Abstract
Controlled Query Evaluation (CQE) is an approach to enforcing confidentiality in information systems at runtime. At each query, a censor checks whether the answer to that query would enable the user to infer any information he is not allowed to know according to some specified confidentiality policy. If this is the case, the answer is distorted, either by refusing to answer or by returning a modified answer. In this paper, we consider incomplete logic databases and investigate the semantic ways of protecting a piece of information. We give a formal definition of such confidentiality policies, and show how to enforce them by reusing the existing methods for CQE.
Keywords
- Inference control
- confidentiality policies
- logic databases
Chapter PDF
References
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. ACM Press, New York (1995)
Denning, D.: Cryptography and Data Security. Addison-Wesley, London, UK (1982)
Leiss, E.L.: Principles of Data Security. Plenum Press, New York (1982)
Domingo-Ferrer, J. (ed.): Inference Control in Statistical Databases. LNCS, vol. 2316. Springer, Heidelberg (2002)
Wang, L., Jajodia, S., Wijesekera, D.: Securing OLAP data cubes against privacy breaches. In: IEEE Symposium on Security and Privacy, pp. 161–178. IEEE Computer Society, Los Alamitos (2004)
Wang, L., Li, Y., Wijesekera, D., Jajodia, S.: Precisely answering multi-dimensional range queries without privacy breaches. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, Springer, Heidelberg (2003)
Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Transactions on Knowledge and Data Engineering 12(6), 900–919 (2000)
Lunt, T.F., Denning, D.E., Schell, R.R., Heckman, M., Shockley, W.R.: The seaview security model. IEEE Transactions on Software Engineering 16(6), 593–607 (1990)
Qian, X., Lunt, T.F.: A semantic framework of the multilevel secure relational model. IEEE Transactions on Knowledge and Data Engineering 9(2), 292–301 (1997)
Staddon, J.: Dynamic inference control. In: 8th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery, pp. 94–100 (2003)
Winslett, M., Smith, K., Qian, X.: Formal query languages for secure relational databases. ACM Transactions on Database Systems 19(4), 626–662 (1994)
Farkas, C., Jajodia, S.: The inference problem: A survey. SIGKDD Explorations 4(2), 6–11 (2002)
Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Transactions on Database Systems 8(1), 41–59 (1983)
Bonatti, P.A., Kraus, S., Subrahmanian, V.: Foundations of secure deductive databases. IEEE Transactions on Knowledge and Data Engineering 7(3), 406–422 (1995)
Biskup, J.: For unknown secrecies refusal is better than lying. Data & Knowledge Engineering 33, 1–23 (2000)
Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. In: Dix, J., Hegner, S.J. (eds.) FoIKS 2006. LNCS, vol. 3861, pp. 43–62. Springer, Heidelberg (2006)
Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data & Knowledge Engineering 38, 199–222 (2001)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. International Journal of Information Security 3, 14–27 (2004)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Annals of Mathematics and Artificial Intelligence 40, 37–62 (2004)
Biskup, J., Weibert, T.: Refusal in incomplete databases. In: Research Directions in Data and Applications Security XVIII, pp. 143–157. Kluwer/Springer (2004)
Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. Extended abstract presented at the LICS 2005 Affiliated Workshop on Foundations of Computer Security (FCS 2005) (2005), (submitted, 2007), available from http://www.cs.chalmers.se/~andrei/FCS05/fcs05.pdf
Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning About Knowledge. MIT Press, Cambridge (1995)
University of Dortmund, Information Systems and Security: CQE prototype implementation, http://ls6-www.cs.uni-dortmund.de/issi/projects/cqe/
Winslett, M.: An introduction to trust negotiation. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 275–283. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Biskup, J., Weibert, T. (2007). Confidentiality Policies for Controlled Query Evaluation. In: Barker, S., Ahn, GJ. (eds) Data and Applications Security XXI. DBSec 2007. Lecture Notes in Computer Science, vol 4602. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73538-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-73538-0_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73533-5
Online ISBN: 978-3-540-73538-0
eBook Packages: Computer ScienceComputer Science (R0)