Abstract
Policy-based inference control of queries submitted to a logic-oriented information system requires us to consider the history of queries and answers to a particular user. In most previous approaches, the control system captures the history by maintaining a fictitious view the user is supposed to generate by exploiting rational reasoning. In this paper, we propose and explore an alternative option to represent the history, namely by suitably adapting the confidentiality policy after returning an answer to a query. Basically, such a policy adaption precomputes all relevant steps of formal proofs that the fictitious view logically implies some policy element. We focus on propositional information systems.
This work has been performed within the framework of the Collaborative Research Center “Providing Information by Resource-Constrained Data Analysis”, supported by the Deutsche Forschungsgemeinschaft under grant SFB 876/A5.
Chapter PDF
Similar content being viewed by others
Keywords
References
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)
Bell, D.E., LaPadula, L.J.: Secure computer systems: A mathematical model, volume II. Journal of Computer Security 4(2/3), 229–263 (1996); reprint of MITRE Corporation (1974)
Bertino, E., Buccafurri, F., Ferrari, E., Rullo, P.: A logic-based approach for enforcing access control. Journal of Computer Security 8(2/3) (2000)
Biskup, J.: Security in Computing Systems – Challenges, Approaches and Solutions. Springer, Heidelberg (2009)
Biskup, J.: Usability confinement of server reactions: Maintaining inference-proof client views by controlled interaction execution. In: Kikuchi, S., Sachdeva, S., Bhalla, S. (eds.) DNIS 2010. LNCS, vol. 5999, pp. 80–106. Springer, Heidelberg (2010)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Sec. 3(1), 14–27 (2004)
Chen, Y., Chu, W.W.: Protection of database security via collaborative inference detection. IEEE Trans. Knowl. Data Eng. 20(8), 1013–1027 (2008)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)
Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41–59 (1983)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Biskup, J. (2011). History-Dependent Inference Control of Queries by Dynamic Policy Adaption. In: Li, Y. (eds) Data and Applications Security and Privacy XXV. DBSec 2011. Lecture Notes in Computer Science, vol 6818. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22348-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-22348-8_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22347-1
Online ISBN: 978-3-642-22348-8
eBook Packages: Computer ScienceComputer Science (R0)