Abstract
This paper presents a deontic logic Σ for reasoning about permission or prohibition to know some parts of the databjase content in the context of a multilevel confidentiality policy.
The most important logical features in the definition of a multilevel policy are that each confidentiality level is defined by a set of sentences and that, when the policy is designed, the permission to know is not necessarily the complement of the prohibition to know. These concepts are formalized in a modal logic where deontic modalities, doxastic modalities and confidentiality levels are interpreted by non-standard modal models. The corresponding axiomatics is also presented in the paper and its soundness and completeness have been proved. A limitation of the Σ logic is that sentences in the scope of modalities are sentences of Propositional Calculus.
Finally, it is shown how the logic can be used to express constraints to guarantee the consistency of a policy or to prevent the existence of inference channels. That is, the possibility to infer sentences that are not permitted to know from other sentences that are permited to know. Both deductive and abductive channels are considered.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Thuraisingham B., Ford W., Collins M., and O’Keefe J. Design and implementation of a database inference controller. Data & Knowledge Engineering, 11(3), December 1993.
Hinke T. H. Inference Aggregation Detection in Database Management Systems. In IEEE Symposium on Security and Privacy, Oakland, 1988.
Garvey T. D., Lunt T. F., and Stickel M. E. Abductive and Approximate Reasoning Models for Characterizing Inference Channels. In Proc. of the computer security foundations workshop, Franconia, 1991.
Garvey T. D., Lunt T. F., Qian X., and Stickel M. Toward a Tool to Detect and Eliminate Inference Problems in the Design of Multilevel Databases. In Proc. of the Sixth IFIP WG 11.3 Working Conference on Database Security, Vancouver, 1992.
Chen J. The Generalized Logic of Only Knowing (GOL) that Covers the Notion of Epistemic Specifications. In Z. Ras and M. Zemankova, editors, Proceedings of the 8th International Symposium, ISMIS’94, volume 869 of Lecture Notes in Artificial Intelligence, Charlotte, North Caralina, 1994. Springer Verlag.
Cuppens F. A Logical Analysis of Authorized and Prohibited Information Flows. In IEEE Symposium on Security and Privacy, Oakland, 1993.
Chellas B. F. Modal Logic: An introduction. Cambridge University Press, 1988.
Cuppens F. Roles and Deontic Logic. In A. J. I. Jones and M. Sergot, editors, Second International Workshop on Deontic Logic in Computer Science, Oslo, Norway, 1994.
Pörn I. Action Theory and Social Science; Some Formal Models, volume 120 of Synthese Library. D. Reidel, Dordrecht, 1977.
Carmo J. and Jones A. J. I. Deontic database constraints and the characterization of recovery. In A. J. I. Jones and M. Sergot, editors, Second International Workshop on Deontic Logic in Computer Science, Oslo, Norway, 1994.
Jones A. J. I. and Porn I. Ideality, Sub-ideality and Deontic Logic. Synthese, 65, 1985.
Brewer D. and Nash M. The Chinese wall security policy. In IEEE Symposium on Security and Privacy, Oakland, 1989.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 British Computer Society
About this paper
Cite this paper
Cuppens, F., Demolombe, R. (1996). A deontic logic for reasoning about confidentiality. In: Brown, M.A., Carmo, J. (eds) Deontic Logic, Agency and Normative Systems. Workshops in Computing. Springer, London. https://doi.org/10.1007/978-1-4471-1488-8_4
Download citation
DOI: https://doi.org/10.1007/978-1-4471-1488-8_4
Publisher Name: Springer, London
Print ISBN: 978-3-540-76015-3
Online ISBN: 978-1-4471-1488-8
eBook Packages: Springer Book Archive