Séminaire SoSySec : Reasoning over leaks of information for Access Control of Databases

Seminar
Starting on
Ending on
Location
IRISA Rennes
Room
Métivier
Speaker
Pierre Bourhis
SoSySec seminar
Software and Systems Security
Inria - Rennes
Thursday October 13th, 11:00

Room: Metivier

Remotely via BBB: https://bbb.inria.fr/all-t0p-qjq-9em
Access code: 192737

----------------------------------------------------------------------
Pierre Bourhis (CNRS, CRISTAL)
----------------------------------------------------------------------
======================================================================
Reasoning over leaks of information for Access Control of Databases
======================================================================
Controlling the access of data in Database management systems is a 
classical problem and it has been solved through different mechanisms. 
One of the most common mechanism implemented in most Database management 
systems is the mechanism of views, i.e defining the accessible data of a 
user as the result of a query. This mechanism is also used in principle in 
other systems such as in social networks. Unfortunately, this approach 
has some defaults. Even though it does not leak any secret information, 
the user seeing the data can infer some of these secret data by using 
different knowledge such as the logical definition of the query used 
to define the accessible data and various properties of the database. 
In this talk, I will present a formalism allowing to check when a set 
of views does not leak any information even through this kind of attacks.

To receive the SoSySec announcements, please subscribe to the SoSySec
mailing list:
https://sympa.inria.fr/sympa/subscribe/sosysec
All past and future SoSySec talks are listed at
https://seminaires-dga.inria.fr/en/seances-a-venir/
----------------------------------------------------------------------

Vous pouvez vous abonner à nos annonces de séminaires :
https://sympa.inria.fr/sympa/subscribe/sosysec
et consulter la liste des exposés passés et à venir :
https://seminaires-dga.inria.fr/seances-a-venir/