Abstract
This article builds on given fundamental concepts and a prototype implementation for history-aware and policy-driven inference control by means of a confidentiality-preserving security server, which mediates interactions between a relational database and a semi-honest (human) user. Within this already broad-ranging framework, we enhance the prototype towards efficient and effective user administration and monitoring by introducing and verifying two interactive and semi-automatic functionalities. The first one serves for the administration of global settings and the initial state of each user’s internal surrogate. Reacting on a submitted interaction request, the second functionality handles the security server’s dynamic selection of an admissible confinement method and its actual application, together with a corresponding state transition of the requesting user’s surrogate. These functionalities employ extendible descriptors of surrogate states, interaction requests, database instances and confinement methods, respectively, as a kind of security labels.
This work has been partially supported by the Deutsche Forschungsgemeinschaft (German Research Council) under grant BI-311/12-2 and grant SFB 876/A5.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The components will be more precisely redefined in Sect. 4.
- 2.
The names used in this article might differ from those found in the actual code.
References
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)
Bell, D.E., LaPadula, L.J.: Secure computer systems: A mathematical model, volume II. J. Comput. Secur. 4(2/3), 229–263 (1996). reprint of MITRE Corporation 1974
Biskup, J.: Inference-usability confinement by maintaining inference-proof views of an information system. Int. J. Comput. Sci. Eng. 7(1), 17–37 (2012)
Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38(2), 199–222 (2001)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Sec. 3(1), 14–27 (2004)
Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. Ann. Math. Artif. Intell. 50(1–2), 39–77 (2007)
Biskup, J., Embley, D.W., Lochner, J.-H.: Reducing inference control to access control for normalized database schemas. Inf. Process. Lett. 106(1), 8–12 (2008)
Biskup, J., Gogolin, C., Seiler, J., Weibert, T.: Inference-proof view update transactions with forwarded refreshments. J. Comput. Secur. 19, 487–529 (2011)
Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. Int. J. Inf. Sec. 7(3), 199–217 (2008)
Biskup, J., Wiese, L.: A sound and complete model-generation procedure for consistent and confidentiality-preserving databases. Theor. Comput. Sci. 412, 4044–4072 (2011)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: k-Anonymity. In: Yu, T., Jajodia, S. (eds.) Secure Data Management in Decentralized Systems. Advances in Information Security, vol. 33, pp. 323–353. Springer, Heidelberg (2007). doi:10.1007/978-0-387-27696-0_10
Dolzhenko, E., Ligatti, J., Reddy, S.: Modeling runtime enforcement with mandatory results automata. Int. J. Inf. Sec. 14(1), 47–60 (2015)
Farkas, C., Jajodia, S.: The inference problem: a survey. SIGKDD Explor. 4(2), 6–11 (2002)
Fung, B.C.M., Wang, K., Fu, A.W.-C., Yu, P.S.: Introduction to Privacy-Preserving Data Publishing - Concepts and Techniques. Chapman & Hall/CRC, Boca Raton (2011)
Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. 12(1), 5.1–5.47 (2008)
McCune, W.: Prover9 and Mace4. http://www.cs.unm.edu/~mccune/prover9/, 2005–2010
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Biskup, J., Menzel, R., Zarouali, J. (2016). Controlled Management of Confidentiality-Preserving Relational Interactions. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management and Security Assurance. DPM QASA 2016 2016. Lecture Notes in Computer Science(), vol 9963. Springer, Cham. https://doi.org/10.1007/978-3-319-47072-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-47072-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47071-9
Online ISBN: 978-3-319-47072-6
eBook Packages: Computer ScienceComputer Science (R0)