Abstract
Inference control aims at disabling a participant to gain a piece of information to be kept confidential. Considering a provider-client architecture for information systems, we present transaction-based protocols for provider-client interactions and prove that the incorporated inference control performed by the provider is effective indeed. The interactions include the provider answering a client’s query and processing update requests of two forms. Such a request is either initiated by the provider and thus possibly to be forwarded to clients in order to refresh their views, or initiated by a client according to his view and thus to be translated to the repository maintained by the provider.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)
Bancilhon, F., Spyratos, N.: Update semantics of relational views. ACM Trans. Database Syst. 6(4), 557–575 (1981)
Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38(2), 199–222 (2001)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Sec. 3, 14–27 (2004)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Art. Intell. 40, 37–62 (2004)
Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. Ann. Math. Art. Intell. 50, 39–77 (2007)
Biskup, J., Weibert, T.: Confidentiality policies for controlled query evaluation. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 1–13. Springer, Heidelberg (2007)
Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. Int. J. Inf. Sec. 7, 199–217 (2008)
Biskup, J., Embley, D., Lochner, J.-H.: Reducing inference control to access control for normalized database schemas. Information Processing Letters 106, 8–12 (2008)
Biskup, J.: Security in Computing Systems – Challenges, Approaches and Solutions. Springer, Heidelberg (2009)
Biskup, J., Lochner, J.-H., Sonntag, S.: Optimization of the controlled evaluation of closed relational queries. In: Proc. IFIP/SEC 2009, IFIP Series 297, pp. 214–225. Springer, Heidelberg (2009)
Biskup, J., Seiler, J., Weibert, T.: Controlled query evaluation and inference-free view updates. In: DBSec 2009. LNCS, vol. 5645, pp. 1–16. Springer, Heidelberg (2009)
Bohannon, A., Pierce, B.C., Vaughan, J.A.: Relational lenses: a language for updatable views. In: PODS 2006, pp. 338–347. ACM, New York (2006)
Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Trans. Knowledge and Data Eng. 7(3), 406–422 (1995)
Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: constraints, inference channels and monitoring disclosure. IEEE Trans. Knowledge and Data Eng. 12(6), 900–919 (2000)
Cuppens, F., Gabillon, A.: Logical foundation of multilevel databases. Data Knowl. Eng. 29, 259–291 (1999)
Cuppens, F., Gabillon, A.: Cover story management. Data Knowl. Eng. 37, 177–201 (2001)
Dayal, U., Bernstein, P.A.: On correct translation of update operations on relational views. ACM Trans. Database Systems 8, 381–416 (1982)
Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)
Denning, D.E., Akl, S., Heckman, M., Lunt, T., Morgenstern, M., Neumann, P., Schell, R.: Views for multilevel database security. IEEE Trans. Software Eng. 13(2), 129–140 (1987)
Evfimieski, A., Fagin, R., Woodruff, D.: Epistemic privacy. In: PODS 2008, pp. 171–180. ACM, New York (2008)
Farkas, C., Toland, T.S., Eastman, C.M.: The inference problem and updates in relational databases. In: Proc. DBSec 2001, IFIP Conf. Proc., vol. 215, pp. 181–194. Kluwer, Dordrecht (2001)
Farkas, C., Jajodia, S.: The inference problem: a survey. SIGKDD Explor. Newsl. 4(2), 6–11 (2002)
Goquen, J.A., Mesequer, J.: Unwinding and inference control. In: Proc. IEEE Symp. on Security and Privacy, Oakland, pp. 75–86 (1984)
Gray III, J.W.: Toward a mathematical foundation for information flow properties. In: Proc. IEEE Symposium on Security and Privacy, Oakland, pp. 21–34 (1991)
Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Information and Systems Security 12(1), Article 5, 5.1–5.47 (2008)
Hegner, S.J.: An order-based theory of updates for relational views. Ann. Math. Art. Intell. 40, 63–125 (2004)
Jajodia, S., Sandhu, R.S.: Towards a multilevel secure relational data model. In: Proc. ACM SIGMOD Int. Conf. on Management of Data, pp. 50–59 (May 1991)
Kenthapadi, K., Mishra, N., Nissim, K.: Simulatable auditing. In: PODS 2005, pp. 118–127. ACM, New York (2005)
Langerak, R.: View updates in relational databases with an independent scheme. ACM Trans. Database Systems 15, 40–66 (1990)
Lunt, T.F., Denning, D.E., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Trans. Software Eng. 16(6), 593–607 (1990)
Mantel, H.: On the composition of secure systems. In: Proc. 2002 IEEE Symp. on Security and Privacy, Oakland, pp. 88–101 (2002)
Miklau, G., Suciu, D.: A formal analysis of information disclosure in data exchange. J. Computer and System Sciences 73, 507–534 (2007)
Motwani, R., Nabar, S.U., Thomas, D.: Auditing SQL queries. In: Proc. Int. Conf. on Data Eng., ICDE 2008, pp. 287–296. IEEE, Los Alamitos (2008)
Nabar, S.U., Narthi, B., Kenthapadi, K., Mishra, N., Motwani, R.: Towardsa robustness in query auditing. In: VLDB 2006, VLDB Endowment, pp. 151–162 (2006)
Ryan, P.: Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 1–62. Springer, Heidelberg (2001)
Sandhu, R.S., Jajodia, S.: Polyinstantiation for cover stories. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 307–328. Springer, Heidelberg (1992)
Santen, T.: A formal framework for confidentiality-preserving refinement. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 225–242. Springer, Heidelberg (2006)
Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Systems 8(1), 41–59 (1983)
Stouppa, P., Studer, T.: Data privacy for ALC knowledge bases. In: Artemov, S., Nerode, A. (eds.) LFCS 2009. LNCS, vol. 5407, pp. 309–421. Springer, Heidelberg (2008)
Winslett, M., Smith, K., Qian, X.: Formal query languages for secure relational databases. ACM Trans. Database Systems 19(4), 626–662 (1994)
Zhang, Z., Mendelzon, A.O.: Authorization views and conditional query containment. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 259–273. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biskup, J., Gogolin, C., Seiler, J., Weibert, T. (2009). Requirements and Protocols for Inference-Proof Interactions in Information Systems. In: Backes, M., Ning, P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04444-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-04444-1_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04443-4
Online ISBN: 978-3-642-04444-1
eBook Packages: Computer ScienceComputer Science (R0)