Li, Wei (2009) Distributed authorization in loosely coupled data federation. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
1MBMR63200.pdf - Accepted Version |
Abstract
The underlying data model of many integrated information systems is a collection of inter-operable and autonomous database systems, namely, a loosely coupled data federation. A challenging security issue in designing such a data federation is to ensure the integrity and confidentiality of data stored in remote databases through distributed authorization of users. Existing solutions in centralized databases are not directly applicable here due to the lack of a centralized authority, and most solutions designed for outsourced databases cannot easily support frequent updates essential to a data federation. In this thesis, we provide a solution in three steps. First, we devise an architecture to support fully distributed, fine-grained, and data-dependent authorization in loosely coupled data federations. For this purpose, we adapt the integrity-lock architecture originally designed for multilevel secure databases to data federations. Second, we propose an integrity mechanism to detect, localize, and verify updates of data stored in remote databases while reducing communication overhead and limiting the impact of unauthorized updates. We realize the mechanism as a three-stage procedure based on a grid of Merkle Hash Trees built on relational tables. Third, we present a confidentiality mechanism to control remote users' accesses to sensitive data while allowing authorization policies to be frequently updated. We achieve this objective through a new over-encryption scheme based on secret sharing. Finally, we evaluate the proposed architecture and mechanisms through experiments.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
---|---|
Item Type: | Thesis (Masters) |
Authors: | Li, Wei |
Pagination: | x, 65 leaves : ill. ; 29 cm. |
Institution: | Concordia University |
Degree Name: | M.A. Sc. |
Program: | Institute for Information Systems Engineering |
Date: | 2009 |
Thesis Supervisor(s): | Wang, L |
Identification Number: | LE 3 C66I54M 2009 L529 |
ID Code: | 976366 |
Deposited By: | Concordia University Library |
Deposited On: | 22 Jan 2013 16:24 |
Last Modified: | 13 Jul 2020 20:10 |
Related URLs: |
Repository Staff Only: item control page