Enforcing confidentiality in relational databases by reducing inference control to access control

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4779 LNCS, Issue , 2007, Pages 407-422

  Biskup, Joachim ^a   Lochner, Jan Hendrik ^a  

^a TU DORTMUND UNIVERSITY   (Germany)

Author keywords

Access control; Confidentiality; Database security; Inference control; Information flow; Policy; Potential secrets; Relational databases

Indexed keywords

DATA TRANSFER; PROBLEM SOLVING; QUERY PROCESSING; RELATIONAL DATABASE SYSTEMS;

CONFIDENTIALITY; DATABASE SECURITY; INFERENCE CONTROL; INFORMATION FLOW; POTENTIAL SECRETS;

ACCESS CONTROL;

EID: 38149019240     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-75496-1_27     Document Type: Conference Paper

References (32)

1. Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, London (1995)
2. Bayer, R., McCreight, E.M.: Organization and maintenance of large ordered indices. Acta Informatica 1(3), 173-189 (1972)
3. Bell, D.E., LaPadula, L.J.: Secure computer systems: Unified exposition and MULTICS interpretation. Technical Report ESD-TR-75-306, The MITRE Corporation (1975)
4. Bertino, E., Sandhu, R.S.: Database security-concepts, approaches, and challenges. IEEE Trans. Dependable Sec. Comput. 2(1), 2-18 (2005)
5. Bishop, M.: Computer Security: Art and Science. Addison-Wesley, London (2003)
6. Biskup, J.: For unknown secrecies refusal is better than lying. Data Knowl. Eng. 33(1), 1-23 (2000)
7. Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38(2), 199-222 (2001)
8. Biskup, J., Bonatti, P.A.: Confidentiality policies and their enforcement for controlled query evaluation. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ES-ORICS 2002. LNCS, vol. 2502, pp. 39-54. Springer, Heidelberg (2002)
9. Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40(1-2), 37-62 (2004)
10. Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Sec. 3(1), 14-27 (2004)
11. Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. In: Dix, J., Hegner, S.J. (eds.) FolKS 2006. LNCS, vol. 3861, pp. 43-62. Springer, Heidelberg (2006)
12. Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Trans. Knowl. Data Eng. 7(3), 406-422 (1995)
13. Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900-919 (2000)
14. Cuppens, F., Gabillon, A.: Logical foundations of multilevel databases. Data Knowl. Eng. 29(3), 259-291 (1999)
15. Cuppens, F., Gabillon, A.: Cover story management. Data Knowl. Eng. 37(2), 177-201 (2001)
16. Dawson, S., di Vimercati, S.D.C., Samarati, P.: Specification and enforcement of classification and inference constraints. In: IEEE Symposium on Security and Privacy, pp. 181-195. IEEE Computer Society Press, Los Alamitos (1999)
17. Dawson, S., di Vimercati, S.D.C., Lincoln, P., Samarati, P.: Minimal data upgrading to prevent inference and association. In: Proc. PODS 1999, pp. 114-125 (1999)
18. Denning, D.E.: Cryptography and Data Security. Addison-Wesley, London (1983)
19. Farkas, C., Jajodia, S.: The inference problem: A survey. SIGKDD Explorations 4(2), 6-11 (2002)
20. Fernández-Medina, E., Piattini, M.; Designing secure databases. Information & Software Technology 47(7), 463-477 (2005)
21. Gollmann, D.: Computer Security, 2nd edn. John Wiley & Sons, Chichester (2006)
22. Lunt, T.F., Denning, D.D., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Trans. Software Eng. 16(6), 593-607 (1990)
23. McLean, J.: A comment on the 'Basic Security Theorem' of Bell and LaPadula. Inf. Process. Lett. 20(2), 67-70 (1985)
24. McLean, J.: Reasoning about security models. In: IEEE Symposium on Security and Privacy, pp. 123-131. IEEE Computer Society Press, Los Alamitos (1987)
25. McLean, J.: The specification and modeling of computer security. IEEE Computer 23(1), 9-16 (1990)
26. Nicomette, V., Deswarte, Y.: A multilevel security model for distributed object systems. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 80-98. Springer, Heidelberg (1996)
27. Olivier, M.S., von Solms, S.H.: A taxonomy for secure object-oriented databases. ACM Trans. Database Syst. 19(1), 3-46 (1994)
28. Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proc. ACM SIGMOD 2004, pp. 551-562. ACM Press, New York (2004)
29. Rosenthal, A., Sciore, E., Wright, R.N.: Simplifying policy administration for distributed privacy-preserving computation (2007), http://www.mitre.org/staffpages/arnie/pubs/ simplifying_policy_admin_privacy_reserving.pdf
30. Sandhu, R.: Lattice-based access control models. IEEE Computer 26(11), 9-19 (1993)
31. Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41-59 (1983)
32. Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: Proc. ACM/CSC-ER Annual Conference, pp. 180-186 (1974)