for "declassifying" data, that allows circumventing overly restrictive access control. We consider the complexity of determining whether a peer is allowed to access a given fact, and address the problem of achieving the goal of disseminating certain information under some access control policy. We also investigate the problem of information leakage, which occurs when a peer is able to infer facts to which the peer is not allowed access by the policy. Finally, we consider access control extended to facts equipped with provenance information, motivated by the many applications where such information is required. We provide semantics for access control with provenance, and establish the complexity of determining whether a peer may access a given fact together with its provenance. This work is motivated by the access control of the Webdamlog system, whose core features it formalizes.

Original language	English
Title of host publication	19th International Conference on Database Theory, ICDT 2016
Editors	Thomas Zeume, Wim Martens
Publisher	Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
ISBN (Electronic)	9783959770026
DOIs	https://doi.org/10.4230/LIPIcs.ICDT.2016.10
Publication status	Published - 1 Mar 2016
Event	19th International Conference on Database Theory, ICDT 2016 - Bordeaux, France Duration: 15 Mar 2016 → 18 Mar 2016

Publication series

Name	Leibniz International Proceedings in Informatics, LIPIcs
Volume	48
ISSN (Print)	1868-8969

Conference

Conference	19th International Conference on Database Theory, ICDT 2016
Country/Territory	France
City	Bordeaux
Period	15/03/16 → 18/03/16

Keywords

Access Control
Distributed Datalog
Provenance

Access to Document

10.4230/LIPIcs.ICDT.2016.10

Cite this

Abiteboul, S., Bourhis, P., & Vianu, V. (2016). A formal study of collaborative access control in distributed datalog. In T. Zeume, & W. Martens (Eds.), 19th International Conference on Database Theory, ICDT 2016 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 48). Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/LIPIcs.ICDT.2016.10

@inproceedings{ef43f9d4a1ef4ba4a5a28b434af19495,

title = "A formal study of collaborative access control in distributed datalog",

abstract = "We formalize and study a declaratively specified collaborative access control mechanism for data dissemination in a distributed environment. Data dissemination is specified using distributed datalog. Access control is also defined by datalog-style rules, at the relation level for extensional relations, and at the tuple level for intensional ones, based on the derivation of tuples. The model also includes a mechanism for {"}declassifying{"} data, that allows circumventing overly restrictive access control. We consider the complexity of determining whether a peer is allowed to access a given fact, and address the problem of achieving the goal of disseminating certain information under some access control policy. We also investigate the problem of information leakage, which occurs when a peer is able to infer facts to which the peer is not allowed access by the policy. Finally, we consider access control extended to facts equipped with provenance information, motivated by the many applications where such information is required. We provide semantics for access control with provenance, and establish the complexity of determining whether a peer may access a given fact together with its provenance. This work is motivated by the access control of the Webdamlog system, whose core features it formalizes.",

keywords = "Access Control, Distributed Datalog, Provenance",

author = "Serge Abiteboul and Pierre Bourhis and Victor Vianu",

note = "Publisher Copyright: {\textcopyright} 2016 Serge Abiteboul, Pierre Bourhis, and Victor Vianu.; 19th International Conference on Database Theory, ICDT 2016 ; Conference date: 15-03-2016 Through 18-03-2016",

year = "2016",

month = mar,

day = "1",

doi = "10.4230/LIPIcs.ICDT.2016.10",

language = "English",

series = "Leibniz International Proceedings in Informatics, LIPIcs",

publisher = "Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing",

editor = "Thomas Zeume and Wim Martens",

booktitle = "19th International Conference on Database Theory, ICDT 2016",

}

Abiteboul, S, Bourhis, P & Vianu, V 2016, A formal study of collaborative access control in distributed datalog. in T Zeume & W Martens (eds), 19th International Conference on Database Theory, ICDT 2016. Leibniz International Proceedings in Informatics, LIPIcs, vol. 48, Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 19th International Conference on Database Theory, ICDT 2016, Bordeaux, France, 15/03/16. https://doi.org/10.4230/LIPIcs.ICDT.2016.10

A formal study of collaborative access control in distributed datalog. / Abiteboul, Serge; Bourhis, Pierre; Vianu, Victor.
19th International Conference on Database Theory, ICDT 2016. ed. / Thomas Zeume; Wim Martens. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 2016. (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 48).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A formal study of collaborative access control in distributed datalog

AU - Abiteboul, Serge

AU - Bourhis, Pierre

AU - Vianu, Victor

PY - 2016/3/1

Y1 - 2016/3/1

N2 - We formalize and study a declaratively specified collaborative access control mechanism for data dissemination in a distributed environment. Data dissemination is specified using distributed datalog. Access control is also defined by datalog-style rules, at the relation level for extensional relations, and at the tuple level for intensional ones, based on the derivation of tuples. The model also includes a mechanism for "declassifying" data, that allows circumventing overly restrictive access control. We consider the complexity of determining whether a peer is allowed to access a given fact, and address the problem of achieving the goal of disseminating certain information under some access control policy. We also investigate the problem of information leakage, which occurs when a peer is able to infer facts to which the peer is not allowed access by the policy. Finally, we consider access control extended to facts equipped with provenance information, motivated by the many applications where such information is required. We provide semantics for access control with provenance, and establish the complexity of determining whether a peer may access a given fact together with its provenance. This work is motivated by the access control of the Webdamlog system, whose core features it formalizes.

AB - We formalize and study a declaratively specified collaborative access control mechanism for data dissemination in a distributed environment. Data dissemination is specified using distributed datalog. Access control is also defined by datalog-style rules, at the relation level for extensional relations, and at the tuple level for intensional ones, based on the derivation of tuples. The model also includes a mechanism for "declassifying" data, that allows circumventing overly restrictive access control. We consider the complexity of determining whether a peer is allowed to access a given fact, and address the problem of achieving the goal of disseminating certain information under some access control policy. We also investigate the problem of information leakage, which occurs when a peer is able to infer facts to which the peer is not allowed access by the policy. Finally, we consider access control extended to facts equipped with provenance information, motivated by the many applications where such information is required. We provide semantics for access control with provenance, and establish the complexity of determining whether a peer may access a given fact together with its provenance. This work is motivated by the access control of the Webdamlog system, whose core features it formalizes.

KW - Access Control

KW - Distributed Datalog

KW - Provenance

U2 - 10.4230/LIPIcs.ICDT.2016.10

DO - 10.4230/LIPIcs.ICDT.2016.10

M3 - Conference contribution

AN - SCOPUS:84962682509

T3 - Leibniz International Proceedings in Informatics, LIPIcs

BT - 19th International Conference on Database Theory, ICDT 2016

A2 - Zeume, Thomas

A2 - Martens, Wim

PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing

T2 - 19th International Conference on Database Theory, ICDT 2016

Y2 - 15 March 2016 through 18 March 2016

ER -

Abiteboul S, Bourhis P, Vianu V. A formal study of collaborative access control in distributed datalog. In Zeume T, Martens W, editors, 19th International Conference on Database Theory, ICDT 2016. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. 2016. (Leibniz International Proceedings in Informatics, LIPIcs). doi: 10.4230/LIPIcs.ICDT.2016.10

A formal study of collaborative access control in distributed datalog

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this