Skip to main content
SpringerLink
Log in

Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control

  • Conference paper
Information Security (ISC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4779))

Included in the following conference series:

Abstract

Security in relational database systems pursues two conflicting interests: confidentiality and availability. In order to effect a compromise between these interests, two techniques have evolved. On the one hand, controlled query evaluation always preserves confidentiality, but leads to undecidable inference problems in general. On the other hand, access control features simple access decisions, but possibly cannot avoid unwanted information flows. This paper introduces a form of access control that, in combination with restricting the query language, results in an efficient access control mechanism under preservation of confidentiality. Moreover, we justify the necessity of our restrictions and give an outlook on how to use our result as building block for a less restrictive but still secure system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, London (1995)

    MATH  Google Scholar 

  2. Bayer, R., McCreight, E.M.: Organization and maintenance of large ordered indices. Acta Informatica 1(3), 173–189 (1972)

    Article  Google Scholar 

  3. Bell, D.E., LaPadula, L.J.: Secure computer systems: Unified exposition and MULTICS interpretation. Technical Report ESD-TR-75-306, The MITRE Corporation (1975)

    Google Scholar 

  4. Bertino, E., Sandhu, R.S.: Database security—concepts, approaches, and challenges. IEEE Trans. Dependable Sec. Comput. 2(1), 2–18 (2005)

    Article  Google Scholar 

  5. Bishop, M.: Computer Security: Art and Science. Addison-Wesley, London (2003)

    Google Scholar 

  6. Biskup, J.: For unknown secrecies refusal is better than lying. Data Knowl. Eng. 33(1), 1–23 (2000)

    Article  MATH  Google Scholar 

  7. Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38(2), 199–222 (2001)

    Article  MATH  Google Scholar 

  8. Biskup, J., Bonatti, P.A.: Confidentiality policies and their enforcement for controlled query evaluation. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 39–54. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40(1-2), 37–62 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  10. Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Sec. 3(1), 14–27 (2004)

    Article  MathSciNet  Google Scholar 

  11. Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. In: Dix, J., Hegner, S.J. (eds.) FoIKS 2006. LNCS, vol. 3861, pp. 43–62. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Trans. Knowl. Data Eng. 7(3), 406–422 (1995)

    Article  Google Scholar 

  13. Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)

    Article  Google Scholar 

  14. Cuppens, F., Gabillon, A.: Logical foundations of multilevel databases. Data Knowl. Eng. 29(3), 259–291 (1999)

    Article  MATH  Google Scholar 

  15. Cuppens, F., Gabillon, A.: Cover story management. Data Knowl. Eng. 37(2), 177–201 (2001)

    Article  MATH  Google Scholar 

  16. Dawson, S., di Vimercati, S.D.C., Samarati, P.: Specification and enforcement of classification and inference constraints. In: IEEE Symposium on Security and Privacy, pp. 181–195. IEEE Computer Society Press, Los Alamitos (1999)

    Google Scholar 

  17. Dawson, S., di Vimercati, S.D.C., Lincoln, P., Samarati, P.: Minimal data upgrading to prevent inference and association. In: Proc. PODS 1999, pp. 114–125 (1999)

    Google Scholar 

  18. Denning, D.E.: Cryptography and Data Security. Addison-Wesley, London (1983)

    Google Scholar 

  19. Farkas, C., Jajodia, S.: The inference problem: A survey. SIGKDD Explorations 4(2), 6–11 (2002)

    Article  Google Scholar 

  20. Fernández-Medina, E., Piattini, M.: Designing secure databases. Information & Software Technology 47(7), 463–477 (2005)

    Article  Google Scholar 

  21. Gollmann, D.: Computer Security, 2nd edn. John Wiley & Sons, Chichester (2006)

    Google Scholar 

  22. Lunt, T.F., Denning, D.D., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Trans. Software Eng. 16(6), 593–607 (1990)

    Article  Google Scholar 

  23. McLean, J.: A comment on the ‘Basic Security Theorem’ of Bell and LaPadula. Inf. Process. Lett. 20(2), 67–70 (1985)

    Article  MathSciNet  Google Scholar 

  24. McLean, J.: Reasoning about security models. In: IEEE Symposium on Security and Privacy, pp. 123–131. IEEE Computer Society Press, Los Alamitos (1987)

    Google Scholar 

  25. McLean, J.: The specification and modeling of computer security. IEEE Computer 23(1), 9–16 (1990)

    Google Scholar 

  26. Nicomette, V., Deswarte, Y.: A multilevel security model for distributed object systems. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 80–98. Springer, Heidelberg (1996)

    Google Scholar 

  27. Olivier, M.S., von Solms, S.H.: A taxonomy for secure object-oriented databases. ACM Trans. Database Syst. 19(1), 3–46 (1994)

    Article  Google Scholar 

  28. Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proc. ACM SIGMOD 2004, pp. 551–562. ACM Press, New York (2004)

    Chapter  Google Scholar 

  29. Rosenthal, A., Sciore, E., Wright, R.N.: Simplifying policy administration for distributed privacy-preserving computation (2007), http://www.mitre.org/staffpages/arnie/pubs/simplifying_policy_admin_privacy_reserving.pdf

  30. Sandhu, R.: Lattice-based access control models. IEEE Computer 26(11), 9–19 (1993)

    Google Scholar 

  31. Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41–59 (1983)

    Article  MATH  Google Scholar 

  32. Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: Proc. ACM/CSC-ER Annual Conference, pp. 180–186 (1974)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fachbereich Informatik, Universität Dortmund, D-44221 Dortmund, Germany

    Joachim Biskup & Jan-Hendrik Lochner

Authors
  1. Joachim Biskup
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan-Hendrik Lochner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Juan A. Garay Arjen K. Lenstra Masahiro Mambo René Peralta

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Biskup, J., Lochner, JH. (2007). Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds) Information Security. ISC 2007. Lecture Notes in Computer Science, vol 4779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75496-1_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75496-1_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75495-4

  • Online ISBN: 978-3-540-75496-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation