Lying versus refusal for known potential secrets
Data Engineering
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
Controlled query evaluation with open queries for a decidable relational submodel
Annals of Mathematics and Artificial Intelligence
Reducing inference control to access control for normalized database schemas
Information Processing Letters
ACM Transactions on Information and System Security (TISSEC)
A theory of runtime enforcement, with results
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Efficient auditing for complex SQL queries
Proceedings of the 2011 ACM SIGMOD International Conference on Management of data
Theoretical Computer Science
Inference-proof view update transactions with forwarded refreshments
Journal of Computer Security - DBSEC 2008
History-dependent inference control of queries by dynamic policy adaption
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Inference-usability confinement by maintaining inference-proof views of an information system
International Journal of Computational Science and Engineering
Hi-index | 0.00 |
Inference control of queries for relational databases confines the information content and thus the usability of data returned to a client, aiming to keep some pieces of information confidential as specified in a policy, in particular for the sake of privacy. In general, there is a tradeoff between the following factors: on the one hand, the expressiveness offered to administrators to declare a schema, a confidentiality policy and assumptions about a client's a priori knowledge; on the other hand, the computational complexity of a provably confidentiality preserving enforcement mechanism. We propose and investigate a new balanced solution for a widely applicable situation: we admit relational schemas with functional and join dependencies, which are also treated as a priori knowledge, and select-project sentences for policies and queries; we design an efficient signature-based enforcement mechanism that we implement for an Oracle/SQL-system. At declaration time, the inference signatures are compiled from an analysis of all possible crucial inferences, and at run time they are employed like in the field of intrusion detection.