Abstract
Security in relational database systems pursues two conflicting interests: confidentiality and availability. In order to effect a compromise between these interests, two techniques have evolved. On the one hand, controlled query evaluation always preserves confidentiality, but leads to undecidable inference problems in general. On the other hand, access control features simple access decisions, but possibly cannot avoid unwanted information flows. This paper introduces a form of access control that, in combination with restricting the query language, results in an efficient access control mechanism under preservation of confidentiality. Moreover, we justify the necessity of our restrictions and give an outlook on how to use our result as building block for a less restrictive but still secure system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, London (1995)
Bayer, R., McCreight, E.M.: Organization and maintenance of large ordered indices. Acta Informatica 1(3), 173–189 (1972)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Unified exposition and MULTICS interpretation. Technical Report ESD-TR-75-306, The MITRE Corporation (1975)
Bertino, E., Sandhu, R.S.: Database security—concepts, approaches, and challenges. IEEE Trans. Dependable Sec. Comput. 2(1), 2–18 (2005)
Bishop, M.: Computer Security: Art and Science. Addison-Wesley, London (2003)
Biskup, J.: For unknown secrecies refusal is better than lying. Data Knowl. Eng. 33(1), 1–23 (2000)
Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38(2), 199–222 (2001)
Biskup, J., Bonatti, P.A.: Confidentiality policies and their enforcement for controlled query evaluation. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 39–54. Springer, Heidelberg (2002)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40(1-2), 37–62 (2004)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Sec. 3(1), 14–27 (2004)
Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. In: Dix, J., Hegner, S.J. (eds.) FoIKS 2006. LNCS, vol. 3861, pp. 43–62. Springer, Heidelberg (2006)
Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Trans. Knowl. Data Eng. 7(3), 406–422 (1995)
Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)
Cuppens, F., Gabillon, A.: Logical foundations of multilevel databases. Data Knowl. Eng. 29(3), 259–291 (1999)
Cuppens, F., Gabillon, A.: Cover story management. Data Knowl. Eng. 37(2), 177–201 (2001)
Dawson, S., di Vimercati, S.D.C., Samarati, P.: Specification and enforcement of classification and inference constraints. In: IEEE Symposium on Security and Privacy, pp. 181–195. IEEE Computer Society Press, Los Alamitos (1999)
Dawson, S., di Vimercati, S.D.C., Lincoln, P., Samarati, P.: Minimal data upgrading to prevent inference and association. In: Proc. PODS 1999, pp. 114–125 (1999)
Denning, D.E.: Cryptography and Data Security. Addison-Wesley, London (1983)
Farkas, C., Jajodia, S.: The inference problem: A survey. SIGKDD Explorations 4(2), 6–11 (2002)
Fernández-Medina, E., Piattini, M.: Designing secure databases. Information & Software Technology 47(7), 463–477 (2005)
Gollmann, D.: Computer Security, 2nd edn. John Wiley & Sons, Chichester (2006)
Lunt, T.F., Denning, D.D., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Trans. Software Eng. 16(6), 593–607 (1990)
McLean, J.: A comment on the ‘Basic Security Theorem’ of Bell and LaPadula. Inf. Process. Lett. 20(2), 67–70 (1985)
McLean, J.: Reasoning about security models. In: IEEE Symposium on Security and Privacy, pp. 123–131. IEEE Computer Society Press, Los Alamitos (1987)
McLean, J.: The specification and modeling of computer security. IEEE Computer 23(1), 9–16 (1990)
Nicomette, V., Deswarte, Y.: A multilevel security model for distributed object systems. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 80–98. Springer, Heidelberg (1996)
Olivier, M.S., von Solms, S.H.: A taxonomy for secure object-oriented databases. ACM Trans. Database Syst. 19(1), 3–46 (1994)
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proc. ACM SIGMOD 2004, pp. 551–562. ACM Press, New York (2004)
Rosenthal, A., Sciore, E., Wright, R.N.: Simplifying policy administration for distributed privacy-preserving computation (2007), http://www.mitre.org/staffpages/arnie/pubs/simplifying_policy_admin_privacy_reserving.pdf
Sandhu, R.: Lattice-based access control models. IEEE Computer 26(11), 9–19 (1993)
Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41–59 (1983)
Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: Proc. ACM/CSC-ER Annual Conference, pp. 180–186 (1974)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biskup, J., Lochner, JH. (2007). Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds) Information Security. ISC 2007. Lecture Notes in Computer Science, vol 4779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75496-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-75496-1_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75495-4
Online ISBN: 978-3-540-75496-1
eBook Packages: Computer ScienceComputer Science (R0)