Thesis of Deming Dou

Detection and prevention of leaking channels on querying confidential information


The development and spreading of database systems (DBMS) and networks have boosted data exchange all around the world. Access control is today one of the most common and versatile mechanism used for information systems security enforcement. However, despite access control models and enforcement procedures, there are still cases where it is possible for one or more legitimate user to deduce information that is not straightly accessible, by mean of leaking channels. For example let us consider a hospital in which John has only access to administrative information on patients, and Mary has only access to medical information, including the postcode, in order to perform medical statistics. Whenever there is a patient with a rare zipcode, John and Mary will be able to join the two tuples. However, in the present case, confidentiality policies are not violated. Confidential information has been inferred by mean of a leaking channel. There is still no existing work that can guarantee in the general case that one of more queries can create a leaking channel. That is therefore the aim of this thesis.

Main scientific challenges are the following:
??Definition of a prohibited correlation expression model for relational data. Such a model aims at expressing which data must not be inferred. It can be seen as a special kind of database dependencies.
??A translation algorithm of these expressions to stream patterns. Complex patterns must be taken into account: multi-tables, multi-users, time-dependent, etc.
??Dynamic pattern matching. Efficients and memory-optimized algorithms must be proposed, in order to detect these patterns, to block query execution and to raise an alarm for the administrator.

Advisor: Jean-Marc Petit
Coadvisor: Stéphane Coulondre