Inference Control in Logic Databases as a Constraint Satisfaction Problem

We investigate inference control in logic databases. The administrator defines a confidentiality policy, i. e., the pieces of information which may not be disclosed to a certain user. We present a static approach which constructs an alternative database instance in which the confidential information is replaced by harmless information. The construction is performed by the means of constraint programming: The task of finding an appropriate database instance is delegated to a hierarchical constraint solver. We compare this static approach to a dynamic inference control mechanism - Controlled Query Evaluation - investigated in earlier work, and we also point out possible extensions which make use of the various opportunities offered by hierarchical constraint solvers.

[1]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[2]  Alan Borning,et al.  Constraint hierarchies , 1992 .

[3]  Joachim Biskup,et al.  Controlled query evaluation for enforcing confidentiality in complete information systems , 2004, International Journal of Information Security.

[4]  Joachim Biskup,et al.  Lying versus refusal for known potential secrets , 2001, Data Knowl. Eng..

[5]  Ernesto Damiani,et al.  Data and Applications Security XX, 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings , 2006, DBSec.

[6]  Krzysztof R. Apt,et al.  Principles of constraint programming , 2003 .

[7]  Thomas Lukasiewicz Proceedings of the 7th International Symposium on the Foundations of Information and Knowledge Systems‚ FoIKS 2012‚ Kiel‚ Germany‚ March 5−9‚ 2012 , 2000 .

[8]  Slim Abdennadher,et al.  Essentials of Constraint Programming , 2010, Cognitive Technologies.

[9]  Ehud Gudes,et al.  A SecureWorkflow Model Based on Distributed Constrained Role and Task Assignment for the Internet , 2004, ICICS.

[10]  Trent Jaeger,et al.  Proceedings of the Fourth ACM Workshop on Role-Based Access Control, RBAC 1999, Fairfax, VA, USA, October 28-29, 1999 , 1997, RBAC.

[11]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[12]  Joachim Biskup,et al.  Controlled Query Evaluation with Open Queries for a Decidable Relational Submodel , 2006, FoIKS.

[13]  Joachim Biskup,et al.  Keeping secrets in incomplete databases , 2007, International Journal of Information Security.

[14]  Trent Jaeger On the increasing importance of constraints , 1999, RBAC '99.

[15]  Joachim Biskup,et al.  On Finding an Inference-Proof Complete Database for Controlled Query Evaluation , 2006, DBSec.