Optimality and Complexity of Inference-Proof Data Filtering and CQE

Biskup, Joachim; Bonatti, Piero A.; Galdi, Clemente; Sauro, Luigi

doi:10.1007/978-3-319-11212-1_10

Cited by 7 publications

(11 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such queries, here called basic information requests, are the only way how the program may get data from the abstract information state. Moreover, the information owner declares a partner-specific confidentiality policy pol as sets of abstract information states, as described in [7].…”

Section: Overview On the Frameworkmentioning

confidence: 99%

See 1 more Smart Citation

Confidentiality enforcement by hybrid control of information flows

Biskup¹,

Tadros²,

Zarouali³

2017

Preprint

Self Cite

View full text Add to dashboard Cite

An information owner, possessing diverse data sources, might want to offer information services based on these sources to cooperation partners and to this end interact with these partners by receiving and sending messages, which the owner on his part generates by program execution. Independently from data representation or its physical storage, information release to a partner might be restricted by the owner's confidentiality policy on an integrated, unified view of the sources. Such a policy should even be enforced if the partner as an intelligent and only semi-honest attacker attempts to infer hidden information from message data, also employing background knowledge. For this problem of inference control, we present a framework for a unified, holistic control of information flow induced by program-based processing of the data sources to messages sent to a cooperation partner. Our framework expands on and combines established concepts for confidentiality enforcement and its verification and is instantiated in a Java environment. More specifically, as a hybrid control we combine gradual release of information via declassification, enforced by static program analysis using a security type system, with a dynamic monitoring approach. The dynamic monitoring employs flow tracking for generalizing values to be declassified under confidentiality policy compliance.

show abstract

Section: Overview On the Frameworkmentioning

confidence: 99%

“…[25], and inference-usability confinement with dynamic tracking of information flows from the abstract information state to generated message data sent to the partner and with a filter and modification method that employs generalization of declassified values, e.g. [5,6,7].…”

Section: Introductionmentioning

confidence: 99%

Confidentiality enforcement by hybrid control of information flows

Biskup¹,

Tadros²,

Zarouali³

2017

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…More specifically, these temporary views are initialized when storing a basic belief reaction as an object in a local container and for an evaluation further tracked according to the operators in the code annotation. In abstract terms, such an information content is represented as a mapping of possible values to sets of belief states such that all these sets together form a partition of the possible belief states, similarly as in [6]. Moreover, the mapping is complemented with an identification of the actual value and block, respectively.…”

Section: Need Of Local Flow Trackingmentioning

confidence: 99%

“…Called by the FlowTracker with the tentative addition, the CIECensor checks whether the combined information content of the tentative addition resulting from preceding processing and the previous view resulting from the history could possibly violate the security policy. In abstract terms, this combination is obtained by taking all nonempty intersections of a block in (the partition of) the tentative addition with the previous view, and a possible violation occurs if there is a block in the combination that is completely contained in an element of the security policy, assuming that a policy element is abstractly represented as a set of belief states, as described in [6]. If the check confirms harmlessness, the previous view is updated to its intersection with the actual block and the FlowTracker is informed accordingly, and the FlowTracker then temporarily opens the flow lock in turn.…”

Section: Need Of Local Flow Trackingmentioning

confidence: 99%

“…Elaborating seminal proposals for inference control in information systems, and being in the spirit of many similar approaches to secrecy as concisely exposed in [14], previous work on Controlled Interaction Execution, CIE, originally only dealt with a single owner of a logic-oriented database system like a relational one solely employed for querying, and later also included updates and non-monotonic belief management, see the summaries [4,5], and the abstraction [6]. Based on that, and grossly summarized, in our vision [7] we proposed an architecture of an inference control front-end for uniformly shielding a possibly heterogeneous collection of data sources.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Constructing Inference-Proof Belief Mediators

Biskup

Tadros

2015

Data and Applications Security and Privacy XXIX

Self Cite

View full text Add to dashboard Cite

Abstract. An information owner might interact with cooperation partners regarding its belief, which is derived from a collection of heterogeneous data sources and can be changed according to perceptions of the partners' actions. While interacting, the information owner willingly shares some information with a cooperation partner but also might want to keep selected pieces of information confidential. This requirement should even be satisfied if the partner as an intelligent and only semi-honest attacker attempts to infer hidden information from accessible data, also employing background knowledge. For this problem of inference control, we outline and discuss a solution by means of a sophisticated mediator agent. Based on forming an integrated belief from the underlying data sources, the design adapts and combines known approaches to language-based information flow control and controlled interaction execution for logic-based information systems.

show abstract

Inference-Proof Monotonic Query Evaluation and View Generation Reconsidered

Biskup¹

2020

Data and Applications Security and Privacy XXXIV

View full text Add to dashboard Cite

Optimality and Complexity of Inference-Proof Data Filtering and CQE

Cited by 7 publications

References 19 publications

Confidentiality enforcement by hybrid control of information flows

Confidentiality enforcement by hybrid control of information flows

Constructing Inference-Proof Belief Mediators

Inference-Proof Monotonic Query Evaluation and View Generation Reconsidered

Contact Info

Product

Resources

About