Download the full-sized PDF of Security Issues in Heterogeneous Data FederationsDownload the full-sized PDF


Download  |  Analytics

Export to: EndNote  |  Zotero  |  Mendeley


This file is in the following communities:

Faculty of Graduate Studies and Research


This file is not currently in any collections.

Security Issues in Heterogeneous Data Federations Open Access


Other title
data security
database theory
data privacy
access control
Type of item
Degree grantor
University of Alberta
Author or creator
Leighton, Gregory
Supervisor and department
Barbosa, Denilson (Computing Science)
Examining committee member and department
Zaiane, Osmar (Computing Science)
Kurgan, Lukasz (Electrical and Computer Engineering)
Miklau, Gerome (Computer Science, University of Massachusetts at Amherst)
Stroulia, Eleni (Computing Science)
Department of Computing Science

Date accepted
Graduation date
Doctor of Philosophy
Degree level
Data federations allow the contents of multiple source databases to be accessed in a consistent manner. Since each source database is typically administered independently, heterogeneity often results, both in terms of how data is represented (i.e., the database schema), and in how controlled access to data is regulated. Typically, each data source exports data in relational format where it is combined into a semi-structured representation (e.g., XML). In this thesis, we address two aspects of securing heterogeneous data federations. The first deals with the accurate translation of access control policies specified over source databases into a single, unified access control policy applicable to the wider data federation. Such a translation involves mapping each local identity to one or federated identities, and ensuring that the semantics of each original source policy are preserved (i.e., that no federated identity receives access to a larger region of federated data than intended by any source policy). We outline an efficient algorithm for automating policy translation. We also underscore the importance of automated translation methods by showing that in many realistic scenarios, verifying that a federated policy satisfies all source policies is intractable. Finally, we contribute an algorithm for minimizing the size of a translated policy. The second problem we address is the prevention of information disclosures at the federated level. A disclosure risk is present when a user is able to combine the result of one or more allowable queries (i.e., queries which are permitted under the federated access control policy) with prior background knowledge in order to obtain a sufficiently high certainty of the answer to a disallowed query. We classify potential disclosure risks based on whether they can be detected at database design-time, or only when the contents of the database are known. We also describe a new measure for evaluating the magnitude of instance-based disclosure risks at query-time. Finally, we discuss the implementation of a prototype system, and conduct experiments that demonstrate the effectiveness and scalability of the proposed solution.
License granted by Gregory Leighton ( on 2011-09-29T18:21:33Z (GMT): Permission is hereby granted to the University of Alberta Libraries to reproduce single copies of this thesis and to lend or sell such copies for private, scholarly or scientific research purposes only. Where the thesis is converted to, or otherwise made available in digital form, the University of Alberta will advise potential users of the thesis of the above terms. The author reserves all other publication and other rights in association with the copyright in the thesis, and except as herein provided, neither the thesis nor any substantial portion thereof may be printed or otherwise reproduced in any material form whatsoever without the author's prior written permission.
Citation for previous publication

File Details

Date Uploaded
Date Modified
Audit Status
Audits have not yet been run on this file.
File format: pdf (Portable Document Format)
Mime type: application/pdf
File size: 2334675
Last modified: 2015:10:12 14:13:54-06:00
Filename: Leighton_Gregory_Fall 2011.pdf
Original checksum: 6978b1ef016ccb07147f574498698523
Well formed: false
Valid: false
Status message: Lexical error offset=2301614
Page count: 167
Activity of users you follow
User Activity Date