Controlled Query Evaluation with Open Queries for a Decidable Relational Submodel

  • Joachim Biskup
  • Piero Bonatti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3861)


Controlled query evaluation for logic-oriented information systems provides a model for the dynamic enforcement of confidentiality policies even if users are able to reason about a priori knowledge and the answers to previous queries. Previous foundational work simply assumes that the control mechanism can solve the arising entailment problems (no matter how complex they may be), and deals only with closed queries. In this paper, we overcome these limitations by refining the abstract model for appropriately represented relational databases. We identify a relational submodel where all instances share a fixed infinite Herbrand domain but have finite base relations, and we require finite and domain-independent query results. Then, via suitable syntactic restrictions on the policy and query languages, each entailment problem occurring in the framework can be equivalently expressed as a universal validity problem within the Bernays-Schönfinkel class, whose (known) decidability in the classical setting is extended to our framework. For both refusal and lying, we design and verify evaluation methods for open queries, exploiting controlled query evaluation of appropriate sequences of closed queries, which include answer completeness tests.


Controlled query evaluation Confidentiality Refusal Lying Complete information system Relational database Open query First-order logic Safe query Domain-independent query Implication problem Finite model theory Bernays-Schönfinkel class Guarded fragment Completeness test 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)zbMATHGoogle Scholar
  2. 2.
    Ackermann, W.: Solvable Cases of the Decision Problem. North-Holland, Amsterdam (1968)Google Scholar
  3. 3.
    Andreka, H., Nemeti, I., van Benthem, J.: Modal languages and bounded fragments of predicate logic. Journal of Philosophical Logic 27(3), 217–274 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Biskup, J.: For unknown secrecies refusal is better than lying. Data and Knowledge Engineering 33, 1–23 (2000)zbMATHCrossRefGoogle Scholar
  5. 5.
    Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data and Knowledge Engineering 38, 199–222 (2001)zbMATHCrossRefGoogle Scholar
  6. 6.
    Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Annals of Mathematics and Artificial Intelligence 40, 37–62 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. Journal of Information Security 3(1), 14–27 (2004)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Biskup, J., Weibert, T.: Refusal in incomplete databases. In: Research Directions in Data and Applications Security XVII, pp. 143–157. Kluwer, Boston (2004)CrossRefGoogle Scholar
  9. 9.
    Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. In: Workshop on Foundations of Computer Security, LICS 2005, Chicago (2005),
  10. 10.
    Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Transactions on Knowledge and Data Engineering 7(3), 406–422 (1995)CrossRefGoogle Scholar
  11. 11.
    Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: constraints, inference channels, and monitoring disclosures. IEEE Transactions on Knowledge and Data Engineering 12(6), 900–919 (2000)CrossRefGoogle Scholar
  12. 12.
    Brodsky, A., Farkas, C., Wijesekera, D., Wang, X.S.: Constraints, inference channels and secure databases. In: Dechter, R. (ed.) CP 2000. LNCS, vol. 1894, pp. 98–113. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Cuppens, F., Gabillon, A.: Cover story management. Data and Knowledge Engineering 37, 177–201 (2001)zbMATHCrossRefGoogle Scholar
  14. 14.
    Dawson, S., De Capitani di Vimercati, S., Lincoln, P., Samarati, P.: Minimal data upgrading to prevent inference and association attacks. In: Proc. of the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), pp. 114–125 (1999)Google Scholar
  15. 15.
    Dawson, S., De Capitani di Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. In: IEEE Symposium on Security and Privacy 1999, pp. 181–195 (1999)Google Scholar
  16. 16.
    Ebbinghaus, H.-D., Flum, J.: Finite Model Theory. Springer, Berlin (1995)zbMATHGoogle Scholar
  17. 17.
    Elmasri, R., Navathe, S.B.: Fundamentals of Database Systems, 3rd edn. Addison-Wesley, Reading (2000)Google Scholar
  18. 18.
    Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explorations Newsletter 4(2), 6–11 (2002)CrossRefGoogle Scholar
  19. 19.
    Graedel, E.: On the restraining power of guards. Journal of Symbolic Logic 64(4), 1719–1742 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Libkin, L.: Elements of Finite Model Theory. Springer, Berlin (2004)zbMATHGoogle Scholar
  21. 21.
    Lloyd, J.W.: Foundations of Logic Programming. Springer, Heidelberg (1987)zbMATHGoogle Scholar
  22. 22.
    Shoenfield, J.R.: Mathematical Logic. Addison-Wesley, Reading (1967)zbMATHGoogle Scholar
  23. 23.
    Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Transactions on Database Systems 8(1), 41–59 (1983)zbMATHCrossRefGoogle Scholar
  24. 24.
    Su, T.A., Ozsoyoglu, G.: Controlling FD and MVD inferences in multilevel relational database systems. IEEE Trans. on Knowledge and Data Engineering 3(4), 474–485 (1991)CrossRefGoogle Scholar
  25. 25.
    Winslett, M., Smith, K., Qian, X.: Formal query languages for secure relational databases. ACM Transactions on Database Systems 19(4), 626–662 (1994)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Joachim Biskup
    • 1
  • Piero Bonatti
    • 2
  1. 1.Fachbereich InformatikUniversität DortmundDortmundGermany
  2. 2.Sezione di InformaticaUniversità di Napoli “Frederico II”NapoliItaly

Personalised recommendations