Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Efficient Maintenance of Access Roles with Role Hiding Chaoyi Pang Xiuzhen Zhang

Published byRudolph Green Modified over 8 years ago

Similar presentations

Presentation on theme: "The Efficient Maintenance of Access Roles with Role Hiding Chaoyi Pang Xiuzhen Zhang"— Presentation transcript:

1 The Efficient Maintenance of Access Roles with Role Hiding Chaoyi Pang chaoyi.pang@csiro.auchaoyi.pang@csiro.au Xiuzhen Zhang xiuzhen.zhang@rmit.edu.auxiuzhen.zhang@rmit.edu.au Yanchun Zhang yzhang@csm.vu.edu.auyzhang@csm.vu.edu.au Kotagiri Ramamohanarao rao@csse.unimelb.edu.aurao@csse.unimelb.edu.au

2 COMAD'2008.2 Overview  Motivation  Multi-domain secure role graph  Main ideas  Updating cross-domain accesses  Updating privileges on a role  Experiments  Conclusions

3 COMAD'2008.3 Motivation The efficient maintenance of role accessibility: In a multi-domain environment that supports role-hiding. In a multi-domain environment where a service provider acts as the central mediator. In database applications using a first-order predicate language (SQL). To support various updates and changes.

4 COMAD'2008.4 The role graph  A directed acyclic graph (DAG) representing the subsumption relationship among roles.  The transitive closure relation for a role graph represents the “reachability” relationship.

5 COMAD'2008.5 The multi-domain secure role graph  G 0, the role graph for the mediating service provider.  G 1 … G n, the role graphs for domains 1 … n.  Cross-domain accesses link domains.  Some roles of a domain are hidden from the service provider or other domains.

6 COMAD'2008.6 The multi-domain secure role graph: an example

7 COMAD'2008.7 The privileges for roles In a domain, the privileges for a role are propagated to its ancestor roles. Privileges are not propagated via the cross-domain arcs.

8 COMAD'2008.8 Main ideas  The role accessibility is represented as computing the transitive closure relation among roles.  The incremental maintenance of the accessibility of roles is mapped to incrementally compute the transitive closures for DAGs.

9 COMAD'2008.9 Core algorithms – Add(G, TC G, E) Given a graph G, its transitive closure TC G, and a set of arcs E to be inserted to G, the new access node pairs that should be added to TC are those form a path via E. INSERT INTO Susp(Start,Tail) SELECT DISTINCT X.Start, Y.Tail FROM TC X, TC Y, E WHERE X.Tail=E.Start AND Y.Start=E.Tail; INSERT INTO TC(Start,Tail) SELECT * FROM Susp;

10 COMAD'2008.10 Core Algorithms – Del(G, TC, E) A set of node pairs depending on E are deleted first, which may result in wrong deletions. The wrong deletions are then corrected via joining.

11 COMAD'2008.11 Core Algorithms – Del(G, TC, E) … % Table Susp: When deleting E(Start,Tail), any path from x % via a node pair of E to y are affected and stored in Susp. INSERT INTO Susp(Start,Tail) SELECT X.Start, Y.Tail FROM TC X, TC Y, E WHERE X.Tail=E.Start AND Y.Start=E.Tail; % TABLE Trust: the node pairs not using the deleted arcs of E. INSERT INTO Trust(Start,Tail) SELECT A.Start, A.Tail FROM TC A WHERE NOT EXISTS (SELECT * FROM Susp X WHERE X.Star=A.Star AND X.Tail=A.Tail);

12 COMAD'2008.12 Core Algorithms – Del(G, TC, E) … % TABLE Temp: new node pair (u,v) represents a path from u to v. INSERT INTO Temp(Start,Tail) SELECT A.Start, B.Tail FROM TRUST A, G, TRUST B WHERE A.Tail=G.Star AND G.Tail=B.Star AND (NOT EXISTS (SELECT * FROM E WHERE E.Star=G.Star AND E.Tail=G.Tail)) AND (EXISTS (SELECT * FROM Susp X WHERE X.Star=A.Star AND X.Tail=B.Tail)); % The result: Update TABLE TC. DELETE FROM TC; INSERT INTO TC(Start,Tail) (SELECT Start, Tail FROM Trust) UNION (SELECT A.Start, A.Tail FROM Temp A);

13 COMAD'2008.13 Updating cross-domain arcs  Inserting a cross-domain arc e(u, v): Let <u be the set of arcs originating from u that need to be inserted. Add(G ms, TC Gms, TC <u ), where G ms is the global role graph. Remove redundant access node pairs.  Deleting a cross-domain arc e(u, v): Let >v be the set of arcs need to be deleted. H=Del(G ms, TC Gms, e). Del(G’, H, TC >v ) where G’=G ms -e.

14 COMAD'2008.14 Updating role privileges Update (insertion or deletion) of a privilege on a role: Finding the affected roles. Removing null and reducible roles, and removing redundancy. Subsumption induced by merging roles.

15 COMAD'2008.15 Experiments

16 COMAD'2008.16 Conclusions  The efficient maintenance of accessibility among roles in a multi-domain environment supporting role hiding has been studied.  The SQL-based incremental approach can be applied in database applications.  Our proposed approach can be extended to multi service providers satisfying the acyclic requirement for role graphs.

Download ppt "The Efficient Maintenance of Access Roles with Role Hiding Chaoyi Pang Xiuzhen Zhang"

Similar presentations

DB glossary (focus on typical SQL RDBMS, not XQuery or SPARQL)

DB glossary (focus on typical SQL RDBMS, not XQuery or SPARQL)
Data Structures.

Data Structures.
Pictorial Query by Example PQBE Vida Movahedi Mar. 2007.

Pictorial Query by Example PQBE Vida Movahedi Mar
Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.

Rasool Jalili; 2 nd semester ; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.
The Hierarchical Model

The Hierarchical Model
Incremental Maintenance of XML Structural Indexes Ke Yi 1, Hao He 1, Ioana Stanoi 2 and Jun Yang 1 1 Department of Computer Science, Duke University 2.

Incremental Maintenance of XML Structural Indexes Ke Yi 1, Hao He 1, Ioana Stanoi 2 and Jun Yang 1 1 Department of Computer Science, Duke University 2.
Maintenance of Materialized Views: Problems, Techniques, and Applications Ashish Gupta IBM almaden Research Center Inderpal Singh Mumick AT&T Bell Laboratories.

Maintenance of Materialized Views: Problems, Techniques, and Applications Ashish Gupta IBM almaden Research Center Inderpal Singh Mumick AT&T Bell Laboratories.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Junction Trees And Belief Propagation. Junction Trees: Motivation What if we want to compute all marginals, not just one? Doing variable elimination for.

Junction Trees And Belief Propagation. Junction Trees: Motivation What if we want to compute all marginals, not just one? Doing variable elimination for.
Presented by Vigneshwar Raghuram

Presented by Vigneshwar Raghuram
1 CS 561 Presentation: Indexing and Querying XML Data for Regular Path Expressions A Paper by Quanzhong Li and Bongki Moon Presented by Ming Li.

1 CS 561 Presentation: Indexing and Querying XML Data for Regular Path Expressions A Paper by Quanzhong Li and Bongki Moon Presented by Ming Li.
Using Markov Blankets for Causal Structure Learning Jean-Philippe Pellet Andre Ellisseeff Presented by Na Dai.

Using Markov Blankets for Causal Structure Learning Jean-Philippe Pellet Andre Ellisseeff Presented by Na Dai.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Paper by: A. Balmin, T. Eliaz, J. Hornibrook, L. Lim, G. M. Lohman, D. Simmen, M. Wang, C. Zhang Slides and Presentation By: Justin Weaver.

Paper by: A. Balmin, T. Eliaz, J. Hornibrook, L. Lim, G. M. Lohman, D. Simmen, M. Wang, C. Zhang Slides and Presentation By: Justin Weaver.
Querying Disjunctive Databases in Polynomial Time Lars Olson Masters Thesis Brigham Young University Supported by NSF Grant #0083127.

Querying Disjunctive Databases in Polynomial Time Lars Olson Masters Thesis Brigham Young University Supported by NSF Grant #
Midterm 2 Overview Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Midterm 2 Overview Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Coproduct Transformations on Lattices of Closed Partial Orders Gemma Casas-Garriga MOISES meeting MOISES meeting, Valladolid, Sept 2004.

Coproduct Transformations on Lattices of Closed Partial Orders Gemma Casas-Garriga MOISES meeting MOISES meeting, Valladolid, Sept 2004.
Accelerating Inferencing. Assertion Efficient inferencing using taxonomies require fast computation of subsumption, disjointness, least common ancestors,

Accelerating Inferencing. Assertion Efficient inferencing using taxonomies require fast computation of subsumption, disjointness, least common ancestors,
How to (repeatedly) change preferences * Jan Chomicki University at Buffalo * FOIKS’06, AMAI.

How to (repeatedly) change preferences * Jan Chomicki University at Buffalo * FOIKS’06, AMAI.
An almost linear fully dynamic reachability algorithm.

An almost linear fully dynamic reachability algorithm.

Similar presentations

Ads by Google