Preserving confidentiality while reacting on iterated queries and belief revisions

Biskup, Joachim; Tadros, Cornelia

doi:10.1007/s10472-013-9374-6

Cited by 9 publications

(7 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With our focus on such a unified control, we used an abstract representation of information like in [7] for the purpose of flow tracking in task ( 2), but for future instantiations of our framework we could use a logic-based representation of the temporary views and the observer's previous view. In this case, the confidentiality policy could be stated more conveniently as a set of logical sentences and Asumption 2 can be established by results on view computations for particular basic information requests, including queries to relational databases or incomplete databases, updates, see the summaries [5,6] and revisions [10]. Such requests can be jointly offered by information mediation, to be integrated into our framework as outlined in [9].…”

Section: Discussionmentioning

confidence: 99%

“…This level inference starts with the basic set Γ, which assigns levels from {high, low} to selected expressions, and inductively derives levels of further expressions, including program variables, and levels of assignments as elementary programs and of their composition to complex subprograms by control flow constructs. Our approach is not to select a specific security level high variables each seen as a container for a basic information reaction Components of the proposed framework with a two layered approach according to the draft in [10]: Release of information from the abstract information state to the partner solely through declassification, and control of the information flow through declassification for confidentiality policy compliance by a dynamic monitor which consists of FlowTracker and CIECensor inference system 1 , but to point to properties needed for the verification of our framework and offered by numerous such systems to-date. Each time we eventually instantiate the framework, we select the security level inference system as we demonstrate in Section 3.1.…”

Section: Overview On the Frameworkmentioning

confidence: 99%

“…Based on Assumption 2 (Temporay view initialization) and Property 2 (Gradual release), we can show by induction on the tree structure that for all nodes n of T the domain of symb(n) is Hvars for (9) and it holds eval(expr)(mem n , ais) = v iff ais ∈ B v ∈ eval(symexpr)(tempvs, mem low ). Since this way we can verify correctness for the translation of all relevant operations of the tree along a path, including branch conditions, we can show correctness of the translation of the complete tree for (10).…”

Section: Sketch Of Induction Step For Theoremmentioning

confidence: 99%

See 2 more Smart Citations

Confidentiality enforcement by hybrid control of information flows

Biskup¹,

Tadros²,

Zarouali³

2017

Preprint

Self Cite

View full text Add to dashboard Cite

An information owner, possessing diverse data sources, might want to offer information services based on these sources to cooperation partners and to this end interact with these partners by receiving and sending messages, which the owner on his part generates by program execution. Independently from data representation or its physical storage, information release to a partner might be restricted by the owner's confidentiality policy on an integrated, unified view of the sources. Such a policy should even be enforced if the partner as an intelligent and only semi-honest attacker attempts to infer hidden information from message data, also employing background knowledge. For this problem of inference control, we present a framework for a unified, holistic control of information flow induced by program-based processing of the data sources to messages sent to a cooperation partner. Our framework expands on and combines established concepts for confidentiality enforcement and its verification and is instantiated in a Java environment. More specifically, as a hybrid control we combine gradual release of information via declassification, enforced by static program analysis using a security type system, with a dynamic monitoring approach. The dynamic monitoring employs flow tracking for generalizing values to be declassified under confidentiality policy compliance.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Overview On the Frameworkmentioning

confidence: 99%

Section: Sketch Of Induction Step For Theoremmentioning

confidence: 99%

See 1 more Smart Citation

Confidentiality enforcement by hybrid control of information flows

Biskup¹,

Tadros²,

Zarouali³

2017

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…The framework applies language-based information flow control with declassification supported by controlled interaction execution. Rather than establishing a single inference control mechanism for a specific interaction protocol programmed in Java, as done in previous work, e.g., [8], we more ambitiously aim at providing a general framework to implement any inferenceproof interaction protocol of the kind described in Subsection 3.2. The main goal of the framework is to uniformly and securely relate CIE-like inference control regarding logically expressed pieces of belief on the one hand to information flow control regarding data objects stored in containers and manipulated by means of Java commands like evaluation of expressions, assignment and procedure call, or conditionals (guarded commands) on the other hand.…”

Section: Inference Controlmentioning

confidence: 99%

Constructing Inference-Proof Belief Mediators

Biskup

Tadros

2015

Data and Applications Security and Privacy XXIX

Self Cite

View full text Add to dashboard Cite

Abstract. An information owner might interact with cooperation partners regarding its belief, which is derived from a collection of heterogeneous data sources and can be changed according to perceptions of the partners' actions. While interacting, the information owner willingly shares some information with a cooperation partner but also might want to keep selected pieces of information confidential. This requirement should even be satisfied if the partner as an intelligent and only semi-honest attacker attempts to infer hidden information from accessible data, also employing background knowledge. For this problem of inference control, we outline and discuss a solution by means of a sophisticated mediator agent. Based on forming an integrated belief from the underlying data sources, the design adapts and combines known approaches to language-based information flow control and controlled interaction execution for logic-based information systems.

show abstract

“…As far as we know, studies of secrecy, within the logical tradition, are confined to issues related to system security [5,6,7,8,9,10,11,12,13,14]. In such studies, a secret is presented as a true piece of information about an agent/a system which is not known by a certain adversary group; the focus is mostly on identifying effective, and often subtle, methods for keeping the secret.…”

Section: Introductionmentioning

confidence: 99%

A Commonsense Theory of Secrets

Ismail

Shafie²

2020

Frontiers in Artificial Intelligence and Applications

View full text Add to dashboard Cite

With the advent of social robots, precise accounts of an increasing number of social phenomena are called for. Although the phenomenon of secrets is an important part of everyday social situations, logical accounts of it can only be found, in a rather strict sense, within logical investigations of systems security. This paper is an attempt to formalize the logic of a commonsense notion of secrets as a contribution to ontologies of social and epistemological phenomena. We take a secret to be a five-way relation between a proposition, a group of secret-keepers, a group of nescients, a condition of secrecy, and a time point. A bare-bones notion of secrets is defined by providing necessary and sufficient conditions for said relation to hold. Special classes of secrets are then identified by considering an assortment of extra conditions. The logical language employed formalizes a classical account of belief and intention, a theory of groups, and a novel notion of revealing. In such a rich theory, interesting properties of secrets are proved.

show abstract

Preserving confidentiality while reacting on iterated queries and belief revisions

Cited by 9 publications

References 20 publications

Confidentiality enforcement by hybrid control of information flows

Confidentiality enforcement by hybrid control of information flows

Constructing Inference-Proof Belief Mediators

A Commonsense Theory of Secrets

Contact Info

Product

Resources

About