Skip to main content
SpringerLink
Log in
Book cover

British National Conference on Databases

BNCOD 1996: Advances in Databases pp 92–106Cite as

Understanding the tension between transition rules and confidentiality

  • Technical Papers
  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1094))

Abstract

This paper presents formally how the covert channel unavoidably opened by checking integrity constraints is exploitable to unveil unreadable data and is thus the source of tension between confidentiality and integrity. Only discretionary confidentiality models which independantly grant the READ and the UPDATE privileges on data items and transition rules (a special case of transition integrity constraints) are considered here. Because of a relational representation of transition rules and the introduction of the concept of saturation, unveiling is simply a relational query. Unveiling is exact or partial — several possible values are returned — depending on the mathematical properties of the transition rules.

This is a preview of subscription content, log in via an institution.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bancilhon, F., Spyratos, N., Protection of Information in Relational Data Bases, VLDB, 1977.

    Google Scholar 

  2. Bertino, E., Weigand, H., An Approach to Authorization Modeling in Object Oriented Database Systems, Data &Knowledge Engineering, volume 12, Number 1, February 1994.

    Google Scholar 

  3. Bussolati, U., Fugini, M.G, Martella, G., A Conceptual Framework for Security System Design, Proc. 9th IFIP World Conf., Paris, September 1983.

    Google Scholar 

  4. Castano, S., Fugini, M., Giancarlo, M., Pierangela, S., Database Security, Addison Wesley, 1994.

    Google Scholar 

  5. Delannoy, X., La Cohérence dans les Bases de Données, Research Report RR-936I, University of Grenoble (France), IMAG-TIMC Lab., November 1994.

    Google Scholar 

  6. Delannoy, X., The Tension Between Transition Rules and Confidentiality, Research Report, University of Grenoble (France), IMAG-TIMC Lab., January 1996.

    Google Scholar 

  7. Gardarin, G., Valduriez, P., SGBD Relationels: Analyse et Compararaison des Bases de Données, Eyrolles, 1989.

    Google Scholar 

  8. Greffen, P., Apers, P., Integrity Control in Relational Database Systems — An Overview, Data & Knowledge Engineering, 10 (1993), p187–223, North Holland, 1993.

    Google Scholar 

  9. Griffiths, P., Bradford, W., An Authorization Mechanism for a Relational Database System, ACM Transactions on Database Systems, Vol. 1, No. 3, page 242–255, September 1976.

    Google Scholar 

  10. Fugini, M. G., Martella, G., ACTEN: A Conceptual Model for Security System Design, Computers and Security, Elsevier (North Holland), 3(3), 1984.

    Google Scholar 

  11. Ingres manuals, Release 4.55, Computer Associate, 1993.

    Google Scholar 

  12. Manna, Z., Pnueli, A., The Temporal Logic of Reactive and Concurrent Systems-Specification —, Springer-Verlag, 1991.

    Google Scholar 

  13. Mazumdar, S., Stemple, D., Shread, T., Resolving the Tension between Integrity and Security Using a Theorem Prover, ACM SIGMOD, 1988.

    Google Scholar 

  14. Melton, J., Personal correspondance with Jim Melton, Senior Architect of Standards for Sybase Corp. and Editor of the ISO SQL-92 and emerging SQL-3 standards, December 1995.

    Google Scholar 

  15. Morgenstern, M., Security and Inference in Multilevel Database and Knowledge-Based Systems, Proceedings of Association for Computing Machinery Special Interest Group on Management of Data, 1987.

    Google Scholar 

  16. Oracle Manuals, Release 7, Oracle Corp., 1995.

    Google Scholar 

  17. Information Technology — Database Language SQL, Third Edition, ISO/IEC 9075 (and 1994 addendum), 1992.

    Google Scholar 

  18. Database Language SQL (SQL3), ISO-ANSI Working Draft, ANSI TC X3H2, ISO/IEC JTC 1/SC 21/WG 3, August 1994.

    Google Scholar 

  19. Wiseman, S., Terry, P., Wood, A., Harrold, C., The Trusted Path between SMITE and the User, IEEE Symposium on Security and Privacy, April 18–21, Oakland, 1988.

    Google Scholar 

  20. Wiseman, S., The trouble with Secure Databases, Procs. MILCOMP'89, London, September 1989.

    Google Scholar 

  21. Wiseman, S., On the Problem of Security in Data Bases, Database Security III, Status and Prospects, Results of the IFIP WG 11.3 Workshop on Database Security, September 1989.

    Google Scholar 

  22. Wiseman, S., Control of Confidentiality in Databases, Computers and Security, Vol. 9, No.6, October 1990.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculté de Médecine de Grenoble, Laboratoire TIMC-IMAG, 38706, La Tronche Cedex, France

    X. C. Delannoy

Authors
  1. X. C. Delannoy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Ron Morrison Jessie Kennedy

Rights and permissions

Reprints and permissions

Copyright information

© 1996 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Delannoy, X.C. (1996). Understanding the tension between transition rules and confidentiality. In: Morrison, R., Kennedy, J. (eds) Advances in Databases. BNCOD 1996. Lecture Notes in Computer Science, vol 1094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-61442-7_6

Download citation

  • DOI: https://doi.org/10.1007/3-540-61442-7_6

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-61442-5

  • Online ISBN: 978-3-540-68589-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation