Treating data privacy in distributed systems

This papers describes and is primarily concerned with the security data definition and management in a distributed data base of aggregated type, although the approach described may be applied to any distributed system architecture. A multi-level logical security architecture is presented reflecting the logical architecture of the distributed system. In particular, three security logical schemata are proposed: the network security schema, the external security schemata, and the intermediate security schemata. For each schema data models are introduced, allowing the definition and the management of security information. Mapping rules between the logical levels are discussed. Finally security mechanisms are analyzed.     

Purpose based access control for privacy protection in relational database systems

In this article, we present a comprehensive approach for privacy preserving access control based on the notion of purpose. In our model, purpose information associated with a given data element specifies the intended use of the data element. A key feature of our model is that it allows multiple purposes to be associated with each data element and also supports explicit prohibitions, thus allowing privacy officers to specify that some data should not be used for certain purposes. An important issue addressed in this article is the granularity of data labeling, i.e., the units of data with which purposes can be associated. We address this issue in the context of relational databases and propose four different labeling schemes, each providing a different granularity. We also propose an approach to represent purpose information, which results in low storage overhead, and we exploit query modification techniques to support access control based on purpose information. Another contribution of our work is that we address the problem of how to determine the purpose for which certain data are accessed by a given user. Our proposed solution relies on role-based access control (RBAC) models as well as the notion of conditional role which is based on the notions of role attribute and system attribute.     

Security checking in relational database management systems augmented with inference engines

In this paper we will discuss the notion of multilevel security and the difficulties encountered in designing an implementation scheme for a security policy for a multilevel secure database management system (MLS/DBMS). We will then describe how these difficulties may be overcome in augmenting a database with an inference engine so that it functions like a knowledge based system.     

A privacy preserving technique for distance-based classification with worst case privacy guarantees

There has been relatively little work on privacy preserving techniques for distance based mining. The most widely used ones are additive perturbation methods and orthogonal transform based methods. These methods concentrate on privacy protection in the average case and provide no worst case privacy guarantee. However, the lack of privacy guarantee makes it difficult to use these techniques in practice, and causes possible privacy breach under certain attacking methods. This paper proposes a novel privacy protection method for distance based mining algorithms that gives worst case privacy guarantees and protects the data against correlation-based and transform-based attacks. This method has the following three novel aspects. First, this method uses a framework to provide theoretical bound of privacy breach in the worst case. This framework provides easy to check conditions that one can determine whether a method provides worst case guarantee. A quick examination shows that special types of noise such as Laplace noise provide worst case guarantee, while most existing methods such as adding normal or uniform noise, as well as random projection method do not provide worst case guarantee. Second, the proposed method combines the favorable features of additive perturbation and orthogonal transform methods. It uses principal component analysis to decorrelate the data and thus guards against attacks based on data correlations. It then adds Laplace noise to guard against attacks that can recover the PCA transform. Third, the proposed method improves accuracy of one of the popular distance-based classification algorithms: K-nearest neighbor classification, by taking into account the degree of distance distortion introduced by sanitization. Extensive experiments demonstrate the effectiveness of the proposed method.     

Singular value decomposition based data distortion strategy for privacy protection

Privacy-preserving is a major concern in the application of data mining techniques to datasets containing personal, sensitive, or confidential information. Data distortion is a critical component to preserve privacy in security-related data mining applications, such as in data mining-based terrorist analysis systems. We propose a sparsified Singular Value Decomposition (SVD) method for data distortion. We also put forth a few metrics to measure the difference between the distorted dataset and the original dataset and the degree of the privacy protection. Our experimental results using synthetic and real world datasets show that the sparsified SVD method works well in preserving privacy as well as maintaining utility of the datasets. Shuting Xu received her PhD in Computer Science from the University of Kentucky in 2005. Dr. Xu is presently an Assistant Professor in the Department of Computer Information Systems at the Virginia State University. Her research interests include data mining and information retrieval, database systems, parallel, and distributed computing. Jun Zhang received a PhD from The George Washington University in 1997. He is an Associate Professor of Computer Science and Director of the Laboratory for High Performance Scientific Computing & Computer Simulation and Laboratory for Computational Medical Imaging & Data Analysis at the University of Kentucky. His research interests include computational neuroinformatics, data miningand information retrieval, large scale parallel and scientific computing, numerical simulation, iterative and preconditioning techniques for large scale matrix computation. Dr. Zhang is associate editor and on the editorial boards of four international journals in computer simulation andcomputational mathematics, and is on the program committees of a few international conferences. His research work has been funded by the U.S. National Science Foundation and the Department of Energy. He is recipient of the U.S. National Science Foundation CAREER Award and several other awards. Dianwei Han received an M.E. degree from Beijing Institute of Technology, Beijing, China, in 1995. From 1995to 1998, he worked in a Hitachi company(BHH) in Beijing, China. He received an MS degree from Lamar University, USA, in 2003. He is currently a PhD student in the Department of Computer Science, University of Kentucky, USA. His research interests include data mining and information retrieval, computational medical imaging analysis, and artificial intelligence. Jie Wang received the masters degree in Industrial Automation from Beijing University of Chemical Technology in 1996. She is currently a PhD student and a member of the Laboratory for High Performance Computing and Computer Simulation in the Department of Computer Science at the University of Kentucky, USA. Her research interests include data mining and knowledge discovery, information filtering and retrieval, inter-organizational collaboration mechanism, and intelligent e-Technology.     

安全政策格及一个格的修正

对安全政策灵活性的支持是现代安全操作系统追求的重要目标,安全政策格为安全政策灵活性的研究提供了一个很好的手段。本文通过分析DTOS项目的研究成果讨论安全政策格的基本思想,介绍DTOS项目中设计的一个安全政策格,并针对该安全政策格中存在的问题给出一个修正结果。     

Preface: Security and privacy in big data clouds

This special issue assembles a set of twelve papers, which provide new insights on the security and privacy technology of big data in cloud computing environments. This preface provides overview of all articles in the viewpoint set.     

Security standards for object data management systems

This position paper examines the incorporation of information security into the Object Data Management (ODM) system standardization process. An overview is provided of concepts important to information security; this is followed by a discussion of ODM features having important implications for the support of these security concepts. We conclude by discussing security features and assurance concepts appropriate for inclusion in the ODM standardization process. These features address the areas of access controls, security constraints, user roles, and object boundaries.     

Two methods for privacy preserving data mining with malicious participants

Privacy preserving data mining addresses the need of multiple parties with private inputs to run a data mining algorithm and learn the results over the combined data without revealing any unnecessary information. Most of the existing cryptographic solutions to privacy-preserving data mining assume semi-honest participants. In theory, these solutions can be extended to the malicious model using standard techniques like commitment schemes and zero-knowledge proofs. However, these techniques are often expensive, especially when the data sizes are large. In this paper, we investigate alternative ways to convert solutions in the semi-honest model to the malicious model. We take two classical solutions as examples, one of which can be extended to the malicious model with only slight modifications while another requires a careful redesign of the protocol. In both cases, our solutions for the malicious model are much more efficient than the zero-knowledge proofs based solutions.     

操作系统安全增强模型的通用化

研究了实现操作系统安全增强模型通用化的途径。把安全增强模型中与操作系统体系结构相关的部件隐藏在系统特征封装层，从而降低了模型的系统依赖性，使之适用于不同类型的操作系统；引入安全策略抽象层，使安全增强模型独立于任何特定的安全策略，使之对不同安全策略通用；在模型中增加应用支持层，实现在安全增强的操作系统环境下灵活支持已有应用程序。     

网格安全体系结构及GSI安全策略研究

描述了网格系统的理想体系结构,分析网格安全需求和安全目标,并提出了一个5层安全体系结构。最后,通过分析GSI安全策略,对主要的GSI安全问题进行讨论并提出了设计算法。     

计算机网络的一实体安全体系结构

提出了计算机网络的一种实体安全体系结构（ESA）。文中描述了计算机网络的组成实体,并讨论了各实体的安全功能分配。基于ESA,提出了基于政策的安全管理（PBSM）的概念,其中包括三层安全政策的定义：组织抽象安全政策、全局自动完全政策、局部可执行安全政策,并提出了PBSM的三个管理环节：制定、实施与验证,把网络作为一个整体来管理,实现安全管理的系统化和自动化。应用实体安全体系结构,分析了现有网络安全服务的不足和安全管理中存在的问题,指出了实现ESA的进一步研究工作。     

多安全策略集成性问题的分析与解决

解决多安全策略的集成性问题是安全操作系统支持多策略和动态策略的基础。本论文采用形式化的方法为安全系统建立了全局安全状态的迁移模型,以TE和RBAC策略为例分析了不同策略作用下安全关联行为对安全状态的影响,并根据T&R集成模型提出了解决多策略集成性和一致性问题的思想,为安全操作系统的实现奠定了基础。     

可执行程序中的源对应代码区的自动识别技术

分析了ＤＯＳ下的可执行程序的结构特点，研究了通过自动识别程序的引导执行模块以判断与源对应的代码区的方法和技术，定义了一种模式语言以描述各类引导执行模块的模板。     

Joint fingerprinting and encryption in hybrid domains for multimedia sharing in social networks

The advent of social networks and cloud computing has made social multimedia sharing in social networks become easier and more efficient. The lowered cost of redistribution, however, also invites much motivation for large-scale copyright infringement, so it is necessary to safeguard multimedia sharing for security and privacy. In this paper, we proposed a novel framework for joint fingerprinting and encryption (JFE) based on Cellular Automata (CA) and social network analysis (SNA) with the purpose of protecting media distribution in social networks. The motivation is to map the hierarchical community structure of social networks into the tree structure of Discrete Wavelet Transform (DWT) for fingerprinting and encryption. First, the fingerprint code is produced by using SNA. Then the obtained fingerprints are embedded into the DWT domain. Afterwards, CA is used for permutation in the DWT domain. Finally, the image is diffused with XOR operation in the spatial domain. The proposed method, to the best of our knowledge, is the first JFE method using CA and SNA in hybrid domains for security and privacy in social networks. The use of fingerprinting along with encryption can provide a double-layer protection for media sharing in social networks. Both theoretical analysis and experimental results validate the effectiveness of the proposed scheme.     

Policy driven management for distributed systems

Separating management policy from the automated managers which interpret the policy facilitates the dynamic change of behavior of a distributed management system. This permits it to adapt to evolutionary changes in the system being managed and to new application requirements. Changing the behavior of automated managers can be achieved by changing the policy without having to reimplement them—this permits the reuse of the managers in different environments. It is also useful to have a clear specification of the policy applying to human managers in an enterprise. This paper describes the work on policy which has come out of two related ESPRIT funded projects, SysMan and IDSM. Two classes of policy are elaborated—authorization policies define what a manager is permitted to do and obligation policies define what a manager must do. Policies are specified as objects which define a relationship between subjects (managers) and targets (managed objects). Domains are used to group the objects to which a policy applies. Policy objects also have attributes specifying the action to be performed and constraints limiting the applicability of the policy. We show how a number of example policies can be modeled using these objects and briefly mention issues relating to policy hierarchy and conflicts between overlapping policies.     

多播安全体系结构的研究与实现

IP多播安全是一些重要多播应用得以推广的基础。该文描述了一个多播安全体系结构及其策略框架、实现模型和分层协议组。在该文研究的基础上,为一类重要应用实现了安全基础结构。     

CORBA中的安全服务模型研究

在分布式计算环境中，CORBA为解决异构环境的应用提供了良好的基础，但其安全性一直是人们关注的重点，该文从CORBA规范对安全服务的考虑，分析了COSS规范中的几种安全服务模型，提出了安全模型的实现层次和结构框架，介绍了CORBA与JAVA的结合，通过JAVA本身的安全机制进一步加强系统的安全服务。     

Security and privacy issues in the Portable Document Format

The Portable Document Format (PDF) was developed by Adobe in the early nineties and today it is the de-facto standard for electronic document exchange. It allows reliable reproductions of published materials on any platform and it is used by many governmental and educational institutions, as well as companies and individuals. PDF documents are also credited with being more secure than other document formats such as Microsoft Compound Document File Format or Rich Text Format.This paper investigates the Portable Document Format and shows that it is not immune from some privacy related issues that affect other popular document formats. From a PDF document, it is possible to retrieve any text or object previously deleted or modified, extract user information and perform some actions that may be used to violate user privacy. There are several applications of such an issue. One of them is relevant to the scientific community and it pertains to the ability to overcome the blind review process of a paper, revealing information related to the anonymous referee (e.g., the IP address of the referee).     

基于移动Agent的分布式数据库的协同安全模型

随着各种分布式计算的广泛应用,移动Agent技术引起了人们越来越多的关注.在移动Agent的应用环境中,数据传输、服务器资源.移动Agent运行环境和移动Agent自身安全等方面的安全性问题日益突出.同时移动Agent应用系统中各个数据处理Agent之间的自主进行协商和协调也是一个有待解决的问题.针对这些问题,提出了一种基于移动Agent的分布式数据库的协同安全模型,来初步解决移动Agent的分布式数据库安全性和Agent之间协调工作的问题.