Signature-Based Inference-Usability Confinement for Relational Databases under Functional and Join Dependencies
详细信息    查看全文
  • 作者:Joachim Biskup (17)
    Sven Hartmann (18)
    Sebastian Link (19)
    Jan-Hendrik Lochner (17)
    Torsten Schlotmann (17)
  • 关键词:a priori knowledge ; confidentiality policy ; functional dependency ; inference control ; inference ; usability confinement ; interaction history ; join dependency ; refusal ; relational database ; select ; project query ; inference signature ; SQL ; template dependency
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2012
  • 出版时间:2012
  • 年:2012
  • 卷:7371
  • 期:1
  • 页码:74-89
  • 全文大小:362KB
  • 参考文献:1. Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)
    2. Biskup, J.: History-Dependent Inference Control of Queries by Dynamic Policy Adaption. In: Li, Y. (ed.) DBSec 2011. LNCS, vol.?6818, pp. 106-21. Springer, Heidelberg (2011) CrossRef
    3. Biskup, J.: Inference-usability confinement by maintaining inference-proof views of an information system. International Journal of Computational Science and Engineering?7(1), 17-7 (2012) CrossRef
    4. Biskup, J., Bonatti, P.A.: Lying versus refusal for known potential secrets. Data Knowl. Eng.?38(2), 199-22 (2001) CrossRef
    5. Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. Ann. Math. Artif. Intell.?50(1-2), 39-7 (2007) CrossRef
    6. Biskup, J., Embley, D.W., Lochner, J.-H.: Reducing inference control to access control for normalized database schemas. Inf. Process. Lett.?106(1), 8-2 (2008) CrossRef
    7. Biskup, J., Gogolin, C., Seiler, J., Weibert, T.: Inference-proof view update transactions with forwarded refreshments. Journal of Computer Security?19, 487-29 (2011)
    8. Biskup, J., Hartmann, S., Link, S., Lochner, J.-H.: Chasing after secrets in relational databases. In: Laender, A.H.F., Lakshmanan, L.V.S. (eds.) Alberto Mendelzon International Workshop on Foundations of Data Management, AMW 2010. CEUR, vol.?619, pp. 13.1-3.12 (2010)
    9. Biskup, J., Lochner, J.-H., Sonntag, S.: Optimization of the Controlled Evaluation of Closed Relational Queries. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol.?297, pp. 214-25. Springer, Heidelberg (2009) CrossRef
    10. Biskup, J., Tadros, C.: Policy-based secrecy in the Runs & Systems Framework and controlled query evaluation. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) Advances in Information and Computer Security -International Workshop on Security, IWSEC 2010, Short Papers, pp. 60-7. Information Processing Society of Japan (2010)
    11. Biskup, J., Wiese, L.: A sound and complete model-generation procedure for consistent and confidentiality-preserving databases. Theoretical Computer Science?412, 4044-072 (2011) CrossRef
    12. Fagin, R., Maier, D., Ullman, J.D., Yannakakis, M.: Tools for template dependencies. SIAM J. Comput.?12(1), 36-9 (1983) CrossRef
    13. Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur.?12(1), 5.1-.47 (2008)
    14. Kaushik, R., Ramamurthy, R.: Efficient auditing for complex SQL queries. In: Sellis, T.K., Miller, R.J., Kementsietsidis, A., Velegrakis, Y. (eds.) ACM SIGMOD International Conference on Management of Data, SIGMOD 2011, pp. 697-08. ACM (2011)
    15. Ligatti, J., Reddy, S.: A Theory of Runtime Enforcement, with Results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol.?6345, pp. 87-00. Springer, Heidelberg (2010) CrossRef
    16. Sadri, F., Ullman, J.D.: Template dependencies: A large class of dependencies in relational databases and its complete axiomatization. J. ACM?29(2), 363-72 (1982) CrossRef
  • 作者单位:Joachim Biskup (17)
    Sven Hartmann (18)
    Sebastian Link (19)
    Jan-Hendrik Lochner (17)
    Torsten Schlotmann (17)

    17. Fakult?t für Informatik, Technische Universit?t Dortmund, Germany
    18. Institut für Informatik, Technische Universit?t Clausthal, Germany
    19. Department of Computer Science, The University of Auckland, New Zealand
文摘
Inference control of queries for relational databases confines the information content and thus the usability of data returned to a client, aiming to keep some pieces of information confidential as specified in a policy, in particular for the sake of privacy. In general, there is a tradeoff between the following factors: on the one hand, the expressiveness offered to administrators to declare a schema, a confidentiality policy and assumptions about a client’s a priori knowledge; on the other hand, the computational complexity of a provably confidentiality preserving enforcement mechanism. We propose and investigate a new balanced solution for a widely applicable situation: we admit relational schemas with functional and join dependencies, which are also treated as a priori knowledge, and select-project sentences for policies and queries; we design an efficient signature-based enforcement mechanism that we implement for an Oracle/SQL-system. At declaration time, the inference signatures are compiled from an analysis of all possible crucial inferences, and at run time they are employed like in the field of intrusion detection.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700