Skip to main content
SpringerLink
Log in

Usability Confinement of Server Reactions: Maintaining Inference-Proof Client Views by Controlled Interaction Execution

  • Conference paper
Book cover Databases in Networked Information Systems (DNIS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5999))

Included in the following conference series:

Abstract

We survey the motivation, the main insight and the perspective of our approach to policy-driven inference control of server-client interactions for a logic-oriented information system. Basically, our approach aims to confine the usability of the data transmitted by the server to a client. The confinement is achieved by enforcing an invariant that, at any point in time, a client’s view on the actual information system is kept inference-proof: the information content of the data available to the client does not violate any protection requirement expressed by a declarative confidentiality policy. In this context, the information content of data and, accordingly, the inference-proofness of such data crucially depend on the client’s a priori knowledge, general reasoning capabilities and awareness of the control mechanism. We identify various parameters of the approach, outline control mechanisms to enforce the goals, and sketch the methods employed for a formal verification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)

    Article  Google Scholar 

  2. Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Very Large Data Bases, VLDB 2002, pp. 502–513. Morgan Kaufmann, San Francisco (2002)

    Google Scholar 

  3. Biskup, J.: For unknown secrecies refusal is better than lying. Data Knowl. Eng. 33(1), 1–23 (2000)

    Article  MATH  Google Scholar 

  4. Biskup, J.: Security in Computing Systems - Challenges, Approaches and Solutions. Springer, Heidelberg (2009)

    MATH  Google Scholar 

  5. Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38(2), 199–222 (2001)

    Article  MATH  Google Scholar 

  6. Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Sec. 3(1), 14–27 (2004)

    Article  MathSciNet  Google Scholar 

  7. Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40(1-2), 37–62 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  8. Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. Ann. Math. Artif. Intell. 50(1-2), 39–77 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  9. Biskup, J., Burgard, D.M., Weibert, T., Wiese, L.: Inference control in logic databases as a constraint satisfaction problem. In: McDaniel, P., Gupta, S.K. (eds.) ICISS 2007. LNCS, vol. 4812, pp. 128–142. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Biskup, J., Embley, D.W., Lochner, J.-H.: Reducing inference control to access control for normalized database schemas. Inf. Process. Lett. 106(1), 8–12 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  11. Biskup, J., Gogolin, C., Seiler, J., Weibert, T.: Requirements and protocols for inference-proof interactions in information systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 285–302. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. Biskup, J., Lochner, J.-H.: Enforcing confidentiality in relational databases by reducing inference control to access control. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 407–422. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Biskup, J., Lochner, J.-H., Sonntag, S.: Optimization of the controlled evaluation of closed relational queries. In: Gritzalis, D., Lopez, J. (eds.) Emerging Challenges for Security, Privacy and Trust. IFIP AICT, vol. 297, pp. 214–225. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Biskup, J., Seiler, J., Weibert, T.: Controlled query evaluation and inference-free view updates. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol. 5645, pp. 1–16. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Biskup, J., Tadros, C., Wiese, L.: Towards controlled query evaluation for incomplete first-order databases. In: Link, S., Prade, H. (eds.) FOIKS 2010. LNCS, vol. 5956, pp. 230–247. Springer, Heidelberg (2010)

    Google Scholar 

  16. Biskup, J., Weibert, T.: Confidentiality policies for controlled query evaluation. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 1–13. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. Int. J. Inf. Sec. 7(3), 199–217 (2008)

    Article  Google Scholar 

  18. Biskup, J., Wiese, L.: Preprocessing for controlled query evaluation with availability policy. Journal of Computer Security 16(4), 477–494 (2008)

    Google Scholar 

  19. Biskup, J., Wiese, L.: Combining consistency and confidentiality requirements in first-order databases. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 121–134. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  20. Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Trans. Knowl. Data Eng. 7(3), 406–422 (1995)

    Article  Google Scholar 

  21. Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)

    Article  Google Scholar 

  22. Cuppens, F., Gabillon, A.: Cover story management. Data Knowl. Eng. 37(2), 177–201 (2001)

    Article  MATH  Google Scholar 

  23. Dawson, S., De Capitani di Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. In: IEEE Symposium on Security and Privacy, pp. 181–195. IEEE, Los Alamitos (1999)

    Google Scholar 

  24. De Capitani di Vimercati, S., Samarati, P., Jajodia, S.: Policies, models, and languages for access control. In: Bhalla, S. (ed.) DNIS 2005. LNCS, vol. 3433, pp. 225–237. Springer, Heidelberg (2005)

    Google Scholar 

  25. Du, W., Atallah, M.J.: Secure multi-party computation problems and their applications: a review and open problems. In: New Security Paradigms Workshop, NSPW 2001, pp. 13–22. ACM, New York (2001)

    Chapter  Google Scholar 

  26. Evfimievski, A.V., Fagin, R., Woodruff, D.P.: Epistemic privacy. In: Principles of Database Systems, PODS 2008, pp. 171–180. ACM, New York (2008)

    Google Scholar 

  27. Farkas, C., Jajodia, S.: The inference problem: A survey. SIGKDD Explorations 4(2), 6–11 (2002)

    Article  Google Scholar 

  28. Goldreich, O.: Foundations of Cryptography II – Basic Applications. Cambridge University Press, Cambridge (2004)

    MATH  Google Scholar 

  29. Gollmann, D.: Computer Security, 2nd edn. John Wiley and Sons, Chichester (2006)

    Google Scholar 

  30. Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. 12(1), 5.1–5.47 (2008)

    Google Scholar 

  31. Ishihara, Y., Morita, T., Seki, H., Ito, M.: An equational logic based approach to the security problem against inference attacks on object-oriented databases. J. Comput. Syst. Sci. 73(5), 788–817 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  32. Lindgreen, E.R., Herschberg, I.S.: On the validity of the Bell-La Padula model. Computers & Security 13(4), 317–333 (1994)

    Article  Google Scholar 

  33. Lorentz, D., et al.: Oracle Database SQL Language Reference, 11g Release 1 (11.1). B28286-03, Oracle Corporation (2008), http://www.oracle.com/pls/db111/to_pdf?partno=b28286

  34. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. In: TKDD, vol. 1(1) (2007)

    Google Scholar 

  35. Miklau, G., Suciu, D.: A formal analysis of information disclosure in data exchange. J. Comput. Syst. Sci. 73(3), 507–534 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  36. Pretschner, A., Hilty, M., Basin, D.A.: Distributed usage control. Commun. ACM 49(9), 39–44 (2006)

    Article  Google Scholar 

  37. Pretschner, A., Hilty, M., Basin, D.A., Schaefer, C., Walter, T.: Mechanisms for usage control. In: Information, Computer and Communications Security, ASIACCS 2008, pp. 240–244. ACM, New York (2008)

    Chapter  Google Scholar 

  38. Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41–59 (1983)

    Article  MATH  Google Scholar 

  39. Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: ACM/CSC-ER Annual Conference, pp. 180–186. ACM, New York (1974)

    Google Scholar 

  40. Stouppa, P., Studer, T.: Data privacy for knowledge bases. In: Artemov, S., Nerode, A. (eds.) LFCS 2009. LNCS, vol. 5407, pp. 409–421. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  41. Tadros, C., Wiese, L.: Using SAT solvers to compute inference-proof database instances. In: Fourth International Workshop on Data Privacy Management, DPM 2009 (2010) (to appear)

    Google Scholar 

  42. Weibert, T.: A Framework for Inference Control in Incomplete Logic Databases. PhD thesis, Technische Universität Dortmund (2008), http://hdl.handle.net/2003/25116

  43. Wiese, L.: Preprocessing for Controlled Query Evaluation in Complete First-Order Databases. PhD thesis, Technische Universität Dortmund (2009), http://hdl.handle.net/2003/26383

  44. Winslett, M., Smith, K., Qian, X.: Formal query languages for secure relational databases. ACM Trans. Database Syst. 19(4), 626–662 (1994)

    Article  Google Scholar 

  45. Zhang, Z., Mendelzon, A.O.: Authorization views and conditional query containment. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 259–273. Springer, Heidelberg (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technische Universität Dortmund, Dortmund, Germany

    Joachim Biskup

Authors
  1. Joachim Biskup
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Graduate Department of Computer and Information Systems, University of Aizu, Ikki Machi, Aizu-Wakamatsu, 965-8580, Fukushima, Japan

    Shinji Kikuchi , Shelly Sachdeva  & Subhash Bhalla ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Biskup, J. (2010). Usability Confinement of Server Reactions: Maintaining Inference-Proof Client Views by Controlled Interaction Execution. In: Kikuchi, S., Sachdeva, S., Bhalla, S. (eds) Databases in Networked Information Systems. DNIS 2010. Lecture Notes in Computer Science, vol 5999. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12038-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12038-1_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12037-4

  • Online ISBN: 978-3-642-12038-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation