Foundations of Secure Deductive Databases

We develop a formal logical foundation for secure deductive databases. This logical foundation is based on an extended logic involving several modal operators. We develop two models of interaction between the user and the database called "yes-no" dialogs, and "yes-no-don't know" dialogs. Both dialog frameworks allow the database to lie to the user. We develop an algorithm for answering queries using yes-no dialogs and prove that secure query processing using yes-no dialogs is NP-complete. Consequently, the degree of computational intractability of query processing with yes-no dialogs is no worse than for ordinary databases. Furthermore, the algorithm is maximally cooperative to user in the sense that lying is resorted to only when absolutely necessary. For Horn databases, we show that secure query processing can be achieved in linear time-hence, this is no more intractable than the situation in ordinary databases. Finally, we identify necessary and sufficient conditions for the database to be able to preserve security. Similar results are also obtained for yes-no-don't know dialogs. >

[1]  Sarit Kraus,et al.  Nonmonotonic Reasoning, Preferential Models and Cumulative Logics , 1990, Artif. Intell..

[2]  J. W. Lloyd,et al.  Foundations of logic programming; (2nd extended ed.) , 1987 .

[3]  Gultekin Özsoyoglu,et al.  Controlling FD and MVD Inferences in Multilevel Relational Database Systems , 1991, IEEE Trans. Knowl. Data Eng..

[4]  Anil Nerode,et al.  Implementing deductive databases by linear programming , 1992, PODS '92.

[5]  Anil Nerode,et al.  Computing Circumscriptive Databases: I. Theory and Algorithms , 1995, Inf. Comput..

[6]  Reind P. van de Riet,et al.  Answering queries without revealing secrets , 1983, TODS.

[7]  Frédéric Cuppens,et al.  A definition of secure dependencies using the logic of security , 1991, Proceedings Computer Security Foundations Workshop IV.

[8]  Joachim Biskup,et al.  The personal model of data: Towards a privacy-oriented information system , 1988, Comput. Secur..

[9]  Joachim Biskup,et al.  Analysis of the Privacy Model for the Information System DORIS , 1988, DBSec.

[10]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[11]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[12]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[13]  Jean H. Gallier,et al.  Linear-Time Algorithms for Testing the Satisfiability of Propositional Horn Formulae , 1984, J. Log. Program..

[14]  Sushil Jajodia,et al.  Polyinstantiation integrity in multilevel relations , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[15]  Nicolas Spyratos,et al.  Protection of Information in Relational Data Bases , 1977, VLDB.

[16]  Joseph R. Shoenfield,et al.  Mathematical logic , 1967 .

[17]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[18]  Sarit Kraus,et al.  Declarative Foundations of Secure Deductive Databases , 1992, ICDT.

[19]  Simon R. Wiseman Control of confidentiality in databases , 1990, Comput. Secur..

[20]  Frédéric Cuppens,et al.  A Modal Logic Framework to Solve Aggregation Problems , 1991, DBSec.

[21]  Carlo Zaniolo,et al.  On the implementation of a simple class of logic queries for databases , 1985, PODS '86.

[22]  Moshe Y. Vardi The complexity of relational query languages (Extended Abstract) , 1982, STOC '82.

[23]  Jonathan K. Millen A Logical Approach to Multilevel Security of Probabilistic Systems , 1992, S&P 1992.

[24]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, CSUR.

[25]  David Maier,et al.  Magic sets and other strange ways to implement logic programs (extended abstract) , 1985, PODS '86.

[26]  L. Goddard,et al.  Operations Research (OR) , 2007 .

[27]  Jackson Wilson Views as the security objects in a multilevel secure relational database management system , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.