Confidentiality and integrity in distributed data exchange.

摘要

The distributed exchange of structured data has emerged on the World Wide Web because it promises efficiency, easy collaboration, and---through the integration of diverse data sources---the discovery of new trends and insights. Along with these benefits, however, there is also the danger that exchanged data will be disclosed inappropriately or modified by unauthorized parties. This dissertation provides conceptual and practical tools for ensuring the confidentiality and integrity of data that is exchanged across heterogeneous systems.; Securing data in such settings is challenging because participants may behave maliciously, and because their remote systems are outside the control of the data owner. This dissertation addresses these challenges, first by developing a precise analysis of the information disclosure that may result from publishing relational data. This is a critical prerequisite to forming a policy for permitting or denying access to data. The novel notion of information disclosure presented here can capture leaks that may result from collusion by multiple parties, or from prior knowledge they may possess. This dissertation then addresses the practical problems of safely and efficiently guaranteeing security properties for distributed data. To provide confidentiality, a flexible fine-grained encryption framework is proposed which allows data owners to construct, from a set of access policies, a single encrypted database that can be stored and exchanged by all parties. Access is granted by separately disseminating keys. To provide integrity, an efficient authentication mechanism is described which can be used to detect tampering when data is stored by an untrusted database. Together these techniques can significantly advance the security of distributed data exchange.