Logic-Oriented Confidentiality Policies for Controlled Interaction Execution

Biskup, Joachim

doi:10.1007/978-3-642-37134-9_1

Cited by 6 publications

(9 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, if such a minimum does not exists as for [2, 3] ⊕ [4,6] we define [0, 6] as the result. Now, we consider that the mediator should compute the sum of the columns D and E in the individual's row.…”

Section: Further Challenges and Solutions For The Java-based Instanti...mentioning

confidence: 99%

“…This loss of information in the result sent to the partner does not occur when computing the sum with program p 2 . In line 4 of program p 2 , the CIECensor select the subtree with root [4,6] for SC 2 , so that it returns the value 3 of x 3 , the sum of attributes D and E, unmodified.…”

Section: Further Challenges and Solutions For The Java-based Instanti...mentioning

confidence: 99%

“…[25], and inference-usability confinement with dynamic tracking of information flows from the abstract information state to generated message data sent to the partner and with a filter and modification method that employs generalization of declassified values, e.g. [5,6,7].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Confidentiality enforcement by hybrid control of information flows

Biskup¹,

Tadros²,

Zarouali³

2017

Preprint

Self Cite

View full text Add to dashboard Cite

An information owner, possessing diverse data sources, might want to offer information services based on these sources to cooperation partners and to this end interact with these partners by receiving and sending messages, which the owner on his part generates by program execution. Independently from data representation or its physical storage, information release to a partner might be restricted by the owner's confidentiality policy on an integrated, unified view of the sources. Such a policy should even be enforced if the partner as an intelligent and only semi-honest attacker attempts to infer hidden information from message data, also employing background knowledge. For this problem of inference control, we present a framework for a unified, holistic control of information flow induced by program-based processing of the data sources to messages sent to a cooperation partner. Our framework expands on and combines established concepts for confidentiality enforcement and its verification and is instantiated in a Java environment. More specifically, as a hybrid control we combine gradual release of information via declassification, enforced by static program analysis using a security type system, with a dynamic monitoring approach. The dynamic monitoring employs flow tracking for generalizing values to be declassified under confidentiality policy compliance.

show abstract

Section: Further Challenges and Solutions For The Java-based Instanti...mentioning

confidence: 99%

Section: Further Challenges and Solutions For The Java-based Instanti...mentioning

confidence: 99%

See 1 more Smart Citation

Confidentiality enforcement by hybrid control of information flows

Biskup¹,

Tadros²,

Zarouali³

2017

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Moreover, we want to apply a suitable variant of CIE-like semantics of a security policy for the overall system, see [5]. Informally expressed, the wanted semantics basically requires the following for each belief sentence (traditionally called a potential secret) in the security policy for a specific cooperation partner:…”

Section: Inference Controlmentioning

confidence: 99%

“…Elaborating seminal proposals for inference control in information systems, and being in the spirit of many similar approaches to secrecy as concisely exposed in [14], previous work on Controlled Interaction Execution, CIE, originally only dealt with a single owner of a logic-oriented database system like a relational one solely employed for querying, and later also included updates and non-monotonic belief management, see the summaries [4,5], and the abstraction [6]. Based on that, and grossly summarized, in our vision [7] we proposed an architecture of an inference control front-end for uniformly shielding a possibly heterogeneous collection of data sources.…”

Section: Introductionmentioning

confidence: 99%

Constructing Inference-Proof Belief Mediators

Biskup

Tadros

2015

Data and Applications Security and Privacy XXIX

Self Cite

View full text Add to dashboard Cite

Abstract. An information owner might interact with cooperation partners regarding its belief, which is derived from a collection of heterogeneous data sources and can be changed according to perceptions of the partners' actions. While interacting, the information owner willingly shares some information with a cooperation partner but also might want to keep selected pieces of information confidential. This requirement should even be satisfied if the partner as an intelligent and only semi-honest attacker attempts to infer hidden information from accessible data, also employing background knowledge. For this problem of inference control, we outline and discuss a solution by means of a sophisticated mediator agent. Based on forming an integrated belief from the underlying data sources, the design adapts and combines known approaches to language-based information flow control and controlled interaction execution for logic-based information systems.

show abstract

Idea: Towards a Vision of Engineering Controlled Interaction Execution for Information Services

Biskup

Tadros

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Logic-Oriented Confidentiality Policies for Controlled Interaction Execution

Cited by 6 publications

References 40 publications

Confidentiality enforcement by hybrid control of information flows

Confidentiality enforcement by hybrid control of information flows

Constructing Inference-Proof Belief Mediators

Idea: Towards a Vision of Engineering Controlled Interaction Execution for Information Services

Contact Info

Product

Resources

About