Your search for: 'author:("Samarati, Pierangela")' has returned 15 results. (0.023s) Save search

Authors: Samarati, Pierangela | Sandhu, Ravi

Article Type: Editorial

DOI: 10.3233/JCS-1997-5401

Citation: Journal of Computer Security, vol. 5, no. 4, pp. 269-270, 1997

Authors: Bonatti, Piero A. | Samarati, Pierangela

Article Type: Research Article

Abstract: The widespread use of Internet-based services is increasing the amount of information (such as user profiles) that clients are required to disclose. This information demand is necessary for regulating access to services, and functionally convenient (e.g., to support service customization), but it has raised privacy-related concerns which, if not addressed, may affect the users disposition to use network services. At the same time, servers need to regulate service access without disclosing entirely the details of their access control policy. There is therefore a pressing need for privacy-aware techniques to regulate access to services open to the network. We propose an …approach for regulating service access and information disclosure on the Web. The approach consists of a uniform formal framework to formulate – and reason about – both service access and information disclosure constraints. It also provides a means for parties to communicate their requirements while ensuring that no private information be disclosed and that the communicated requirements are correct with respect to the constraints. Show more

DOI: 10.3233/JCS-2002-10303

Citation: Journal of Computer Security, vol. 10, no. 3, pp. 241-271, 2002

Authors: Bertino, Elisa | Origgi, Fabio | Samarati, Pierangela

Article Type: Research Article

Abstract: Object-oriented database systems represent today one of the most promising technology to a number of applications in business and industry. A serious problem with these systems is that they do not provide adequate access control mechanisms for controlling access to information. One of the most significant proposal for the protection of OODBMSs is represented by the Orion authorization model. In the Orion authorization model several concepts have been introduced such as those of implicit/explicit and strong/weak authorizations. However, the Orion authorization model suffers from some drawbacks and addresses only partially some protection problems. In this paper we present an authorization …model for the protection of object-oriented database systems based on the types of authorizations introduced in the Orion authorization model. Although based on the same concepts, our model differs from Orion in many respects. The main differences concern the semantics of negative authorizations and of user groups. These differences result in different implication rules for the derivation of authorizations. In the paper we also discuss the problems of authorization administration, creation of new objects, and access control. Show more

DOI: 10.3233/JCS-1994/1995-32-305

Citation: Journal of Computer Security, vol. 3, no. 2-3, pp. 169-206, 1995

Authors: Bertino, Elisa | Samarati, Pierangela | Rossi, Gian Paolo

Article Type: Editorial

DOI: 10.3233/JCS-1997-5301

Citation: Journal of Computer Security, vol. 5, no. 3, pp. 189-190, 1997

Authors: De Capitani di Vimercati, Sabrina | Samarati, Pierangela

Article Type: Research Article

Abstract: A federated system is a collection of cooperating autonomous databases. Federated systems represent today one of the new emerging technologies for data management. This success comes from the need to integrate and work on different existing systems that have been developed and have evolved independently. The necessity of making them available to users as if they were a single system, while at the same time not affecting their independent working, arises several issues with respect to authorization management and specification and to access control enforcement. In this paper we discuss some of these issues and present an authorization model for …the specification and enforcement of authorizations in federated database systems. The model allows users to make their data available to the federation and to choose among different administrative policies for regulating the specification of authorizations. Show more

Keywords: Federated systems, access control, authorization administration, authorization autonomy

DOI: 10.3233/JCS-1997-5205

Citation: Journal of Computer Security, vol. 5, no. 2, pp. 155-188, 1997

Authors: De Capitani di Vimercati, Sabrina | Foresti, Sara | Jajodia, Sushil | Livraga, Giovanni | Paraboschi, Stefano | Samarati, Pierangela

Article Type: Research Article

Abstract: Data fragmentation has been proposed as a solution for protecting the confidentiality of sensitive associations when releasing data for publishing or external storage. To enrich the utility of data fragments, a recent approach has put forward the idea of complementing a pair of fragments with some (non-precise, hence loose ) information on the association between them. Starting from the observation that in presence of multiple fragments the publication of several independent associations between pairs of fragments can cause improper leakage of sensitive information, in this paper we extend loose associations to operate over an arbitrary number of fragments. We first …illustrate how the publication of multiple loose associations between different pairs of fragments can potentially expose sensitive associations, and describe an approach for defining loose associations among an arbitrary set of fragments. We investigate how tuples in fragments can be grouped for producing loose associations so to increase the utility of queries executed over fragments. We then provide a heuristics for performing such a grouping and producing loose associations satisfying a given level of protection for sensitive associations, while achieving utility for queries over different fragments. We also illustrate the result of an extensive experimental effort over both synthetic and real datasets, which shows the efficiency and the enhanced utility provided by our proposal. Show more

Keywords: Loose associations, fragmentation, confidentiality constraints, privacy, data publishing

DOI: 10.3233/JCS-140513

Citation: Journal of Computer Security, vol. 23, no. 1, pp. 59-88, 2015

Authors: De Capitani di Vimercati, Sabrina | Foresti, Sara | Jajodia, Sushil | Paraboschi, Stefano | Samarati, Pierangela

Article Type: Research Article

Abstract: Cloud computing is receiving massive interest from users and companies for its convenient support of scalable access to data and services. The variety and diversification of offers by cloud providers allow users to selectively adopt storage and computational services as they best suit their needs, including cost saving considerations. In such an open context, security remains a major concern, as confidentiality and integrity of data and queries over them can be at risk. In this paper, we present efficient techniques to verify the integrity of join queries computed by potentially untrusted cloud providers, while also protecting data and computation confidentiality. …Our techniques support joins among multiple data sources and introduce a limited overhead in query computation, enabling also economical savings, as the ability to assess integrity increases the spectrum of offers that can be considered for performing the computation. Formal analysis and experimental evaluations confirm the effectiveness and efficiency of our solutions. Show more

Keywords: Query integrity, distributed join, semi-join execution, verification object

DOI: 10.3233/JCS-160545

Citation: Journal of Computer Security, vol. 24, no. 3, pp. 347-378, 2016

Authors: De Capitani di Vimercati, Sabrina | Foresti, Sara | Paraboschi, Stefano | Pelosi, Gerardo | Samarati, Pierangela

Article Type: Research Article

Abstract: Cloud computing is the reference paradigm to provide data storage and management in a convenient and scalable manner. However, moving data to the cloud raises several issues, including the confidentiality of data and of accesses that are no more under the direct control of the data owner. The shuffle index has been proposed as a solution for addressing these issues when data are stored at an external third party. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our approach is based on the use of selective encryption and …on the organization of data and authorizations in two shuffle indexes. Owners regulate access to their data through authorizations that allow different users to access different portions of the data, while, at the same time, the confidentiality of accesses is guaranteed. The proposed approach also supports update operations over the outsourced data collection (i.e., insertion, removal, and update) as well as of the access control policy (i.e., grant and revoke). Also, our approach protects the nature of each access operation, making revoke operations and resource removal operations indistinguishable by the storing server and/or observing users. Show more

Keywords: Shuffle index, access control, data confidentiality, access confidentiality

DOI: 10.3233/JCS-171004

Citation: Journal of Computer Security, vol. 26, no. 2, pp. 143-175, 2018

Authors: Ciriani, Valentina | De Capitani di Vimercati, Sabrina | Foresti, Sara | Livraga, Giovanni | Samarati, Pierangela

Article Type: Research Article

Abstract: With the growing needs for data sharing and dissemination, privacy-preserving data publishing is becoming an important issue that still requires further investigation. In this paper, we make a step towards private data publication by proposing a solution based on the release of vertical views (fragments) over a relational table that satisfy confidentiality and visibility constraints expressing requirements for information protection and release, respectively. We translate the problem of computing a fragmentation composed of the minimum number of fragments into the problem of computing a maximum weighted clique over a fragmentation graph. The fragmentation graph models fragments, efficiently computed using Ordered …Binary Decision Diagrams (OBDDs), that satisfy all the confidentiality constraints and a subset of the visibility constraints defined in the system. We then show an exact and a heuristic algorithm for computing a minimal and a locally minimal fragmentation, respectively. Finally, we provide experimental results comparing the execution time and the fragmentations returned by the exact and heuristic algorithms. The experiments show that the heuristic algorithm has low computation cost and computes a fragmentation close to optimum. Show more

Keywords: Privacy, fragmentation, confidentiality and visibility constraints, OBDDs, maximum weighted clique

DOI: 10.3233/JCS-2012-0449

Citation: Journal of Computer Security, vol. 20, no. 5, pp. 463-508, 2012

Authors: Ciriani, Valentina | De Capitani di Vimercati, Sabrina | Foresti, Sara | Jajodia, Sushil | Paraboschi, Stefano | Samarati, Pierangela

Article Type: Research Article

Abstract: Existing approaches for protecting sensitive information outsourced at external “honest-but-curious” servers are typically based on an overlying layer of encryption applied to the whole database, or on the combined use of fragmentation and encryption. In this paper, we put forward a novel paradigm for preserving privacy in data outsourcing, which departs from encryption. The basic idea is to involve the owner in storing a limited portion of the data, while storing the remaining information in the clear at the external server. We analyze the problem of computing a fragmentation that minimizes the owner's workload, which is represented using different metrics …and corresponding weight functions, and prove that this minimization problem is NP-hard. We then introduce the definition of locally minimal fragmentation that is used to efficiently compute a fragmentation via a heuristic algorithm. The algorithm translates the problem of finding a locally minimal fragmentation in terms of a hypergraph 2-coloring problem. Finally, we illustrate the execution of queries on fragments and provide experimental results comparing the fragmentations returned by our heuristics with respect to optimal fragmentations. The experiments show that the heuristics guarantees a low computation cost and is able to compute a fragmentation close to optimum. Show more

Keywords: Privacy, confidentiality constraints, fragmentation, outsourcing

DOI: 10.3233/JCS-2011-0422

Citation: Journal of Computer Security, vol. 19, no. 3, pp. 531-566, 2011