Controlled query evaluation with open queries for a decidable relational submodel

  • Joachim Biskup
  • Piero Bonatti


Controlled query evaluation for logic-oriented information systems provides a model for the dynamic enforcement of confidentiality policies in scenarios where users are able to reason about a priori knowledge and the answers to previous queries. Previous foundational work assumes that the control mechanism can solve the arising implication problems and deals only with closed queries. In this paper, we overcome these limitations by refining the abstract model for appropriately represented relational databases. We identify a relational submodel where all instances share a fixed infinite Herbrand domain but have finite base relations, and we require finite and domain-independent query results. Then, via suitable syntactic restrictions on the policy and query languages, each occurring implication problem can be equivalently expressed as a universal validity problem within the Bernays-Schönfinkel class, whose (known) decidability in the classical setting is extended to our framework. For refusal and lying, we design and verify evaluation methods for open queries, exploiting controlled query evaluation of appropriate sequences of closed queries, which include answer completeness tests. Additionally, we present alternative evaluation methods that work for lying and the combined approach but at the price of potentially reduced cooperativeness.


Controlled query evaluation Confidentiality Refusal Lying Combined method Relational database DB-interpretation Open query Propositional logic First-order logic Safe query Domain-independent query Implication problem Finite model theory Bernays-Schönfinkel class Description logic Completeness test 

Mathematics Subject Classifications (2000)

68P15 68P99 03B70 11U05 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading, MA (1995)MATHGoogle Scholar
  2. 2.
    Ackermann, W.: Solvable Cases of the Decision Problem. North-Holland, Amsterdam (1968)Google Scholar
  3. 3.
    Areces, C., Blackburn, P., Marx, M.: A road-map on complexity for hybrid logics. Proceedings 13th Int. Workshop on Computer Science Logic, CSL 99, Lecture Notes in Computer Science 1683, pp. 307–321. Springer, Berlin (1999)Google Scholar
  4. 4.
    Ailamazyan, A.K., Gilula, M.M., Stolbushkin, A.P., Shvarts, G.F.: Reduction of a relational model with infinite domains to the finite-domain case. Russian version: Dokl. Akad. Nauk SSSR 286, 308–311 (January 1986); English translation: Sov. Phys. Dokl. 31(1), 11–13 (January 1986)Google Scholar
  5. 5.
    Baader F., Calvanese D., McGuinness D.L., Nardi D., Patel-Schneider, P.F.: The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, Cambridge (2003)MATHGoogle Scholar
  6. 6.
    Biskup, J.: For unknown secrecies refusal is better than lying. Data Knowl. Eng. 33, 1–23 (2000)MATHCrossRefGoogle Scholar
  7. 7.
    Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38, 199–222 (2001)MATHCrossRefGoogle Scholar
  8. 8.
    Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Proceedings 2nd Int. Symp. on the Foundations of Information and Knowledge Systems, FoIKS 02, Lecture Notes in Computer Science 2284, pp. 49–66. Springer, Berlin (2002)Google Scholar
  9. 9.
    Biskup, J., Bonatti, P.A.: Confidentiality policies and their enforcement for controlled query evaluation. Proceedings 7th European Symp. on Research in Computer Security, ESORICS 02, Lecture Notes in Computer Science 2502, pp. 39–54. Springer, Berlin (2002)Google Scholar
  10. 10.
    Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40, 37–62 (2004)MATHCrossRefGoogle Scholar
  11. 11.
    Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Secur. 3(1), 14–27 (2004)CrossRefGoogle Scholar
  12. 12.
    Biskup, J., Weibert, T.: Refusal in incomplete databases. In: Farkas, C., Samarati, P. (eds.) Research Directions in Data and Applications Security XVII, pp. 143–157. Kluwer, Boston (2004)CrossRefGoogle Scholar
  13. 13.
    Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. Workshop on Foundations of Computer Security, LICS 05,, Chicago (2005)
  14. 14.
    Biskup, J., Wiese, L.: On finding an inference-proof complete database for controlled query evaluation. Proceedings Data and Applications Security 2006, Lecture Notes in Computer Science 4127, pp. 30–43. Springer, Berlin (2006)Google Scholar
  15. 15.
    Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Trans. Knowl. Data Eng. 7(3), 406–422 (1995)CrossRefGoogle Scholar
  16. 16.
    Börger, E., Grädel, E., Gurevich, Y.: The Classical Decision Problem. Springer, Berlin (1997)MATHGoogle Scholar
  17. 17.
    Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)CrossRefGoogle Scholar
  18. 18.
    Brodsky, A., Farkas, C., Wijesekera, D., Wang, X.S.: Constraints, inference channels and secure databases. Principles and Practice of Constraint Programming - CP 2000, 6th International Conference, Singapore, September 18–21, 2000. Lecture Notes in Computer Science 1894, pp. 98–113. Springer, Berlin (2000)Google Scholar
  19. 19.
    Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley, Wokingham, England (1994)Google Scholar
  20. 20.
    Cuppens, F., Gabillon, A.: Cover story management. Data Knowl. Eng. 37, 177–201 (2001)MATHCrossRefGoogle Scholar
  21. 21.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading, MA (1982)MATHGoogle Scholar
  22. 22.
    Dawson, S., De Capitani di Vimercati, S., Lincoln, P., Samarati, P.: Minimal data upgrading to prevent inference and association attacks. Proc. of the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), pp. 114–125 (1999)Google Scholar
  23. 23.
    Dawson, S., De Capitani di Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. 20th IEEE Symp. Secur. Priv. 181–195 (1999)Google Scholar
  24. 24.
    Ebbinghaus, H.-D., Flum, J.: Finite Model Theory. Springer, Berlin (1995)MATHGoogle Scholar
  25. 25.
    Elmasri, R., Navathe, S.B.: Fundamentals of Database Systems, 3rd edn. Addison-Wesley, Reading, MA (2000)Google Scholar
  26. 26.
    Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explorations Newsletter 4(2), 6–11 (2002)CrossRefGoogle Scholar
  27. 27.
    Gollmann, D.: Computer Security, 2nd edn. Wiley, New York (2006)Google Scholar
  28. 28.
    Libkin, L.: Elements of Finite Model Theory. Springer, Berlin (2004)MATHGoogle Scholar
  29. 29.
    Lloyd, J.W.: Foundations of Logic Programming. Springer, Berlin (1987)MATHGoogle Scholar
  30. 30.
    Shoenfield, J.R.: Mathematical Logic. Addison-Wesley, Reading (1967)MATHGoogle Scholar
  31. 31.
    Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41–59 (1983)MATHCrossRefGoogle Scholar
  32. 32.
    Su, T.A., Ozsoyoglu, G.: Controlling FD and MVD inferences in multilevel relational database systems. IEEE Trans. Knowl. Data Eng. 3(4), 474–485 (1991)CrossRefGoogle Scholar
  33. 33.
    Ullman, J.D.: Principles of Database and Knowlwdge-Base Systems – vol. I. Computer Science Press, Rockville, MD (1988)Google Scholar
  34. 34.
    Winslett, M., Smith, K., Qian, X.: Formal query languages for secure relational databases. ACM Trans. Database Syst. 19(4), 626–662 (1994)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media B.V. 2007

Authors and Affiliations

  1. 1.Fachbereich InformatikUniversität DortmundDortmundGermany
  2. 2.Università di Napoli “Frederico II”NaplesItaly

Personalised recommendations