Publication Type

Journal Article

Version

acceptedVersion

Publication Date

6-2013

Abstract

Today’s organizations raise an increasing need for information sharing via on-demand access. Information brokering systems (IBSs) have been proposed to connect large-scale loosely federated data sources via a brokering overlay, in which the brokers make routing decisions to direct client queries to the requested data servers. Many existing IBSs assume that brokers are trusted and thus only adopt server-side access control for data confidentiality. However, privacy of data location and data consumer can still be inferred from metadata (such as query and access control rules) exchanged within the IBS, but little attention has been put on its protection. In this paper, we propose a novel approach to preserve privacy of multiple stakeholders involved in the information brokering process. We are among the first to formally define two privacy attacks, namely attribute-correlation attack and inference attack, and propose two countermeasure schemes automaton segmentation and query segment encryption to securely share the routing decision-making responsibility among a selected set of brokering servers. With comprehensive security analysis and experimental results, we show that our approach seamlessly integrates security enforcement with query routing to provide system-wide security with insignificant overhead.

Keywords

Access control, information sharing, privacy

Discipline

Computer Sciences | Finance and Financial Management | Management Information Systems

Research Areas

Information Systems and Management

Publication

IEEE Transactions on Information Forensics and Security

Volume

8

Issue

6

First Page

888

Last Page

900

ISSN

1556-6013

Identifier

10.1109/TIFS.2013.2247398

Publisher

IEEE

Additional URL

https://doi.org/10.1109/TIFS.2013.2247398

Share

COinS