Skip to main content
SpringerLink
Log in

Controlled query evaluation with open queries for a decidable relational submodel

  • Published:
Annals of Mathematics and Artificial Intelligence Aims and scope Submit manuscript

Abstract

Controlled query evaluation for logic-oriented information systems provides a model for the dynamic enforcement of confidentiality policies in scenarios where users are able to reason about a priori knowledge and the answers to previous queries. Previous foundational work assumes that the control mechanism can solve the arising implication problems and deals only with closed queries. In this paper, we overcome these limitations by refining the abstract model for appropriately represented relational databases. We identify a relational submodel where all instances share a fixed infinite Herbrand domain but have finite base relations, and we require finite and domain-independent query results. Then, via suitable syntactic restrictions on the policy and query languages, each occurring implication problem can be equivalently expressed as a universal validity problem within the Bernays-Schönfinkel class, whose (known) decidability in the classical setting is extended to our framework. For refusal and lying, we design and verify evaluation methods for open queries, exploiting controlled query evaluation of appropriate sequences of closed queries, which include answer completeness tests. Additionally, we present alternative evaluation methods that work for lying and the combined approach but at the price of potentially reduced cooperativeness.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading, MA (1995)

    MATH  Google Scholar 

  2. Ackermann, W.: Solvable Cases of the Decision Problem. North-Holland, Amsterdam (1968)

    Google Scholar 

  3. Areces, C., Blackburn, P., Marx, M.: A road-map on complexity for hybrid logics. Proceedings 13th Int. Workshop on Computer Science Logic, CSL 99, Lecture Notes in Computer Science 1683, pp. 307–321. Springer, Berlin (1999)

    Google Scholar 

  4. Ailamazyan, A.K., Gilula, M.M., Stolbushkin, A.P., Shvarts, G.F.: Reduction of a relational model with infinite domains to the finite-domain case. Russian version: Dokl. Akad. Nauk SSSR 286, 308–311 (January 1986); English translation: Sov. Phys. Dokl. 31(1), 11–13 (January 1986)

    Google Scholar 

  5. Baader F., Calvanese D., McGuinness D.L., Nardi D., Patel-Schneider, P.F.: The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, Cambridge (2003)

    MATH  Google Scholar 

  6. Biskup, J.: For unknown secrecies refusal is better than lying. Data Knowl. Eng. 33, 1–23 (2000)

    Article  MATH  Google Scholar 

  7. Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38, 199–222 (2001)

    Article  MATH  Google Scholar 

  8. Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Proceedings 2nd Int. Symp. on the Foundations of Information and Knowledge Systems, FoIKS 02, Lecture Notes in Computer Science 2284, pp. 49–66. Springer, Berlin (2002)

    Google Scholar 

  9. Biskup, J., Bonatti, P.A.: Confidentiality policies and their enforcement for controlled query evaluation. Proceedings 7th European Symp. on Research in Computer Security, ESORICS 02, Lecture Notes in Computer Science 2502, pp. 39–54. Springer, Berlin (2002)

    Google Scholar 

  10. Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40, 37–62 (2004)

    Article  MATH  Google Scholar 

  11. Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Secur. 3(1), 14–27 (2004)

    Article  Google Scholar 

  12. Biskup, J., Weibert, T.: Refusal in incomplete databases. In: Farkas, C., Samarati, P. (eds.) Research Directions in Data and Applications Security XVII, pp. 143–157. Kluwer, Boston (2004)

    Chapter  Google Scholar 

  13. Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. Workshop on Foundations of Computer Security, LICS 05, http://www.cs.chalmers.se/~andrei/FCS05/, Chicago (2005)

  14. Biskup, J., Wiese, L.: On finding an inference-proof complete database for controlled query evaluation. Proceedings Data and Applications Security 2006, Lecture Notes in Computer Science 4127, pp. 30–43. Springer, Berlin (2006)

    Google Scholar 

  15. Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Trans. Knowl. Data Eng. 7(3), 406–422 (1995)

    Article  Google Scholar 

  16. Börger, E., Grädel, E., Gurevich, Y.: The Classical Decision Problem. Springer, Berlin (1997)

    MATH  Google Scholar 

  17. Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)

    Article  Google Scholar 

  18. Brodsky, A., Farkas, C., Wijesekera, D., Wang, X.S.: Constraints, inference channels and secure databases. Principles and Practice of Constraint Programming - CP 2000, 6th International Conference, Singapore, September 18–21, 2000. Lecture Notes in Computer Science 1894, pp. 98–113. Springer, Berlin (2000)

    Google Scholar 

  19. Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley, Wokingham, England (1994)

    Google Scholar 

  20. Cuppens, F., Gabillon, A.: Cover story management. Data Knowl. Eng. 37, 177–201 (2001)

    Article  MATH  Google Scholar 

  21. Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading, MA (1982)

    MATH  Google Scholar 

  22. Dawson, S., De Capitani di Vimercati, S., Lincoln, P., Samarati, P.: Minimal data upgrading to prevent inference and association attacks. Proc. of the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), pp. 114–125 (1999)

  23. Dawson, S., De Capitani di Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. 20th IEEE Symp. Secur. Priv. 181–195 (1999)

  24. Ebbinghaus, H.-D., Flum, J.: Finite Model Theory. Springer, Berlin (1995)

    MATH  Google Scholar 

  25. Elmasri, R., Navathe, S.B.: Fundamentals of Database Systems, 3rd edn. Addison-Wesley, Reading, MA (2000)

    Google Scholar 

  26. Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explorations Newsletter 4(2), 6–11 (2002)

    Article  Google Scholar 

  27. Gollmann, D.: Computer Security, 2nd edn. Wiley, New York (2006)

    Google Scholar 

  28. Libkin, L.: Elements of Finite Model Theory. Springer, Berlin (2004)

    MATH  Google Scholar 

  29. Lloyd, J.W.: Foundations of Logic Programming. Springer, Berlin (1987)

    MATH  Google Scholar 

  30. Shoenfield, J.R.: Mathematical Logic. Addison-Wesley, Reading (1967)

    MATH  Google Scholar 

  31. Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41–59 (1983)

    Article  MATH  Google Scholar 

  32. Su, T.A., Ozsoyoglu, G.: Controlling FD and MVD inferences in multilevel relational database systems. IEEE Trans. Knowl. Data Eng. 3(4), 474–485 (1991)

    Article  Google Scholar 

  33. Ullman, J.D.: Principles of Database and Knowlwdge-Base Systems – vol. I. Computer Science Press, Rockville, MD (1988)

    Google Scholar 

  34. Winslett, M., Smith, K., Qian, X.: Formal query languages for secure relational databases. ACM Trans. Database Syst. 19(4), 626–662 (1994)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fachbereich Informatik, Universität Dortmund, 44221, Dortmund, Germany

    Joachim Biskup

  2. Università di Napoli “Frederico II”, 80126, Naples, Italy

    Piero Bonatti

Authors
  1. Joachim Biskup
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Piero Bonatti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joachim Biskup.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Biskup, J., Bonatti, P. Controlled query evaluation with open queries for a decidable relational submodel. Ann Math Artif Intell 50, 39–77 (2007). https://doi.org/10.1007/s10472-007-9070-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10472-007-9070-5

Keywords

Mathematics Subject Classifications (2000)

Search

Navigation