Signature-based inference-usability confinement for relational databases under functional and join dependencies

Authors:
Joachim Biskup;Sven Hartmann;Sebastian Link;Jan-Hendrik Lochner;Torsten Schlotmann
Affiliations:
Fakultät für Informatik, Technische Universität Dortmund, Germany;Institut für Informatik, Technische Universität Clausthal, Germany;Department of Computer Science, The University of Auckland, New Zealand;Fakultät für Informatik, Technische Universität Dortmund, Germany;Fakultät für Informatik, Technische Universität Dortmund, Germany
Venue:
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Year:
2012

Citing 12
Cited 0

Template Dependencies: A Large Class of Dependencies in Relational Databases and Its Complete Axiomatization

Journal of the ACM (JACM)
Lying versus refusal for known potential secrets

Data Engineering
Foundations of Databases: The Logical Level

Foundations of Databases: The Logical Level
Controlled query evaluation with open queries for a decidable relational submodel

Annals of Mathematics and Artificial Intelligence
Reducing inference control to access control for normalized database schemas

Information Processing Letters
Secrecy in Multiagent Systems

ACM Transactions on Information and System Security (TISSEC)
A theory of runtime enforcement, with results

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Efficient auditing for complex SQL queries

Proceedings of the 2011 ACM SIGMOD International Conference on Management of data
A sound and complete model-generation procedure for consistent and confidentiality-preserving databases

Theoretical Computer Science
Inference-proof view update transactions with forwarded refreshments

Journal of Computer Security - DBSEC 2008
History-dependent inference control of queries by dynamic policy adaption

DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Inference-usability confinement by maintaining inference-proof views of an information system

International Journal of Computational Science and Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Inference control of queries for relational databases confines the information content and thus the usability of data returned to a client, aiming to keep some pieces of information confidential as specified in a policy, in particular for the sake of privacy. In general, there is a tradeoff between the following factors: on the one hand, the expressiveness offered to administrators to declare a schema, a confidentiality policy and assumptions about a client's a priori knowledge; on the other hand, the computational complexity of a provably confidentiality preserving enforcement mechanism. We propose and investigate a new balanced solution for a widely applicable situation: we admit relational schemas with functional and join dependencies, which are also treated as a priori knowledge, and select-project sentences for policies and queries; we design an efficient signature-based enforcement mechanism that we implement for an Oracle/SQL-system. At declaration time, the inference signatures are compiled from an analysis of all possible crucial inferences, and at run time they are employed like in the field of intrusion detection.