Information Control by Policy-Based Relational Weakening Templates

We conceptually design, formally verify and experimentally evaluate a sophisticated information control mechanism for a relational database instance. The mechanism reacts on access requests for data publishing or query answering with a granularity of either the whole instance or individual tuples. The reaction is based on a general read access permission for the instance combined with user-specific exceptions expressed as prohibitions regarding particular pieces of information declared in a confidentiality policy. These prohibitions are to be enforced in the sense that the user should neither be able to get those pieces directly nor by rational reasoning exploiting the interaction history and background knowledge about both the database and the control mechanism. In an initial off-line phase, the control mechanism basically determines instance-independent weakening templates for individual tuples and generates a policy-compliant weakened view on the stored instance. During the system-user interaction phase, each request to receive data of the database instance is fully accepted but redirected to the weakened view.

[1]  Joachim Biskup,et al.  Database Fragmentation with Encryption: Under Which Semantic Constraints and A Priori Knowledge Can Two Keep a Secret? , 2013, DBSec.

[2]  Joachim Biskup,et al.  Inference-Proof Data Publishing by Minimally Weakening a Database Instance , 2014, ICISS.

[3]  Sushil Jajodia,et al.  Fragmentation in Presence of Data Dependencies , 2014, IEEE Transactions on Dependable and Secure Computing.

[4]  Reind P. van de Riet,et al.  Answering queries without revealing secrets , 1983, TODS.

[5]  Torsten Werner Introduction To Privacy Preserving Data Publishing Concepts And Techniques , 2016 .

[6]  Kurt Mehlhorn,et al.  LEDA: a platform for combinatorial and geometric computing , 1997, CACM.

[7]  Ryan Williams,et al.  Resolving the Complexity of Some Data Privacy Problems , 2010, ICALP.

[8]  Joseph Y. Halpern,et al.  Secrecy in Multiagent Systems , 2008, TSEC.

[9]  Vijay V. Vazirani,et al.  A theory of alternating paths and blossoms for proving correctness of the $$O(\sqrt V E)$$ general graph maximum matching algorithm , 1990, Comb..

[10]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[11]  Joachim Biskup,et al.  A sound and complete model-generation procedure for consistent and confidentiality-preserving databases , 2011, Theor. Comput. Sci..

[12]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[13]  Rajeev Motwani,et al.  Anonymizing Tables , 2005, ICDT.

[14]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[15]  Jacob Magun Greeding matching algorithms, an experimental study , 1998, JEAL.

[16]  Joachim Biskup Inference-usability confinement by maintaining inference-proof views of an information system , 2012, Int. J. Comput. Sci. Eng..

[17]  Joachim Biskup,et al.  Controlled query evaluation with open queries for a decidable relational submodel , 2007, Annals of Mathematics and Artificial Intelligence.

[18]  Jens Vygen,et al.  The Book Review Column1 , 2020, SIGACT News.