Securing Databases from Probabilistic Inference

Databases can leak confidential information when users combine query results with probabilistic data dependencies and prior knowledge. Current research offers mechanisms that either handle a limited class of dependencies or lack tractable enforcement algorithms. We propose a foundation for Database Inference Control based on ProbLog, a probabilistic logic programming language. We leverage this foundation to develop Angerona, a provably secure enforcement mechanism that prevents information leakage in the presence of probabilistic dependencies. We then provide a tractable inference algorithm for a practically relevant fragment of ProbLog. We empirically evaluate Angerona's performance showing that it scales to relevant security-critical problems.Comment: A short version of this paper has been accepted at the 30th IEEE Computer Security Foundations Symposium (CSF 2017

Strong and Provably Secure Database Access Control

Existing SQL access control mechanisms are extremely limited. Attackers can leak information and escalate their privileges using advanced database features such as views, triggers, and integrity constraints. This is not merely a problem of vendors lagging behind the state-of-the-art. The theoretical foundations for database security lack adequate security definitions and a realistic attacker model, both of which are needed to evaluate the security of modern databases. We address these issues and present a provably secure access control mechanism that prevents attacks that defeat popular SQL database systems.Comment: A short version of this paper has been published in the proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P 2016

Distributed orchestration of pervasive services.

Pervasive systems are increasingly being designed using a service-oriented approach where services are distributed across wireless devices of varying capabilities. Service orchestration is a simple and popular method to coordinate web-based services but introduces a single point of failure and lacks the flexibility to cope with the greater variability of pervasive environments. Choreography in contrast advocates explicitly modelling systems as interacting peers that conform to rules of interaction. Choreography offers greater reliability and flexibility but leads to systems that are much harder to validate. In this paper we describe a novel intermediate approach, where given a logically centralised service orchestration, we automatically generate a distributed implementation that correctly enforces the orchestration behaviour. Our system handles all the synchronisation and consensus issues and ensures correctness. The system also incorporates a number of abstractions for grouping pervasive peers and coordinating pervasive peer-to-peer interactions

Monitoring of Temporal First-order Properties with Aggregations

In system monitoring, one is often interested in checking properties of aggregated data. Current policy monitoring approaches are limited in the kinds of aggregations they handle. To rectify this, we extend an expressive language, metric first-order temporal logic, with aggregation operators. Our extension is inspired by the aggregation operators common in database query languages like SQL. We provide a monitoring algorithm for this enriched policy specification language. We show that, in comparison to related data processing approaches, our language is better suited for expressing policies, and our monitoring algorithm has competitive performance.ISSN:0925-9856ISSN:1572-810

Monitoring of temporal first-order properties with aggregations

In system monitoring, one is often interested in checking properties of aggregated data. Current policy monitoring approaches are limited in the kinds of aggregations they handle. To rectify this, we extend an expressive language, metric first-order temporal logic, with aggregation operators. Our extension is inspired by the aggregation operators common in database query languages like SQL. We provide a monitoring algorithm for this enriched policy specification language. We show that, in comparison to related data processing approaches, our language is better suited for expressing policies, and our monitoring algorithm has competitive performance