Access Control Policies Verification Over Distributed Queries ; Vérification des politiques de contrôle d'accès dans les bases de données distribuées en mode cloud
In this thesis, we address the problem of data outsourcing in presence of access control policies. Due to the emergence of Database-as-a-Service paradigm, secure data outsourcing has become one of the crucial challenges which strongly imposes itself. Indeed, data owners place their data among Cloud Storage Service Providers (CSSP) in order to increase flexibility, optimize storage, enhance data manipulation and decrease processing time. In spite of that, access control is considered as a major barrier to cloud computing and data outsourcing arrangements. Hence, the central challenge identified in this context is: How access control policies of data owner are preserved when data is moved to the cloud?From a security perspective, preserving access control policies means that if an access was prohibited initially by the owner's access control policies, it should be also prohibited when data is externalized to Cloud Storage Service Providers. Also, the policy in the Cloud Storage Service Providers level should protect data against indirect access via inference channels. This inference channel is derived from the combination of legitimate answers received from the system with semantic constraints. Furthermore, to maintain data utility, an optimal data placement decision should be considered when this latter is moved to the cloud.In this manuscript, on the basis of vertical partitioning, we propose a graph-based approach to preserve owner's access control policies efficiently when data is externalized to the Cloud Storage Service Providers. To do that, our proposed approach runs through the following steps: Firstly, it relies on semantic relatedness measure between users roles and schema attributes to derive an optimal vertical partitioning. Optimal partitioning is the minimization of the number of distributed queries issued from a user role in order to provide higher performance and speedup. Secondly, by reasoning about functional dependencies as source of inference, we propose a set of algorithms to detect inference ...