Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control

Security in relational database systems pursues two conflicting interests: confidentiality and availability. In order to effect a compromise between these interests, two techniques have evolved. On the one hand, controlled query evaluation always preserves confidentiality, but leads to undecidable inference problems in general. On the other hand, access control features simple access decisions, but possibly cannot avoid unwanted information flows. This paper introduces a form of access control that, in combination with restricting the query language, results in an efficient access control mechanism under preservation of confidentiality. Moreover, we justify the necessity of our restrictions and give an outlook on how to use our result as building block for a less restrictive but still secure system.

[1]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[2]  D. Gollmann,et al.  Computer Security 2e , 2005 .

[3]  John McLean,et al.  Reasoning About Security Models , 1987, 1987 IEEE Symposium on Security and Privacy.

[4]  Rudolf Bayer,et al.  Organization and maintenance of large ordered indexes , 1972, Acta Informatica.

[5]  Joachim Biskup,et al.  Controlled Query Evaluation for Known Policies by Combining Lying and Refusal , 2004, Annals of Mathematics and Artificial Intelligence.

[6]  Sarit Kraus,et al.  Foundations of Secure Deductive Databases , 1995, IEEE Trans. Knowl. Data Eng..

[7]  Joachim Biskup,et al.  Lying versus refusal for known potential secrets , 2001, Data Knowl. Eng..

[8]  Frédéric Cuppens,et al.  Logical Foundations of Multilevel Databases , 1999, Data Knowl. Eng..

[9]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[10]  Sabrina De Capitani di Vimercati,et al.  Minimal data upgrading to prevent inference and association attacks , 1999, PODS '99.

[11]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[12]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[13]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[14]  Thomas Lukasiewicz Proceedings of the 7th International Symposium on the Foundations of Information and Knowledge Systems‚ FoIKS 2012‚ Kiel‚ Germany‚ March 5−9‚ 2012 , 2000 .

[15]  Yves Deswarte,et al.  A Multilevel Security Model for Distributed Object Systems , 1996, ESORICS.

[16]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[17]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[18]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[19]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[20]  Joachim Biskup,et al.  Controlled query evaluation for enforcing confidentiality in complete information systems , 2004, International Journal of Information Security.

[21]  Mario Piattini,et al.  Designing secure databases , 2005, Inf. Softw. Technol..

[22]  Sabrina De Capitani di Vimercati,et al.  Specification and enforcement of classification and inference constraints , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[23]  Frédéric Cuppens,et al.  Cover story management , 2001, Data Knowl. Eng..

[24]  John McLean,et al.  A Comment on the 'Basic Security Theorem' of Bell and LaPadula , 1985, Inf. Process. Lett..

[25]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[26]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[27]  Joachim Biskup For unknown secrecies refusal is better than lying , 1999, Data Knowl. Eng..

[28]  Martin S. Olivier,et al.  A taxonomy for secure object-oriented databases , 1994, TODS.

[29]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[30]  Reind P. van de Riet,et al.  Answering queries without revealing secrets , 1983, TODS.

[31]  Joachim Biskup,et al.  Controlled Query Evaluation with Open Queries for a Decidable Relational Submodel , 2006, FoIKS.

[32]  Joachim Biskup,et al.  Confidentiality Policies and Their Enforcement for Controlled Query Evaluation , 2002, ESORICS.

[33]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .