Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrei G. Stoica and Csilla Farkas

Published byМарина Мартынская Modified over 5 years ago

Similar presentations

Presentation on theme: "Andrei G. Stoica and Csilla Farkas"— Presentation transcript:

1 Andrei G. Stoica and Csilla Farkas
Integrated Security Framework for Semantically Enhanced Semi-Structured Data Andrei G. Stoica and Csilla Farkas Department of Computer Science & Engineering University of South Carolina i

2 Overview Machine understandable data semantics:
domain and context definition ontologies metadata What are the security implications? New security mechanisms? New security paradigm?

3 XML Language High-level application messaging
Used for storage application reduces computation overhead uniform access Base for semantic orientated languages - RDF, DAML Increased popularity

4 Semantic Tools The information process is augmented with a semantic layer. Infrastructure allows computers to reason about data meaning. Computers exchange information transparently on behalf of the user. Implications Intelligent high-volume processing

5 Security Setup Increased Connectivity + Extensive XML support + Semantic Infrastructure = New Security Threats Established Security Models do not address this dimension: Indirect disclosure Undesired Inference Available inference models difficult to transfer from database security open domains

6 Related Work Document Instance Security XML Access Control Models
Digital Signatures Encryption XML Access Control Models Security labels assignment Multi-level XML Security Extensions from Database Security

7 Problems? Semantic correlations ignored Inconsistent reply
Indirect unauthorized disclosure

8 Example View over UC data medicalFiles <medicalFiles> UC
<countyRec> S <patient> S <name>John Smith </name> UC <phone> </phone> S </patient> <physician>Jim Dale </physician> UC </countyRec> <milBaseRec> TS <name>Harry Green</name> UC <phone> </phone> S <physician>Joe White </physician> UC <milTag>MT78</milTag> TS </milBaseRec> </medicalFiles> countyRec milBaseRec physician Jim Dale physician Joe White milTag MT78 patient patient name John Smith phone name Harry Green phone View over UC data

9 Inference Set of data + associations derive the target data
Traditionally a human task At the limit, infer any target given enough related data and metadata.

10 Problems? If the inference target is confidential information
Security Violation

11 Example Simulation Exploitation Using Open Source Information:
Objective: US Government would like to share a limited simulation software with friendly countries. Can this software be used to explore the capabilities of US weaponry? Can sufficient information be found from public sources to create such simulation?

12 Example Findings: Most of the information needed for the simulation was available on the Internet. Needed human aid to combine available information

13 Proposed Solution What do we do?
XML Views Considering Semantic Dimension. do not disclose more information (including structure of the document). cover stories. Web Inference make sure the information we publish does not lead to our confidential data.

14 Proposed Solution XML Access Control Global Disclosure Control
semantic consistent reply prevent illegal inference from query reply (cover stories). Global Disclosure Control detect and prevent a set of undesired inferences using public Internet data in correlation with public local data

15 Global Data Privacy Control
Security Engine Local Organization Access Control Corrective Measures Request SecView Local XML Database Interface Module Return Oxsegin Update Local Ontology Upload Global Data Privacy Control Local Data Internet Data

16 Secure XML Views Builds secure & semantic consistent single security level partial views Minimum Semantic Conflict Graph avoids semantic conflicts Multi-Plane DTD Graph MPG structural relationships between tags Andrei Stoica, Csilla Farkas. “Secure XML Views”, In Proc. of IFIP 2002

17 Example DTD Graph MSCG medicalFiles name phone countyRec milBaseRec
emrgRec physician patient milTag physician name phone

18 Oxsegin Inference Engine Security Violations Corrective Measures Local
Classified Database Inference Engine Local Public Database Security Violations Internet Databases Corrective Measures

19 Corrective Measures Local Public Data Remove information
Release misleading information Internet Public Data Target desirable inference results

20 Inference Engine Replicated Data Inf. Violation Prob. Coef. Pointers
Public+Local Database Local Classified Database Violation Pointers Prob. Coef. Correlated Data Inf. Inf. Struct Ontology

21 Replicated Data Inference
Identifies replicated information under different security classifications Violation Pointer = similar units of data at different security levels Inference is guided by inference structures built on ontology concept hierarchy Andrei Stoica, Csilla Farkas. “Ontology guided XML Security Engine”, In Journal of Intelligent Information Systems, to appear.

22 Replicated Data Inference
Inf. Tree Ontology Public Data file Classified Data file A Patriot Freq. N0 M1 B B C , M2 M4 M3 N1 N2 D E PAC-2 Freq. PAC-3 Freq. PAC-2 Freq. PAC-3 Freq. M7 M7 N5 N5 N6 N7 Scientific data on radar components Missiles Tracking Systems Confidence Level (M7,N5) = ƒ (,,,)

23 Correlated Data Inference
Identifies sensitive data in the public domain (relative to a given classified database – usually the local database). Inference guidance: Ontology concept hierarchy Structural similarity of public data Csilla Farkas, Andrei Stoica. “Correlated Data Inference, Ontology Guided XML Security Engine”, In Proc of IFIP 2003.

24 Correlated Data Inference
Features of similarity: Levels of abstraction for each node Distance of associated nodes from association root Similarity of the distances Length of the distance Similarity of sub-trees originating from correlated nodes

25 Correlated Data Inference
Association similarity: Distance of each node from the association root Difference of the distance of the nodes from the association root Similarity of the sub-trees originating at nodes Air show address fort address fort

26 Correlated Data Inference
Object[]. waterSource :: Object basin :: waterSource place :: Object district :: place address :: place base :: Object fort :: base fort address basin district ? base Water source

27 Correlated Data Inference
Object[]. waterSource :: Object basin :: waterSource place :: Object district :: place address :: place base :: Object fort :: base place base Public address fort Public district basin Water Source Water source base Confidential

28 Summary Secure XML Views provide semantic consistent query reply and cover stories. Oxegin architecture and methods detect undesired inferences Structural similarity Semantic concept hierarchy Confidence in derived inferences

29 Next Class Stream data

Download ppt "Andrei G. Stoica and Csilla Farkas"

Similar presentations

Ontology-Based Computing Kenneth Baclawski Northeastern University and Jarg.

Ontology-Based Computing Kenneth Baclawski Northeastern University and Jarg.
Operating System Security

Operating System Security
CS570 Artificial Intelligence Semantic Web & Ontology 2

CS570 Artificial Intelligence Semantic Web & Ontology 2
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Using the Semantic Web to Construct an Ontology- Based Repository for Software Patterns Scott Henninger Computer Science and Engineering University of.

Using the Semantic Web to Construct an Ontology- Based Repository for Software Patterns Scott Henninger Computer Science and Engineering University of.
Computer Science and Engineering 1 What these organizations have in common? American Education Services, PA United States Marine Corps / Penn State University.

Computer Science and Engineering 1 What these organizations have in common? American Education Services, PA United States Marine Corps / Penn State University.
MobiShare: Sharing Context-Dependent Data & Services from Mobile Sources Efstratios Valavanis, Christopher Ververidis, Michalis Vazirgianis, George C.

MobiShare: Sharing Context-Dependent Data & Services from Mobile Sources Efstratios Valavanis, Christopher Ververidis, Michalis Vazirgianis, George C.
Chapter 1 – Introduction

Chapter 1 – Introduction
Xyleme A Dynamic Warehouse for XML Data of the Web.

Xyleme A Dynamic Warehouse for XML Data of the Web.
Semantic Web and Web Mining: Networking with Industry and Academia İsmail Hakkı Toroslu IST EVENT 2006.

Semantic Web and Web Mining: Networking with Industry and Academia İsmail Hakkı Toroslu IST EVENT 2006.
Semantic Web Mobile Internet Technical Architecture Omair Javed Institute of Software Systems Tampere University of Technology.

Semantic Web Mobile Internet Technical Architecture Omair Javed Institute of Software Systems Tampere University of Technology.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
1 Augmenting MatML with Heat Treating Semantics Aparna Varde, Elke Rundensteiner, Murali Mani Mohammed Maniruzzaman and Richard D. Sisson Jr. Worcester.

1 Augmenting MatML with Heat Treating Semantics Aparna Varde, Elke Rundensteiner, Murali Mani Mohammed Maniruzzaman and Richard D. Sisson Jr. Worcester.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.

Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
MDC Open Information Model West Virginia University CS486 Presentation Feb 18, 2000 Lijian Liu (OIM:

MDC Open Information Model West Virginia University CS486 Presentation Feb 18, 2000 Lijian Liu (OIM:
Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.

Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.
Secure Data Architectures

Secure Data Architectures

Similar presentations

Ads by Google