Controlled Query Evaluation with Open Queries for a Decidable Relational Submodel
Controlled query evaluation for logic-oriented information systems provides a model for the dynamic enforcement of confidentiality policies even if users are able to reason about a priori knowledge and the answers to previous queries. Previous foundational work simply assumes that the control mechanism can solve the arising entailment problems (no matter how complex they may be), and deals only with closed queries. In this paper, we overcome these limitations by refining the abstract model for appropriately represented relational databases. We identify a relational submodel where all instances share a fixed infinite Herbrand domain but have finite base relations, and we require finite and domain-independent query results. Then, via suitable syntactic restrictions on the policy and query languages, each entailment problem occurring in the framework can be equivalently expressed as a universal validity problem within the Bernays-Schönfinkel class, whose (known) decidability in the classical setting is extended to our framework. For both refusal and lying, we design and verify evaluation methods for open queries, exploiting controlled query evaluation of appropriate sequences of closed queries, which include answer completeness tests.
KeywordsControlled query evaluation Confidentiality Refusal Lying Complete information system Relational database Open query First-order logic Safe query Domain-independent query Implication problem Finite model theory Bernays-Schönfinkel class Guarded fragment Completeness test
Unable to display preview. Download preview PDF.
- 2.Ackermann, W.: Solvable Cases of the Decision Problem. North-Holland, Amsterdam (1968)Google Scholar
- 9.Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. In: Workshop on Foundations of Computer Security, LICS 2005, Chicago (2005), http://www.cs.chalmers.se/~andrei/FCS05/
- 14.Dawson, S., De Capitani di Vimercati, S., Lincoln, P., Samarati, P.: Minimal data upgrading to prevent inference and association attacks. In: Proc. of the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), pp. 114–125 (1999)Google Scholar
- 15.Dawson, S., De Capitani di Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. In: IEEE Symposium on Security and Privacy 1999, pp. 181–195 (1999)Google Scholar
- 17.Elmasri, R., Navathe, S.B.: Fundamentals of Database Systems, 3rd edn. Addison-Wesley, Reading (2000)Google Scholar