Advertisement

Information flow controls vs inference controls: An integrated approach

  • F. Cuppens
  • G. Trouessin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)

Abstract

This paper proposes a formal method for modeling database security based on a logical interpretation of two problems: the (internal) information flow controls and the (external) information inference controls. Examples are developed that illustrate the inability of “classical” security models such as non-interference and non-deducibility to completely take into account the inference problem, because both are too constraining: the former model leads to the existence problem, whereas the latter one leads to the elimination problem. The causality model, which has been developed to solve the information flow control problem by considering that “what is known, must be permitted to be known”, does not also explicitly take into account the inference problem. But we show that it is possible to extend causality so that inference can in fact be solved by formalizing the security policy consistency in the following way “any information must not be both permitted and forbidden, to be known”. However, some difficulties remain if we do not consider that a subject can perform not only valid derivations but also plausible derivations. In particular, we show that classical solutions to the inference problem such as use of polyinstantiated databases are not plainly satisfactory, unless the security policy is able to estimate how it is plausible that an abductive reasoning can occur.

Keywords

Security model Information flow control Database security Inference control Modal logic 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    C. E. Alchourron. Philosophical Foundations of Deontic Logic and its Practical Applications in Computational Contexts. In Proc. of the First International Workshop on Deontic Logic in Computer Science, Amsterdam, The Netherlands, 1991. Invited Lecture.Google Scholar
  2. 2.
    D. Bell and L. LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical Report ESD-TR-75-306, MTR-2997, MITRE, Bedford, Mass, 1975.Google Scholar
  3. 3.
    P. Bieber and F. Cuppens. Computer Security Policies and Deontic Logic. In Proc. of the First International Workshop on Deontic Logic in Computer Science, Amsterdam, The Netherlands, 1991.Google Scholar
  4. 4.
    P. Bieber and F. Cuppens. A Logical View of Secure Dependencies. Journal of Computer Security, 1(1):99–129, 1992.Google Scholar
  5. 5.
    P. Bieber and F. Cuppens. Secure Dependencies with Dynamic Level Assignments. In Proc. of the computer security foundations workshop, Franconia, 1992.Google Scholar
  6. 6.
    N. Boulahia-Cuppens and F. Cuppens. Asynchronous composition and required security condition. In IEEE Symposium on Security and Privacy, Oakland, 1994.Google Scholar
  7. 7.
    E. Cohen. Information Transmission in Sequential Programs. In Foundations of Secure Computation. Academic Press, 1978.Google Scholar
  8. 8.
    F. Cuppens. A modal logic framework to solve aggregation problems. In S. Jajodia and C. Landwehr, editors, Database Security, 5: Status and Prospects. North-Holland, 1992. Results of the IFIP WG 11.3 Workshop on Database Security.Google Scholar
  9. 9.
    F. Cuppens. A Logical Analysis of Authorized and Prohibited Information Flows. In IEEE Symposium on Security and Privacy, Oakland, 1993.Google Scholar
  10. 10.
    F. Cuppens and R. Demolombe. Normative Conflicts in a Confidentiality Policy. In ECAI-94 Workshop on Artificial Normative Reasoning, Amsterdam, The Netherlands, 1994.Google Scholar
  11. 11.
    F. Cuppens and K. Yazdanian. A “Natural” Decomposition of Multi-level Relations. In IEEE Symposium on Security and Privacy, Oakland, 1992.Google Scholar
  12. 12.
    R. Demolombe and L. Fariñas del Cerro. Efficient representation of incomplete information. In J. Schmidt and C Thanos, editors, Foundations of Knowledge Base Management. Springer Verlag, 1990.Google Scholar
  13. 13.
    D. Denning. Cryptography and Data Security. Addison-Wesley, 1982.Google Scholar
  14. 14.
    D. Denning, T. Lunt, R. Shell, M. Heckman, and W. Shockley. A Multilevel Relational Data Model. In IEEE Symposium on Security and Privacy, Oakland, 1987.Google Scholar
  15. 15.
    D. Denning, T. Lunt, R. Shell, W. Shockley, and M. Heckman. The SeaView Security Model. In IEEE Symposium on Security and Privacy, Oakland, 1988.Google Scholar
  16. 16.
    D. Dubois and H. Prade. Possibility Theory: an approach to computerized processing of uncertainty. Plenum Press, 1988.Google Scholar
  17. 17.
    T. Garvey, T. Lunt, X. Qian, and M. Stickel. Toward a Tool to Detect and Eliminate Inference Problems in the Design of Multilevel Databases. In Proc. of the Sixth IFIP WG 11.3 Working Conference on Database Security, Vancouver, 1992.Google Scholar
  18. 18.
    T. D. Garvey and T. F. Lunt. Cover Stories for Database Security. In S. Jajodia and C. Landwehr, editors, Database Security, 5: Status and Prospects. North-Holland, 1992. Results of the IFIP WG 11.3 Workshop on Database Security.Google Scholar
  19. 19.
    T. D. Garvey, T. F. Lunt, and M. E. Stickel. Abductive and Approximate Reasoning Models for Characterizing Inference Channels. In Proc. of the computer security foundations workshop, Franconia, 1991.Google Scholar
  20. 20.
    J. Glasgow and G. McEwen. Reasoning about knowledge and permission in secure distributed systems. In Proc. of the computer security foundations workshop, Fianconia, 1988.Google Scholar
  21. 21.
    J. Goguen and J. Meseguer. Unwinding and Inference Control. In IEEE Symposium on Security and Privacy, Oakland, 1984.Google Scholar
  22. 22.
    M. J. Grohn. A model of a protected data management system. Technical Report ESD-TR-76-289, I. P. Sharp Associates Ltd., Bedford, Mass, 1976.Google Scholar
  23. 23.
    J. Guttman and M. Nadel. What needs securing. In Proc. of the computer security foundations workshop, Franconia, 1988.Google Scholar
  24. 24.
    J. T. Haigh, R. C. O'Brien, P. D. Stachour, and D. L. Toups. The LDV Approach to Database Security. In D. L. Spooner and C. Landwehr, editors, Database Security, III: Status and Prospects. North-Holland, 1990. Results of the IFIP WG 11.3 Workshop on Database Security.Google Scholar
  25. 25.
    T. H. Hinke. Inference Aggregation Detection in Database Management Systems. In IEEE Symposium on Security and Privacy, Oakland, 1988.Google Scholar
  26. 26.
    T. H. Hinke and M. Schaeffer. Secure data management system. Technical Report RADC-TR-75-266, System Development Corporation, 1975.Google Scholar
  27. 27.
    T. Imielinski and W. Lipski. Incomplete information in relational databases. JACM, 31(4), October 1984.Google Scholar
  28. 28.
    S. Jajodia and R. Sandhu. Polyinstatiation Integrity in Multilevel Relations. In IEEE Symposium on Security and Privacy, Oakland, 1990.Google Scholar
  29. 29.
    B. W. Lampson. A note on the confinement problem. Communication of the Association for Computing Machinery, 16(10):613–615, 1973.Google Scholar
  30. 30.
    K.-C. Liu and R. Sunderraman. General indefinite and maybe information in relational databases. In R. Ritter, editor, Information processing 89, pages 809–814, New-York, 1989. Elsevier.Google Scholar
  31. 31.
    R. Sandhu and S. Jajodia. Honest Databases That Can Keep Secrets. In Proceedings of the 14th National Computer Security Conference, Washington, D.C., 1991.Google Scholar
  32. 32.
    G. Shafer. A Mathematical Theory of Evidence. Princeton University Press, 1976.Google Scholar
  33. 33.
    G. W. Smith. Multilevel Secure Database Design: A Practical Application. In Fifth Annual Computer Security Applications Conference, Tucson, Arizona, 1989.Google Scholar
  34. 34.
    D. Sutherland. A Model of Information. In Proceedings of the 9th National Computer Security Conference, 1986.Google Scholar
  35. 35.
    B. Thuraisingham, W. Ford, M. Collins, and J. O'Keefe. Design and implementation of a database inference controller. Data & Knowledge Engineering, 11(3), December 1993.Google Scholar
  36. 36.
    G. Trouessin. Quantitative Evaluation of Confidentiality by Entropy Calculation. In Proc. of the computer security foundations workshop, Franconia, 1991.Google Scholar
  37. 37.
    R. A. Whitehurst and T. F. Lunt. The Seaview Verification. In Proc. of the computer security foundations workshop, Fianconia., 1989.Google Scholar
  38. 38.
    L. A. Zadeh. Fuzzy Sets as a Basis for a Theory of Possibility. Fuzzy Sets and Systems, 1, 1978.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • F. Cuppens
    • 1
  • G. Trouessin
    • 2
  1. 1.ONERA-CERTToulouse CedexFrance
  2. 2.CESSI CNAM-TSToulouseFrance

Personalised recommendations