Signature-Based Inference-Usability Confinement for Relational Databases under Functional and Join Dependencies
Inference control of queries for relational databases confines the information content and thus the usability of data returned to a client, aiming to keep some pieces of information confidential as specified in a policy, in particular for the sake of privacy. In general, there is a tradeoff between the following factors: on the one hand, the expressiveness offered to administrators to declare a schema, a confidentiality policy and assumptions about a client’s a priori knowledge; on the other hand, the computational complexity of a provably confidentiality preserving enforcement mechanism. We propose and investigate a new balanced solution for a widely applicable situation: we admit relational schemas with functional and join dependencies, which are also treated as a priori knowledge, and select-project sentences for policies and queries; we design an efficient signature-based enforcement mechanism that we implement for an Oracle/SQL-system. At declaration time, the inference signatures are compiled from an analysis of all possible crucial inferences, and at run time they are employed like in the field of intrusion detection.
Keywordsa priori knowledge confidentiality policy functional dependency inference control inference-usability confinement interaction history join dependency refusal relational database select-project query inference signature SQL template dependency
- 8.Biskup, J., Hartmann, S., Link, S., Lochner, J.-H.: Chasing after secrets in relational databases. In: Laender, A.H.F., Lakshmanan, L.V.S. (eds.) Alberto Mendelzon International Workshop on Foundations of Data Management, AMW 2010. CEUR, vol. 619, pp. 13.1–13.12 (2010)Google Scholar
- 10.Biskup, J., Tadros, C.: Policy-based secrecy in the Runs & Systems Framework and controlled query evaluation. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) Advances in Information and Computer Security – International Workshop on Security, IWSEC 2010, Short Papers, pp. 60–77. Information Processing Society of Japan (2010)Google Scholar
- 13.Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. 12(1), 5.1–5.47 (2008)Google Scholar
- 14.Kaushik, R., Ramamurthy, R.: Efficient auditing for complex SQL queries. In: Sellis, T.K., Miller, R.J., Kementsietsidis, A., Velegrakis, Y. (eds.) ACM SIGMOD International Conference on Management of Data, SIGMOD 2011, pp. 697–708. ACM (2011)Google Scholar