Usability confinement of server reactions: Maintaining inference-proof client views by controlled interaction execution

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5999 LNCS, Issue , 2010, Pages 80-106

  Biskup, Joachim ^a  

^a TU DORTMUND UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

APRIORI; CLIENT INTERACTION; CONTROL MECHANISM; FORMAL VERIFICATIONS; INFERENCE CONTROL; INFORMATION CONTENTS; POLICY DRIVEN; PROTECTION REQUIREMENTS; REASONING CAPABILITIES;

TECHNICAL PRESENTATIONS;

INFORMATION SYSTEMS;

EID: 77951549976     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-12038-1_7     Document Type: Conference Paper

References (45)

1. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65-104 (1999)
2. Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Very Large Data Bases, VLDB 2002, pp. 502-513. Morgan Kaufmann, San Francisco (2002)
3. Biskup, J.: For unknown secrecies refusal is better than lying. Data Knowl. Eng. 33(1), 1-23 (2000)
4. Biskup, J.: Security in Computing Systems - Challenges, Approaches and Solutions. Springer, Heidelberg (2009)
5. Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng. 38(2), 199-222 (2001)
6. Biskup, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. Int. J. Inf. Sec. 3(1), 14-27 (2004)
7. Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40(1-2), 37-62 (2004)
8. Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. Ann. Math. Artif. Intell. 50(1-2), 39-77 (2007)
9. Biskup, J., Burgard, D.M., Weibert, T., Wiese, L.: Inference control in logic databases as a constraint satisfaction problem. In: McDaniel, P., Gupta, S.K. (eds.) ICISS 2007. LNCS, vol.4812, pp. 128-142. Springer, Heidelberg (2007)
10. Biskup, J., Embley, D.W., Lochner, J.-H.: Reducing inference control to access control for normalized database schemas. Inf. Process. Lett. 106(1), 8-12 (2008)
11. Biskup, J., Gogolin, C., Seiler, J., Weibert, T.: Requirements and protocols for inference-proof interactions in information systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol.5789, pp. 285-302. Springer, Heidelberg (2009)
12. Biskup, J., Lochner, J.-H.: Enforcing confidentiality in relational databases by reducing inference control to access control. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol.4779, pp. 407-422. Springer, Heidelberg (2007)
13. Biskup, J., Lochner, J.-H., Sonntag, S.: Optimization of the controlled evaluation of closed relational queries. In: Gritzalis, D., Lopez, J. (eds.) Emerging Challenges for Security, Privacy and Trust. IFIP AICT, vol.297, pp. 214-225. Springer, Heidelberg (2009)
14. Biskup, J., Seiler, J., Weibert, T.: Controlled query evaluation and inference-free view updates. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol.5645, pp. 1-16. Springer, Heidelberg (2009)
15. Biskup, J., Tadros, C., Wiese, L.: Towards controlled query evaluation for incomplete first-order databases. In: Link, S., Prade, H. (eds.) FOIKS 2010. LNCS, vol.5956, pp. 230-247. Springer, Heidelberg (2010)
16. Biskup, J., Weibert, T.: Confidentiality policies for controlled query evaluation. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol.4602, pp. 1-13. Springer, Heidelberg (2007)
17. Biskup, J., Weibert, T.: Keeping secrets in incomplete databases. Int. J. Inf. Sec. 7(3), 199-217 (2008)
18. Biskup, J., Wiese, L.: Preprocessing for controlled query evaluation with availability policy. Journal of Computer Security 16(4), 477-494 (2008)
19. Biskup, J., Wiese, L.: Combining consistency and confidentiality requirements in first-order databases. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol.5735, pp. 121-134. Springer, Heidelberg (2009)
20. Bonatti, P.A., Kraus, S., Subrahmanian, V.S.: Foundations of secure deductive databases. IEEE Trans. Knowl. Data Eng. 7(3), 406-422 (1995)
21. Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900-919 (2000)
22. Cuppens, F., Gabillon, A.: Cover story management. Data Knowl. Eng. 37(2), 177-201 (2001)
23. Dawson, S., De Capitani di Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. In: IEEE Symposium on Security and Privacy, pp. 181-195. IEEE, Los Alamitos (1999)
24. De Capitani di Vimercati, S., Samarati, P., Jajodia, S.: Policies, models, and languages for access control. In: Bhalla, S. (ed.) DNIS 2005. LNCS, vol.3433, pp. 225-237. Springer, Heidelberg (2005)
25. Du, W., Atallah, M.J.: Secure multi-party computation problems and their applications: a review and open problems. In: New Security Paradigms Workshop, NSPW 2001, pp. 13-22. ACM, New York (2001)
26. Evfimievski, A.V., Fagin, R., Woodruff, D.P.: Epistemic privacy. In: Principles of Database Systems, PODS 2008, pp. 171-180. ACM, New York (2008)
27. Farkas, C., Jajodia, S.: The inference problem: A survey. SIGKDD Explorations 4(2), 6-11 (2002)
28. Goldreich, O.: Foundations of Cryptography II - Basic Applications. Cambridge University Press, Cambridge (2004)
29. Gollmann, D.: Computer Security, 2nd edn. John Wiley and Sons, Chichester (2006)
30. Halpern, J.Y., O'Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. 12(1), 5.1-5.47 (2008)
31. Ishihara, Y., Morita, T., Seki, H., Ito, M.: An equational logic based approach to the security problem against inference attacks on object-oriented databases. J. Comput. Syst. Sci. 73(5), 788-817 (2007)
32. Lindgreen, E.R., Herschberg, I.S.: On the validity of the Bell-La Padula model. Computers & Security 13(4), 317-333 (1994)
33. Lorentz, D., et al.: Oracle Database SQL Language Reference, 11g Release 1 (11.1). B28286-03, Oracle Corporation (2008), http://www.oracle.com/pls/db111/ to-pdf?partno=b28286
34. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. In: TKDD, vol.1(1) (2007)
35. Miklau, G., Suciu, D.: A formal analysis of information disclosure in data exchange. J. Comput. Syst. Sci. 73(3), 507-534 (2007)
36. Pretschner, A., Hilty, M., Basin, D.A.: Distributed usage control. Commun. ACM 49(9), 39-44 (2006)
37. Pretschner, A., Hilty, M., Basin, D.A., Schaefer, C., Walter, T.: Mechanisms for usage control. In: Information, Computer and Communications Security, ASIACCS 2008, pp. 240-244. ACM, New York (2008)
38. Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41-59 (1983)
39. Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: ACM/CSC-ER Annual Conference, pp. 180-186. ACM, New York (1974)
40. Stouppa, P., Studer, T.: Data privacy for knowledge bases. In: Artemov, S., Nerode, A. (eds.) LFCS 2009. LNCS, vol.5407, pp. 409-421. Springer, Heidelberg (2009)
41. Tadros, C., Wiese, L.: Using SAT solvers to compute inference-proof database instances. In: Fourth International Workshop on Data Privacy Management, DPM 2009 (2010) (to appear)
42. Weibert, T.: A Framework for Inference Control in Incomplete Logic Databases. PhD thesis, Technische Universität Dortmund (2008), http://hdl.handle.net/2003/25116
43. Wiese, L.: Preprocessing for Controlled Query Evaluation in Complete First-Order Databases. PhD thesis, Technische Universität Dortmund (2009), http://hdl.handle.net/2003/26383
44. Winslett, M., Smith, K., Qian, X.: Formal query languages for secure relational databases. ACM Trans. Database Syst. 19(4), 626-662 (1994)
45. Zhang, Z., Mendelzon, A.O.: Authorization views and conditional query containment. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol.3363, pp. 259-273. Springer, Heidelberg (2004)