An incremental approach to data integration in presence of access control policies

摘要

In this paper, we describe an approach for data integration that takes into account access control policies. In a data integration system, a mediator is defined as unique entry point providing transparent access to distributed, autonomous and heterogeneous data sources. In such an architecture (see Figure 1), security issue and access control in particular is considered as challenging tasks. Indeed, every source, designed independently from the others, uses its own access control policy to protect their data. The central challenge identified in this context is: How to synthesize a global policy at the mediator level that complies with the policies of the sources? Complying with the sources' policies means that an unauthorized access at the source level should also be unauthorized at the mediator level. Also, the policy of the mediator should ensure data protection against indirect accesses. An indirect access may take place when one could infer sensitive information from non-sensitive one by using semantic constraints. We propose a methodology that can help to synthesize a global policy with a global schema and to detect security breaches by reasoning about semantic constraints.