Foundations of logic programming; (2nd extended ed.)
Foundations of logic programming; (2nd extended ed.)
Minimal data upgrading to prevent inference and association attacks
PODS '99 Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Answering queries without revealing secrets
ACM Transactions on Database Systems (TODS)
For unknown secrecies refusal is better than lying
Data & Knowledge Engineering
Lying versus refusal for known potential secrets
Data Engineering
Controlling FD and MVD Inferences in Multilevel Relational Database Systems
IEEE Transactions on Knowledge and Data Engineering
Foundations of Secure Deductive Databases
IEEE Transactions on Knowledge and Data Engineering
Elimination of Inference Channels by Optimal Upgrading
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
View-Based Access Control with High Assurance
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Confidentiality Policies and Their Enforcement for Controlled Query Evaluation
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
The inference problem: a survey
ACM SIGKDD Explorations Newsletter
Policy migration for sensitive credentials in trust negotiation
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
An identifiability-based access control model for privacy protection in open systems
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Controlled query evaluation with open queries for a decidable relational submodel
Annals of Mathematics and Artificial Intelligence
Secure XML publishing without information leakage in the presence of data inference
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Hi-index | 0.00 |
Controlled query evaluation enforces security policies for confidentiality in information systems. It deals with users who may apply background knowledge to infer additional information from the answers to their queries. For each query the correct answer is first judged by some censor and then - if necessary - appropriately modified to preserve security. In previous approaches, modification has been done uniformly, either by lying or by refusal. A drawback of lying is that all disjunctions of secrets must always be protected. On the other hand, refusal may hide an answer even when the correct answer does not immediately reveal a secret.In this paper we introduce a hybrid answer modification method that appropriately combines lying and refusal. We prove that the new method is secure under the models of known potential secrets and of known secrecies, respectively. Furthermore, we demonstrate that the combined approach can be more cooperative than uniform lies and uniform refusal, and enjoyes the advantages of both.