Understanding the tension between transition rules and confidentiality

  • X. C. Delannoy
Technical Papers Integrity Issues
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1094)


This paper presents formally how the covert channel unavoidably opened by checking integrity constraints is exploitable to unveil unreadable data and is thus the source of tension between confidentiality and integrity. Only discretionary confidentiality models which independantly grant the READ and the UPDATE privileges on data items and transition rules (a special case of transition integrity constraints) are considered here. Because of a relational representation of transition rules and the introduction of the concept of saturation, unveiling is simply a relational query. Unveiling is exact or partial — several possible values are returned — depending on the mathematical properties of the transition rules.


Relational Model Discretionary Models of Confidentiality Transition Integrity Constraints Covert Channel 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BANC77]
    Bancilhon, F., Spyratos, N., Protection of Information in Relational Data Bases, VLDB, 1977.Google Scholar
  2. [BERT94]
    Bertino, E., Weigand, H., An Approach to Authorization Modeling in Object Oriented Database Systems, Data &Knowledge Engineering, volume 12, Number 1, February 1994.Google Scholar
  3. [BUSS83]
    Bussolati, U., Fugini, M.G, Martella, G., A Conceptual Framework for Security System Design, Proc. 9th IFIP World Conf., Paris, September 1983.Google Scholar
  4. [CAST94]
    Castano, S., Fugini, M., Giancarlo, M., Pierangela, S., Database Security, Addison Wesley, 1994.Google Scholar
  5. [DELA94]
    Delannoy, X., La Cohérence dans les Bases de Données, Research Report RR-936I, University of Grenoble (France), IMAG-TIMC Lab., November 1994.Google Scholar
  6. [DELA96]
    Delannoy, X., The Tension Between Transition Rules and Confidentiality, Research Report, University of Grenoble (France), IMAG-TIMC Lab., January 1996.Google Scholar
  7. [GARD89]
    Gardarin, G., Valduriez, P., SGBD Relationels: Analyse et Compararaison des Bases de Données, Eyrolles, 1989.Google Scholar
  8. [GREF93]
    Greffen, P., Apers, P., Integrity Control in Relational Database Systems — An Overview, Data & Knowledge Engineering, 10 (1993), p187–223, North Holland, 1993.Google Scholar
  9. [GRIF76]
    Griffiths, P., Bradford, W., An Authorization Mechanism for a Relational Database System, ACM Transactions on Database Systems, Vol. 1, No. 3, page 242–255, September 1976.Google Scholar
  10. [FUGI84]
    Fugini, M. G., Martella, G., ACTEN: A Conceptual Model for Security System Design, Computers and Security, Elsevier (North Holland), 3(3), 1984.Google Scholar
  11. [INGR93]
    Ingres manuals, Release 4.55, Computer Associate, 1993.Google Scholar
  12. [MANN91]
    Manna, Z., Pnueli, A., The Temporal Logic of Reactive and Concurrent Systems-Specification —, Springer-Verlag, 1991.Google Scholar
  13. [MAZU88]
    Mazumdar, S., Stemple, D., Shread, T., Resolving the Tension between Integrity and Security Using a Theorem Prover, ACM SIGMOD, 1988.Google Scholar
  14. [MELT95]
    Melton, J., Personal correspondance with Jim Melton, Senior Architect of Standards for Sybase Corp. and Editor of the ISO SQL-92 and emerging SQL-3 standards, December 1995.Google Scholar
  15. [MORG87]
    Morgenstern, M., Security and Inference in Multilevel Database and Knowledge-Based Systems, Proceedings of Association for Computing Machinery Special Interest Group on Management of Data, 1987.Google Scholar
  16. [ORAC95]
    Oracle Manuals, Release 7, Oracle Corp., 1995.Google Scholar
  17. [SQL92]
    Information Technology — Database Language SQL, Third Edition, ISO/IEC 9075 (and 1994 addendum), 1992.Google Scholar
  18. [SQL94]
    Database Language SQL (SQL3), ISO-ANSI Working Draft, ANSI TC X3H2, ISO/IEC JTC 1/SC 21/WG 3, August 1994.Google Scholar
  19. [WISE88]
    Wiseman, S., Terry, P., Wood, A., Harrold, C., The Trusted Path between SMITE and the User, IEEE Symposium on Security and Privacy, April 18–21, Oakland, 1988.Google Scholar
  20. [WISE89]
    Wiseman, S., The trouble with Secure Databases, Procs. MILCOMP'89, London, September 1989.Google Scholar
  21. [WISE90a]
    Wiseman, S., On the Problem of Security in Data Bases, Database Security III, Status and Prospects, Results of the IFIP WG 11.3 Workshop on Database Security, September 1989.Google Scholar
  22. [WISE90b]
    Wiseman, S., Control of Confidentiality in Databases, Computers and Security, Vol. 9, No.6, October 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • X. C. Delannoy
    • 1
  1. 1.Faculté de Médecine de GrenobleLaboratoire TIMC-IMAGLa Tronche CedexFrance

Personalised recommendations