Inference Control in Logic Databases as a Constraint Satisfaction Problem

  • Joachim Biskup
  • Dominique Marc Burgard
  • Torben Weibert
  • Lena Wiese
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4812)


We investigate inference control in logic databases. The administrator defines a confidentiality policy, i. e., the pieces of information which may not be disclosed to a certain user. We present a static approach which constructs an alternative database instance in which the confidential information is replaced by harmless information. The construction is performed by the means of constraint programming: The task of finding an appropriate database instance is delegated to a hierarchical constraint solver. We compare this static approach to a dynamic inference control mechanism – Controlled Query Evaluation – investigated in earlier work, and we also point out possible extensions which make use of the various opportunities offered by hierarchical constraint solvers.


Inference control confidentiality logic databases constraint satisfaction problems constraint hierarchies 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Farkas, C., Jajodia, S.: The inference problem: A survey. SIGKDD Explorations 4(2), 6–11 (2002)CrossRefGoogle Scholar
  2. 2.
    Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. International Journal of Information Security 3, 14–27 (2004)CrossRefGoogle Scholar
  3. 3.
    Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. In: Dix, J., Hegner, S.J. (eds.) FoIKS 2006. LNCS, vol. 3861, pp. 43–62. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. Submitted, 2007. In: FCS 2005. Extended abstract presented at the LICS 2005 Affiliated Workshop on Foundations of Computer Security (2005), available from
  5. 5.
    Biskup, J., Wiese, L.: On finding an inference-proof complete database for controlled query evaluation. In: Damiani, E., Liu, P. (eds.) Data and Applications Security XX. LNCS, vol. 4127, pp. 30–43. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Apt, K.: Principles of Constraint Programming. Cambridge University Press, Cambridge (2003)Google Scholar
  7. 7.
    Frühwirth, T., Abdennadher, S.: Essentials of Constraint Programming. Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Ahn, G.J., Sandhu, R.: Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur. 3(4), 207–226 (2000)CrossRefGoogle Scholar
  9. 9.
    Jaeger, T.: On the increasing importance of constraints. In: RBAC 1999. Proceedings of the fourth ACM workshop on Role-based access control, pp. 33–42. ACM Press, New York (1999)CrossRefGoogle Scholar
  10. 10.
    Moodahi, I., Gudes, E., Lavee, O., Meisels, A.: A secureworkflow model based on distributed constrained role and task assignment for the internet. In: Lopez, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 171–186. Springer, Heidelberg (2004)Google Scholar
  11. 11.
    Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data & Knowledge Engineering 38, 199–222 (2001)MATHCrossRefGoogle Scholar
  12. 12.
    Borning, A., Freeman-Benson, B.N., Wilson, M.: Constraint hierarchies. Lisp and Symbolic Computation 5(3), 223–270 (1992)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Joachim Biskup
    • 1
  • Dominique Marc Burgard
    • 1
  • Torben Weibert
    • 1
  • Lena Wiese
    • 1
  1. 1.Fachbereich Informatik, Universität Dortmund, 44221 DortmundGermany

Personalised recommendations