Problem Representation and the Externalization of Borders in the Canadian Electronic Travel Authorization and Interactive Advanced Passenger Initiative

Koblauch, Louise

January 2019

This paper analyzes two policies published by the Canadian Government, the Electronic Travel Visa and the Interactive Advance Passenger Information. These policies were initiated to close an integrity gap and to fight security issues resulting from globalization. These two documents are problematized by using Carol Bacchi’s analytical framework, What’s the Problem Represented to be, to dissect the underlying problem representations, the historical developments and the effects of these policies on migrants and travellers. Globalization, securitization and externalization in connection to Critical Border Studies are used for theoretical development. The results show that these policies have altered Canadian border management by pushing screening processes outside of physical sovereign boundaries and traps migrants in a web of offshore policing and securitization.

Canada

Electronic Travel Authorization

Carol Bacchi

Securitization

Externalization

Critical Border Studies

Social Sciences

Samhällsvetenskap

Effektiv kommunikation i byggprojekt - En studie med fokus på informationsflödet mellan entreprenörer och myndigheter i byggentreprenader

Amjed Sabri, Barik, Almadani, Mohammad

January 2018

Det finns i dagens läge ingen enhetlig kommunikationsmodell som styr hur informationsutbytet kan ske mellan myndigheter och entreprenörer i samband med tillståndsprocessen i byggprojekt. I dagens byggbransch kan kommunikationen mellan entreprenörer och berörda myndigheter i ett byggprojekt, upplevas som bristande i somliga fall med avseende på vilken information som ska utväxlas, i vilket format, under vilka tidsramar samt under vilka handläggningstider. Huvudsyftet med studien är att försöka kartlägga brister som förekommer i kommunikationen i samband med tillståndsprocessen samt föreslå åtgärder för hur dessa kan minimeras. Myndigheternas samt entreprenörernas åsiker och synpunkter av kommunikationen kommer att utgöra ett underlag för studiens slutsatser.Metoderna som har används i samband med faktainsamling är kvalitativa och utgörs huvud-sakligen av semistrukturerade intervjuer, deltagande observationer samt fallstudier. Huvudtanken bakom användning av flera datainsamlingsmetoder är att få en god validitet i studien samt få en verklighetsförankrad bild av kommunikationsfrågan i samband med en tillståndsprocess i bygg-projekt. Swim lane-metoden används i studien vid analysering av tillståndsprocessen samt för att presentera en kommunikationsmodell som kan användas för att underlätta ansökning av tillstånd för aktörer i byggbranschen. För att kunna analysera tillståndsprocessen mer i detalj, väljs bygglov som analyseringsobjekt. I studien görs sammanlagt sju intervjuer där fyra är på myndighetssidan och tre är på entreprenörssidan. Utöver intervjuerna görs tre deltagande observationer samt flera projektbesök i samband med fallstudierna.Kommunikationen kan idag ske på olika sätt beroende på vilken kommun ett byggprojekt genom-förs i och kan skilja sig i både tillvägagångssättet och handläggningstiderna. Orsaker till en bristande kommunikation från myndigheternas sida i samband med tillståndsprocessen i bygg-projekt, kan bero på hög arbetsbelastning hos myndighetsanställda samt personalbrist. Vissa tillstånd som till exempel det som berör belamring av allmänna ytor i samband med projekt-utförandet, kan ha långa beslutsvägar där flera myndigheter är inblandade vilket är en orsak till onödiga förseningar i beslutsfattandet.Det pågår idag en övergång i tillståndsprocessen från att ansökning och handläggning sker i pappersformat till en heldigitaliserad tillståndsprocess. Olika kommuner har kommit olika långt i digitaliseringsprocessen. För att kunna effektivisera tillståndsprocessen i byggprojekt, kan digitaliseringen nyttjas i större grad än det som görs idag. Exempel på digitala åtgärder som kan gynna tillståndsprocessen är implementering av automatiserade kommunikationsverktyg som möjliggör uppdatering av ärendets status. Entreprenören ges därmed möjlighet att kunna kommunicera med myndigheter samt komplettera eventuella brister med kort varsel. Implemen-tering av BIM i framtida tillståndsprocesser kan underlätta handläggningsproceduren för myndig-heternas del genom att möjliggöra smidiga kontroller i samband med granskning av ärendet som exempelvis kollisionskontroller eller kontroller av bärighets- och energiberäkningar. / In today's construction industry, communication between contractors and authorities in connection with the authorization process can seem to be unsatisfying. There is currently no unified communication model that could lead the exchange of information between authorities and contractors in construction projects. The main purpose of the study is to identify which shortcomings in communication process are common and suggest actions to minimize them. The opinions of the authorities and the contractors in connection with the communication aspect will provide a basis for the conclusions of the study. The methods used in collecting the results of the study are qualitative and consist of semi structured interviews, participatory observations and case studies. The main idea behind the use of multiple data collection methods is to get a good validity in the study as well as to get a reality-based image of the communication in connection with the authorization process in the building works. The swim lane-diagram method is used to analyse the communication process as well as to present a reliable model that can be used as a basis of various actors in the construction industry when applying for building permissions. Causes for shortcomings of communication by the authorities may be due to high workload of government workers and staff shortages. Communication can now happen in different ways depending on which municipality a building project is carried out in. There is currently a transition in the authorization process from application and processing in paper format to a digitized process. In order to streamline the state process in building projects. Digitization can be used to a greater level than what is being done today. Example of digital measures that can benefit the state process is implementation

Byggprojekt

Byggprojektprocessen

Samhällsbyggnadsprocessen

Kommunikation

Kommunikationsstrategier

Tillståndsprocess

Myndighetsbeslut

Authorization in construction project

Communication strategies

Authority decisions in building works

Engineering and Technology

Teknik och teknologier

Securing Data in a Cloud Environment: Access Control, Encryption, and Immutability / Säkerhetshantering av data som överförs genom molnbaserade tjänster: åtkomstkontroll, kryptering och omutlighet

Al Khateeb, Ahmad, Summaq, Abdulrazzaq

January 2023

The amount of data and the development of new technologies used by all society-critical organizations are increasing dramatically. In parallel, data breaches, cyber-attacks, and their devastating consequences are also on the rise, as well as the number of individuals and organizations that are potential targets for such attacks. This places higher demands on security in terms of protecting data against cyber-attacks and controlling access to data that authenticated users want to access. The paper focuses on studying concepts of secure data practices in a GitLab-based cloud environment. The objective is to give answers to questions such as how to ensure the guarantee of secure data and protect it from unauthorized access and changes. The work behind this thesis includes exploring techniques for access control, data encryption, and data immutability. The study is followed by an implementation project that includes fetching code from GitLab verifying user identity and access control, managing data access, and displaying the results. The results of the thesis demonstrate the effectiveness of the implemented security measures in protecting data and controlling access. / Mängden av data och utvecklingen av banbrytande teknologier som idag används av alla samhällsbärande organisationer ökar drastiskt. I samma takt ökar dataintrång, cyberattacker och dess förödande konsekvenser samt antalet personer och organisationer som utgör potentiella offer för sådana typer av attacker. Detta ställer högre krav på säkerheten när det gäller att skydda data mot cyberattacker, men även att kontrollera åtkomsten till data som autentiserade användare vill komma åt. Rapporten fokuserar på att studera hur data säkras i GitLab-baserade molnsystem. Syftet med detta arbete är att ge svar på frågeställningar som till exempel att lova säker åtkomst och skydd för data från obehörig åtkomst och ändringar. Arbetet bakom detta projekt inkluderade undersökning av tekniker som används inom accesskontroll, datakryptering och data-omutlighet. Studien resulterade i en implementation som möjliggör att hämta signerade ändringar (Commits) från GitLab, verifiera användaridentiteten och åtkomstbehörighet, hantera dataåtkomst samt presentera resultaten. Resultaten av detta examensarbete demonstrerar effektiviteten av den implementerade säkerhetsteknikerna i att skydda data och kontrollera access.

Access Control

Authorization

Keycloak

GPG Keys

Encryption

GitLab

Version Control

Neo4j

Data Security

Computer Sciences

Datavetenskap (datalogi)

Multi-Tenant Apache Kafka for Hops : Kafka Topic-Based Multi-Tenancy and ACL- Based Authorization for Hops

Dessalegn Muruts, Misganu

January 2016

Apache Kafka is a distributed, high throughput and fault-tolerant publish/subscribe messaging system in the Hadoop ecosystem. It is used as a distributed data streaming and processing platform. Kafka topics are the units of message feeds in the Kafka cluster. Kafka producer publishes messages into these topics and a Kafka consumer subscribes to topics to pull those messages. With the increased usage of Kafka in the data infrastructure of many companies, there are many Kafka clients that publish and consume messages to/from the Kafka topics. In fact, these client operations can be malicious. To mitigate this risk, clients must authenticate themselves and their operation must be authorized before they can access to a given topic. Nowadays, Kafka ships with a pluggable Authorizer interface to implement access control list (ACL) based authorization for client operation. Kafka users can implement the interface differently to satisfy their security requirements. SimpleACLAuthorizer is the out-of-box implementation of the interface and uses a Zookeeper for ACLs storage.HopsWorks, based on Hops a next generation Hadoop distribution, provides support for project-based multi-tenancy, where projects are fully isolated at the level of the Hadoop Filesystem and YARN. In this project, we added Kafka topicbased multi-tenancy in Hops projects. Kafka topic is created from inside Hops project and persisted both at the Zookeeper and the NDBCluster. Persisting a topic into a database enabled us for topic sharing across projects. ACLs are added to Kafka topics and are persisted only into the database. Client access to Kafka topics is authorized based on these ACLs. ACLs are added, updated, listed and/or removed from the HopsWorks WebUI. HopsACLAuthorizer, a Hops implementation of the Authorizer interface, authorizes Kafka client operations using the ACLs in the database. The Apache Avro schema registry for topics enabled the producer and consumer to better integrate by transferring a preestablished message format. The result of this project is the first Hadoop distribution that supports Kafka multi-tenancy.

Hadoop

Kafka

Hops

HopsWorks

Multi-Tenancy

Kafka Topics

Schema Registry

Messaging Systems

ACL Authorization

Computer Sciences

Datavetenskap (datalogi)

SAFE: A Declarative Trust-Agile System with Linked Credentials

Thummala, Vamsidhar

January 2016

<p>Secure Access For Everyone (SAFE), is an integrated system for managing trust</p><p>using a logic-based declarative language. Logical trust systems authorize each</p><p>request by constructing a proof from a context---a set of authenticated logic</p><p>statements representing credentials and policies issued by various principals</p><p>in a networked system. A key barrier to practical use of logical trust systems</p><p>is the problem of managing proof contexts: identifying, validating, and</p><p>assembling the credentials and policies that are relevant to each trust</p><p>decision. </p><p>SAFE addresses this challenge by (i) proposing a distributed authenticated data</p><p>repository for storing the credentials and policies; (ii) introducing a</p><p>programmable credential discovery and assembly layer that generates the</p><p>appropriate tailored context for a given request. The authenticated data</p><p>repository is built upon a scalable key-value store with its contents named by</p><p>secure identifiers and certified by the issuing principal. The SAFE language</p><p>provides scripting primitives to generate and organize logic sets representing</p><p>credentials and policies, materialize the logic sets as certificates, and link</p><p>them to reflect delegation patterns in the application. The authorizer fetches</p><p>the logic sets on demand, then validates and caches them locally for further</p><p>use. Upon each request, the authorizer constructs the tailored proof context</p><p>and provides it to the SAFE inference for certified validation.</p><p>Delegation-driven credential linking with certified data distribution provides</p><p>flexible and dynamic policy control enabling security and trust infrastructure</p><p>to be agile, while addressing the perennial problems related to today's</p><p>certificate infrastructure: automated credential discovery, scalable</p><p>revocation, and issuing credentials without relying on centralized authority.</p><p>We envision SAFE as a new foundation for building secure network systems. We</p><p>used SAFE to build secure services based on case studies drawn from practice:</p><p>(i) a secure name service resolver similar to DNS that resolves a name across</p><p>multi-domain federated systems; (ii) a secure proxy shim to delegate access</p><p>control decisions in a key-value store; (iii) an authorization module for a</p><p>networked infrastructure-as-a-service system with a federated trust structure</p><p>(NSF GENI initiative); and (iv) a secure cooperative data analytics service</p><p>that adheres to individual secrecy constraints while disclosing the data. We</p><p>present empirical evaluation based on these case studies and demonstrate that</p><p>SAFE supports a wide range of applications with low overhead.</p> / Dissertation

Computer science

Logic-based access control

authorization

SAFE

Safelog

Safelang

slog

slang

SafeSets

SafeX

Security Policies

Software-as-a-service

Distributed Systems

Trust Logic

Declarative Languages

Trust Management

Les engagements dans le droit français des concentrations / Remedies in merger control

Blanc, François

26 November 2012

De prime abord, le droit des concentrations illustre le rôle moderne joué par l’État dans l’économie : il ne s’agit plus de construire les marchés, mais de contrôler ponctuellement un ou plusieurs opérateur(s) en particulier. L’État libéral soumet ainsi à autorisation préalable les rapprochements d’entreprises, afin de vérifier que ceux-ci ne portent pas atteinte à la concurrence. Pourtant, dans le silence de la loi, tout se passe comme si l’administration se servait de la concentration comme d’un vecteur d’une réorganisation des marchés. Le procédé est d’autant plus subtil qu’il implique étroitement les entreprises elles-mêmes : tout repose sur les « engagements » que celles-ci proposent à l’administration dans le but de prévenir les effets anticoncurrentiels de leur projet. Car ces engagements connaissent une mutation juridique décisive : une fois émis, ils deviennent une mesure de police économique, incorporée dans l’autorisation administrative. Le procédé, développé à l’époque de l’économie administrée, dénote la constance du droit français par-delà la variation des objectifs économiques. Or, ces engagements contraignent les parties à la concentration, d’une part dans leurs actes avec d’autres opérateurs sur le marché et, d’autre part, dans leurs rapports à l’administration : ils orientent l’action de la concentration vis-à-vis des tiers tout en prolongeant le contrôle administratif. Incorporant les engagements dans son acte, l’administration modifie puis surveille les relations entre les parties et les tiers à l’opération. Aussi, son intervention se déplace, ratione temporis, de la concentration en projet à la concentration réalisée, et, ratione personae, des parties à l’opération aux tiers. Elle se déplace en somme de la concentration vers le marché. S’il ne s’agit donc plus, comme par le passé, de construire directement le marché, l’administration utilise désormais à cette fin les entreprises soumises à son autorisation. / At first sight, the mergers’s control illustrates the modern role played by the State in the economy: the aim is not to organize the markets anymore, but to control from time to time one or several particular operators. The liberal State submit the companies’s merging processes to prior authorization, so as to make sure they do not negatively affect the competition. Nevertheless, in the silence of the law, everything goes as if the administration was using mergers as drivers of the markets’s reorganization. This process is evenmore subtil because it implies closely the companies themselves: everything depends on the commitments the companies offer to the administration, in order to prevent the non competitive effects of their project. These commitments are indeed undergoing a major legal change: once issued, they become a measure of economic restriction, embedded in the administration’s authorization. This process, that has been developed from the time of planned economy, suggests a certain permanency of the French law, despite the economic goals’s variation. Yet, these commitments constrain the parties about to merge: on the one hand regarding their actions towards other operators on the market, and on the other hand, regarding their relation with the administration : at the same time they direct the merger according to the stakeholders, and extend the administrative control. In short, when embedding the commitments in its act, the administration first changes the relations between the parties and the stakeholders, then follows up the relations’s execution. Thus, its intervention swifts ratione temporis, -from the merger in progress to the merger achieved, ratione personae, from the parties to the stakeholders’ operations, and ratione materia, from the merger to the market. Time has gone when the administration used to build the market directly ; now it uses to this end the companies that have to require her authorization.

Police économique

Régulation

Concurrence

Autorisation

Acte administratif unilatéral

Condition

Contrat

Contrôle administratif

France

Regulation

Competition

Authorization

Unilateral act

Conditions

Contract

Administrative control

France

Nařízení exekuce a pověření soudního exekutora / The writ of execution and the authorization of a licensed executor

Matušincová, Eva

January 2011

The following diploma thesis is called "The writ of execution and authorization of a licensed executor". I have chosen this theme because this execution and execution procedure is a dynamically developing part of the civil law and has been changed substantially in recent years. I deal mainly with the legislation in regards to the petition for an execution order, an execution order as well as a termination of authorization of an licensed executor to carry out the execution. The aim of the thesis is to acquaint the reader with current legislation, compare current legislation with previous legislation and identify ambiguities and issues encountered in practice. The thesis is divided into five chapters. The first one is a preface and the last a conclusion. The second chapter deals with the petition for an execution order, especially requirements, defects and their remedies. Further, I pay attention to execution title and its particular types. In the end I outline the possibility of the proposed limitations on the territorial scope of an licensed executor de lege ferenda. The third chapter deals with the execution procedure and authorization of a licensed executor. I describe how the court can decide on the petition for the execution order. Separately I deal with an execution decision, its delivering,...

Etudes des textes sino-européens sur les médicaments traditionnels à base de plantes / Research about the regulations on traditional herbal medicine in China and in the EU

Yang, Ning

01 July 2011

Au cours des trente dernières années, avec la multiplication des effets secondaires des médicaments synthétiques, les médicaments traditionnels à base de plantes ont été redécouverts. Cette catégorie de médicaments est définie juridiquement par la directive communautaire 2004/24/CE. Le but de cette recherche est, d’une part, de comparer les textes sino-Européens sur le contrôle de la qualité des matières premières végétales dans les domaines de la production et du commerce international ; d’autre part, de comparer les textes sino-Européens sur le contrôle de la qualité, de la sécurité et de l’efficacité des médicaments traditionnels à base de plantes, en tant que produits finis. Toutes les réglementations communautaires et chinoises, concernant les médicaments traditionnels à base de plantes, ont pour objectif essentiel la sauvegarde de la santé publique ; la qualité, la sécurité et l’efficacité de ces médicaments particuliers sont strictement contrôlées dans ces deux régions du monde. Toutefois, il est important de noter que ces deux systèmes juridiques présentent des nombreuses divergences tenant à l’histoire et à la culture dans le secteur des médicaments traditionnels à base de plantes. L’harmonisation des textes sino-Européens sur les médicaments traditionnels à base de plantes soulève un problème particulièrement complexe. / In the recent three decades, with the increase of side effects of synthetic drugs, attention to traditional herbal medicines has been paid again and given a clear legal definition by the directive 2004/24/EC. In this thesis, we are making a comparative study: first on the Chinese-European texts on the quality control of vegetal raw material in the fields of production and international trade, then on the Chinese-European on the quality control, the security and effectiveness of traditional herbes-Made medicine as products. Although Chinese and European tradition herbal medicine regulations all mainly aim at protecting public health, and strictly controlling the quality, safety and efficacy of such medicines, there are big difference for traditional herbal medicine regulations between China and the EU due to difference of the history, culture and traditions in the pharmaceutical industry and the legal system. For a long period of time, coordination between the two will remain difficult.

Union Européenne

Chine

Droit

Autorisation de mise sur le marché

Traditional herbal medicine products

EU

China

Law

Marketing authorization

Inférence de règles de contrôle d'accès pour assurer la confidentialité des données au niveau des vues matérialisées / Access control rules for materialized views : an inference-based approach

Nait Bahloul, Sarah

05 December 2013

Dans cette thèse, nous nous intéressons au problème de la confidentialité des données. Nous proposons une nouvelle approche pour faciliter l'administration des règles de contrôle d'accès pour assurer la confidentialité des données au niveau des vues matérialisées. Dans les bases de données relationnelles, une vue est une table virtuelle représentant le résultat d'une requête. À la différence d'une vue simple, une vue matérialisée stocke le résultat de la requête dans une table. Cette dernière peut être alors interrogée comme une table quelconque. Il est donc important d'y contrôler l'accès. Parmi les différents modèles proposés pour contrôler l'accès aux relations de base, nous nous basons dans notre approche sur l'utilisation des vues d'autorisations pour exprimer des règles de contrôle d'accès à grains fins. Nous proposons d'inférer, à partir des vues d'autorisations attachées aux tables de base, les vues d'autorisations qui doivent être attachées aux vues matérialisées. Répondre à ce problème revient à répondre à un problème fondamental dans les bases de données relationnelles : Comment caractériser les informations calculables à partir de deux ensembles de vues ? Nous répondons à cette question en nous appuyant sur la réécriture de requêtes. Nous adaptons l'algorithme de réécriture de requêtes M iniCon aux spécificités de notre problème et nous proposons l'algorithme 1-l M iniCon+ qui se base sur un enchainement de réécritures. Nous nous intéressons aux vues représentées par des requêtes conjonctives en autorisant les égalités. Nous nous sommes intéressés par la suite aux propriétés de cet algorithme. Nous démontrons que cet algorithme permet de calculer un ensemble de vues correctes, c.-à-d. toute information calculable à partir de l'ensemble de vues générées est cal­ culable à partir de chacun des deux ensembles de vues de départ / In this thesis, we address the problem of data confidentiality. We propose a new approach to facilitate the administration of access control policies to ensure confidentiality of data in materialized views. In relational databases, a view is a virtual table representing the result of a query. Unlike a simple view, a materialized view persistently stores the data in a table. The latter can be queried like any other database table. We then need to control the access to the materialized view. Among the various models proposed for controlling access to base relations, we choose to express fine-grained access control through authorization views. We propose to infer, from the basic authorization views attached to the base tables, authorization views that will be attached to the materialized views. Tackling this problem amounts to address a fundamental problem in relational databases : How to characterize computable information from two sets of views ? We handle this problem by resorting to query rewriting. We adapt the query rewriting algorithm MiniCon to the context of materialized views with access control and propose the H MiniCon+ algorithm which is based on successive rewritings. We mainly consider conjunctive queries with equalities. We study the properties of our approach. We show that our algorithm can calculate a correct set of views, i.e. any computable information from the generated views is calculable from the two sets of views. In order to prove the termination of our algorithm, we define rewriting trees generated by the application of 1-l MiniCon+ and we study their features. We characterize in which case a tree is finite and show that the approach is maximal, i.e., any derivable information from the two sets of views can be derived from the set of generated views. We characterize in which case the algorithm could not terminate i.e., infinite application of the query rewriting algorithm. In this case, it is impossible to determine the maximality of results and this remains an open problem. We implemented a prototype of the approach and we led some experiments by using synthetic data sets

Vues matérialisées

Vues d'autorisations

Règles de contrôle d'accès

Réécriture de requêtes

Confidentialité des données

Materialized views

Authorization views

Access control

Query rewriting

Data confidentiality

005.7

Access control and inference problem in data integration systems / Problème d'inférence et contrôle d'accès dans les systèmes d'intégration de données

Haddad, Mehdi

01 December 2014

Dans cette thèse nous nous intéressons au contrôle d’accès dans un système issu d’une intégration de données. Dans un système d’intégration de données un médiateur est défini. Ce médiateur a pour objectif d’offrir un point d’entrée unique à un ensemble de sources hétérogènes. Dans ce type d’architecture, l’aspect sécurité, et en particulier le contrôle d’accès, pose un défi majeur. En effet, chaque source, ayant été construite indépendamment, définit sa propre politique de contrôle d’accès. Le problème qui émerge de ce contexte est alors le suivant : "Comment définir une politique représentative au niveau du médiateur et qui permet de préserver les politiques des sources de données impliquées dans la construction du médiateur?" Préserver les politiques des sources de données signifie qu’un accès interdit au niveau d’une source doit également l’être au niveau du médiateur. Aussi, la politique du médiateur doit préserver les données des accès indirects. Un accès indirect consiste à synthétiser une information sensible en combinant des informations non sensibles et les liens sémantiques entre ces informations. Détecter tous les accès indirects dans un système est appelé problème d’inférence. Dans ce manuscrit, nous proposons une méthodologie incrémentale qui permet d’aborder le problème d’inférence dans un contexte d’intégration de données. Cette méthodologie est composée de trois phases. La première, phase de propagation, permet de combiner les politiques sources et ainsi générer une politique préliminaire au niveau médiateur. La deuxième phase, phase de détection, caractérise le rôle que peuvent jouer les relations sémantiques entre données afin d’inférer une information confidentielle. Par la suite, nous introduisant, au sein de cette phase, une approche basée sur les graphes afin d’énumérer tous les accès indirects qui peuvent induire l’accès à une information sensible. Afin de remédier aux accès indirects détectés nous introduisons la phase de reconfiguration qui propose deux solutions. La première solution est mise en œuvre au niveau conceptuel. La seconde solution est mise en œuvre lors de l’exécution. / In this thesis we are interested in controlling the access to a data integration system. In a data integration system, a mediator is defined. This mediator aims at providing a unique entry point to several heterogeneous sources. In this kind of architecture security aspects and access control in particular represent a major challenge. Indeed, every source, designed independently of the others, defines its own access control policy. The problem is then: "How to define a representative policy at the mediator level that preserves sources’ policies?" Preserving the sources’ policies means that a prohibited access at the source level should also be prohibited at the mediator level. Also, the policy of the mediator needs to protect data against indirect accesses. An indirect access occurs when one could synthesize sensitive information from the combination of non sensitive information and semantic constraints. Detecting all indirect accesses in a given system is referred to as the inference problem. In this manuscript, we propose an incremental methodology able to tackle the inference problem in a data integration context. This methodology has three phases. The first phase, the propagation phase, allows combining source policies and therefore generating a preliminary policy at the mediator level. The second phase, the detection phase, characterizes the role of semantic constraints in inducing inference about sensitive information. We also introduce in this phase a graph-based approach able to enumerate all indirect access that could induce accessing sensitive information. In order to deal with previously detected indirect access, we introduce the reconfiguration phase which provides two solutions. The first solution could be implemented at design time. The second solution could be implemented at runtime.

Informatique

Sécurité informatique

Controle d'accès

Intégration de données

Problème dinférence

Intégration de politique d'autorisation

Information Technology

Data security

Access control

Data integration

Inference problem

Authorization policy integration

005.807 2