Controlled Query Evaluation for Known Policies by Combining Lying and Refusal

View Related Documents

Journal Article
Controlled Query Evaluation for Known Policies by Combining Lying and Refusal
Joachim Biskup and Piero A. Bonatti
Annals of Mathematics and Artificial Intelligence, 2004, Volume 40, Numbers 1-2, Pages 37-62
- Download PDF (178.2 KB)
Book Chapter
Confidentiality Policies for Controlled Query Evaluation
Joachim Biskup and Torben Weibert
Lecture Notes in Computer Science, 2007, Volume 4602, Data and Applications Security XXI, Pages 1-13
- Download PDF (406.2 KB)
Book Chapter
Controlled Query Evaluation with Open Queries for a Decidable Relational Submodel
Joachim Biskup and Piero Bonatti
Lecture Notes in Computer Science, 2006, Volume 3861, Foundations of Information and Knowledge Systems, Pages 43-62
- Download PDF (528.0 KB)
Book Chapter
Refusal in Incomplete Databases
Joachim Biskup and Torben Weibert
IFIP International Federation for Information Processing, 2004, Volume 144, Research Directions in Data and Applications Security XVIII, Pages 143-157
- Download PDF (1.2 MB)
Book Chapter
Confidentiality Policies and Their Enforcement for Controlled Query Evaluation
Joachim Biskup and Piero Bonatti
Lecture Notes in Computer Science, 2002, Volume 2502, Computer Security — ESORICS 2002, Pages 39-55
- Download PDF (218.1 KB)
Journal Article
Controlled query evaluation for enforcing confidentiality in complete information systems
Joachim Biskup and Piero Bonatti
International Journal of Information Security, 2004, Volume 3, Number 1, Pages 14-27
- Download PDF (997.5 KB)
Book Chapter
Optimization of the Controlled Evaluation of Closed Relational Queries
Joachim Biskup, Jan-Hendrik Lochner and Sebastian Sonntag
IFIP Advances in Information and Communication Technology, 2009, Volume 297, Emerging Challenges for Security, Privacy and Trust, Pages 214-225
- Download PDF (234.2 KB)
Book Chapter
Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control
Joachim Biskup and Jan-Hendrik Lochner
Lecture Notes in Computer Science, 2007, Volume 4779, Information Security, Pages 407-422
- Download PDF (440.8 KB)
Journal Article
Uncertain inference control in privacy protection
Xiangdong An, Dawn Jutla, Nick Cercone, Charnyote Pluempitiwiriyawej and Hai Wang
International Journal of Information Security, 2009, Volume 8, Number 6, Pages 423-431
- Download PDF (192.7 KB)
Book Chapter
On Finding an Inference-Proof Complete Database for Controlled Query Evaluation
Joachim Biskup and Lena Wiese
Lecture Notes in Computer Science, 2006, Volume 4127, Data and Applications Security XX, Pages 30-43
- Download PDF (455.3 KB)

Abstract

Controlled query evaluation enforces security policies for confidentiality in information systems. It deals with users who may apply background knowledge to infer additional information from the answers to their queries. For each query the correct answer is first judged by some censor and then - if necessary - appropriately modified to preserve security. In previous approaches, modification has been done uniformly, either by lying or by refusal. A drawback of lying is that all disjunctions of secrets must always be protected. On the other hand, refusal may hide an answer even when the correct answer does not immediately reveal a secret.

In this paper we introduce a hybrid answer modification method that appropriately combines lying and refusal. We prove that the new method is secure under the models of known potential secrets and of known secrecies, respectively. Furthermore, we demonstrate that the combined approach can be more cooperative than uniform lies and uniform refusal, and enjoyes the advantages of both.

Keywords Inference control - Controlled query evaluation - Secrecy - Potential secret - User log - Refusal - Lying - Reliability

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Controlled Query Evaluation for Known Policies by Combining Lying and Refusal

View Related Documents

Abstract

Fulltext Preview