Abstract
Publishing information to clients of an information system may leak confidential information. Even more, update transaction protocols must ensure both integrity and confidentiality of information which results in a conflicting situation rather involved. To avoid confidentiality breaches, previous work allow views with misinformation provided to clients. In order to maintain correctness and reliability of information, we propose query and update protocols that refuse client requests for the sake of confidentiality. Further, this article focuses on availability of information in two ways: confidentiality policy specification can impose less strict confidentiality in favor of availability; the proposed transaction protocol is shown to be as cooperative and to provide as much information as possible among a discussed class of transaction protocols. Regarding the confidentiality policy, in our approach the security administrator can choose between protecting only sensitive information in the current instance or even outdated information of previous instances.
Part of this work has been supported by Deutsche Forschungsgemeinschaft (DFG) within the Collaborative Research Center SFB 876 “Providing Information by Resource-Constrained Analysis”, project A5.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Toland, T.S., Farkas, C., Eastman, C.M.: The inference problem: Maintaining maximal availability in the presence of database updates. Computers & Security 29(1), 88–103 (2010)
Jajodia, S., Meadows, C.: Inference problems in multilevel secure database management systems. In: Abrams, M.D., Jajodia, S., Podell, H.J. (eds.) Information Security: An Integrated Collection of Essays, pp. 570–584. IEEE (1995)
Biskup, J., Gogolin, C., Seiler, J., Weibert, T.: Requirements and Protocols for Inference-Proof Interactions in Information Systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 285–302. Springer, Heidelberg (2009)
Biskup, J., Tadros, C.: Policy-based secrecy in the Runs & Systems framework and controlled query evaluation. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) Short Paper of IWSEC 2010. IPSJ, pp. 60–77 (2010)
Biskup, J.: Usability Confinement of Server Reactions: Maintaining Inference-Proof Client Views by Controlled Interaction Execution. In: Kikuchi, S., Sachdeva, S., Bhalla, S. (eds.) DNIS 2010. LNCS, vol. 5999, pp. 80–106. Springer, Heidelberg (2010)
Biskup, J., Gogolin, C., Seiler, J., Weibert, T.: Inference-proof view update transactions with forwarded refreshments. Journal of Computer Security 19(3), 487–529 (2011)
Bancilhon, F., Spyratos, N.: Update semantics of relational views. ACM Transactions on Database Systems (TODS) 6(4), 557–575 (1981)
Gabillon, A.: Multilevel databases. In: Rivero, L.C., Doorn, J.H., Ferraggine, V.E. (eds.) Encyclopedia of Database Technologies and Applications, pp. 386–389. Idea Group (2005)
Biskup, J., Wiese, L.: A sound and complete model-generation procedure for consistent and confidentiality-preserving databases. Theoretical Computer Science 412(31), 4044–4072 (2011)
Dawson, S., di Vimercati, S.D.C., Lincoln, P., Samarati, P.: Maximizing sharing of protected information. Journal of Computer and System Sciences 64(3), 496–541 (2002)
Aggarwal, C.C., Yu, P.S. (eds.): Privacy-Preserving Data Mining - Models and Algorithms. Advances in Database Systems, vol. 34. Springer, Heidelberg (2008)
Jajodia, S., Atluri, V., Keefe, T.F., McCollum, C.D., Mukkamala, R.: Multilevel security transaction processing. Journal of Computer Security 9(3), 165–195 (2001)
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley (1995)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. International Journal of Information Security 3(1), 14–27 (2004)
Mazumdar, S., Stemple, D.W., Sheard, T.: Resolving the tension between integrity and security using a theorem prover. In: Boral, H., Larson, P.Å. (eds.) SIGMOD Conference 1988, pp. 233–242. ACM Press (1988)
Cuppens, F., Gabillon, A.: Logical foundations of multilevel databases. Data & Knowledge Engineering 29(3), 259–291 (1999)
Biskup, J., Wiese, L.: Preprocessing for controlled query evaluation with availability policy. Journal of Computer Security 16(4), 477–494 (2008)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Enforcing Confidentiality and Data Visibility Constraints: An OBDD Approach. In: Li, Y. (ed.) DBSec 2011. LNCS, vol. 6818, pp. 44–59. Springer, Heidelberg (2011)
Biskup, J., Lochner, J.-H., Sonntag, S.: Optimization of the Controlled Evaluation of Closed Relational Queries. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 214–225. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biskup, J., Tadros, C. (2012). Inference-Proof View Update Transactions with Minimal Refusals. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds) Data Privacy Management and Autonomous Spontaneus Security. DPM SETOP 2011 2011. Lecture Notes in Computer Science, vol 7122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28879-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-28879-1_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28878-4
Online ISBN: 978-3-642-28879-1
eBook Packages: Computer ScienceComputer Science (R0)