Binary integrity constraints against confidentiality

  • X. C. Delannoy
  • C. Del Vigna
Relational and Extended Relational Approaches
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1134)


Any protection mechanism opens an unexpected channel of communication, the so-called covert channel. The Integrity Checker of a database is a protection mechanism, against data inconsistencies. As such, it opens a covert channel which can be used to thwart the mechanism which ensures confidentiality. Therefore, confidential data can be unveiled leading to a « the more semantic, the less secure » contradiction. The paper studies this contradiction in strictly defined situations: confidentiality is of discretionary type, consistency is ensured by binary integrity constraints and data of the database are the only knowledge used. The approach is relational. The expressive power of the relational model makes it possible to express both the formal properties on which unveilings are grounded and their computation.


Integrity Constraints Discretionary Models of Confidentiality Covert Channel Relational Model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AHO79]
    Aho, A.V, Ullman, J.D, Universality of data retrieval languages, Proc. 6th ACM symposium on principles programming languages, 1979, San Antonio.Google Scholar
  2. [BANC77]
    Bancilhon, F., Spyratos, N., Protection of Information in Relational Data Bases, VLDB, 1977.Google Scholar
  3. [BANC78]
    Bancilhon, F., On the completeness of query languages, Proc. 7th Symposium on Math. Foundations of Computer Science., Zakopane, Poland, 1978.Google Scholar
  4. [BERT94]
    Bertino, E., Weigand, H., An Approach to Authorisation Modelling in Object Oriented Database Systems, Data &Knowledge Engineering, volume 12, Number 1, February 1994.Google Scholar
  5. [BUSS83]
    Bussolati, U., Fugini, M.G, Martella, G., A Conceptual Framework for Security System Design, Proc. 9th IFIP World Conf., Paris, September 1983.Google Scholar
  6. [CAST94]
    Castano, S., Fugini, M., Giancarlo, M., Pierangela, S., Database Security, Addison Wesley, 1994.Google Scholar
  7. [DELA94]
    Delannoy, X., La Cohérence dans les Bases de Données, Research Report RR-936I, University of Grenoble (France), IMAG-TIMC Lab., November 1994.Google Scholar
  8. [DELA96a]
    Delannoy, X., The tension between transition rules and confidentiality, Research Report, University of Grenoble (France), IMAG-TIMC Lab., January 1996.Google Scholar
  9. [DELA96b]
    Delannoy, X., Understanding the Tension Between Transition Rules and Confidentiality, 14th British National Conference On Databases (BNCOD), 1996.Google Scholar
  10. [GREF93]
    Greffen, P., Apers, P., Integrity Control in Relational Database Systems — An Overview, Data & Knowledge Engineering, 10 (1993), p187–223, North Holland, 1993.Google Scholar
  11. [GRIF76]
    Griffiths, P., Bradford, W., An Authorisation Mechanism for a Relational Database System, ACM Transactions on Database Systems, Vol. 1, No. 3, page 242–255, September 1976.CrossRefGoogle Scholar
  12. [FUGI84]
    Fugini, M.G., Martella, G., ACTEN: A Conceptual Model for Security System Design, Computers and Security, Elsevier (North Holland), 3(3), 1984.Google Scholar
  13. [INGR93]
    Ingres manuals, Release 4.55, Computer Associate, 1993.Google Scholar
  14. [MANN91]
    Manna, Z., Pnueli, A., The Temporal Logic of Reactive and Concurrent Systems — Specification-, Springer-Verlag, 1991.Google Scholar
  15. [MAZU88]
    Mazumdar, S., Stemple, D., Shread, T., Resolving the Tension between Integrity and Security Using a Theorem Prover, ACM SIGMOD, 1988.Google Scholar
  16. [MELT95]
    Melton, J., Personal correspondence with Jim Melton, Senior Architect of Standards for Sybase Corp. and Editor of the ISO SQL-92 and emerging SQL-3 standards, December 1995.Google Scholar
  17. [MORG87]
    Morgenstern, M., Security and Inference in Multilevel Database and Knowledge-Based Systems, Proceedings of Association for Computing Machinery Special Interest Group on Management of Data, 1987.Google Scholar
  18. [ORAC95]
    Oracle Manuals, Release 7, Oracle Corp., 1995.Google Scholar
  19. [PARA78]
    Paradeans, J., On the expressive power of relational algebra, Inf. Processing Letter, 1978.Google Scholar
  20. [SQL92]
    Information Technology — Database Language SQL, Third Edition, ISO/IEC 9075 (and 1994 addendum), 1992.Google Scholar
  21. [SQL94]
    Database Language SQL (SQL3), ISO-ANSI Working Draft, ANSI TC X3H2, ISO/IEC JTC 1/SC 21/WG 3, August 1994.Google Scholar
  22. [WISE90a]
    Wiseman, S., On the Problem of Security in Data Bases, Database Security III, Status and Prospects, Results of the IFIP WG 11.3 Workshop on Database Security, September 1989.Google Scholar
  23. [WISE90b]
    Wiseman, S., Control of Confidentiality in Databases, Computers and Security, Vol. 9, No.6, Ocotber 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • X. C. Delannoy
    • 1
  • C. Del Vigna
    • 2
  1. 1.Laboratoire TMC-IMAGFaculté de Médecine de GrenobleLa Tronche CedexFrance
  2. 2.CERTALINALCO - CNRSParisFrance

Personalised recommendations