Optimization of the Controlled Evaluation of Closed Relational Queries

For relational databases, controlled query evaluation is an effective inference control mechanism preserving confidentiality regarding a previously declared confidentiality policy. Implementations of controlled query evaluation usually lack efficiency due to costly theorem prover calls. Suitably constrained controlled query evaluation can be implemented efficiently, but is not flexible enough from the perspective of database users and security administrators. In this paper, we propose an optimized framework for controlled query evaluation in relational databases, being efficiently implementable on the one hand and relaxing the constraints of previous approaches on the other hand.

[1]  Joachim Biskup,et al.  Lying versus refusal for known potential secrets , 2001, Data Knowl. Eng..

[2]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[3]  Sabrina De Capitani di Vimercati,et al.  Specification and enforcement of classification and inference constraints , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[4]  Joachim Biskup,et al.  Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control , 2007, ISC.

[5]  Sarit Kraus,et al.  Foundations of Secure Deductive Databases , 1995, IEEE Trans. Knowl. Data Eng..

[6]  Frédéric Cuppens,et al.  Cover story management , 2001, Data Knowl. Eng..

[7]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[8]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[9]  Paul Bird,et al.  A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems , 2004, VLDB.

[10]  Joachim Biskup,et al.  Controlled query evaluation for enforcing confidentiality in complete information systems , 2004, International Journal of Information Security.

[11]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[12]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[13]  Joachim Biskup,et al.  Reducing inference control to access control for normalized database schemas , 2008, Inf. Process. Lett..

[14]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[15]  Joachim Biskup,et al.  Controlled Query Evaluation for Known Policies by Combining Lying and Refusal , 2002, FoIKS.

[16]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[17]  Reind P. van de Riet,et al.  Answering queries without revealing secrets , 1983, TODS.

[18]  Elisa Bertino,et al.  Micro-views, or on how to protect privacy while enhancing data usability: concepts and challenges , 2006, SGMD.

[19]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[20]  Joachim Biskup,et al.  Controlled query evaluation with open queries for a decidable relational submodel , 2007, Annals of Mathematics and Artificial Intelligence.

[21]  Joachim Biskup,et al.  Boyce-Codd Normal Form and Object Normal Forms , 1989, Inf. Process. Lett..

[22]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.