Requirements and Protocols for Inference-Proof Interactions in Information Systems

Biskup, Joachim; Gogolin, Christian; Seiler, Jens; Weibert, Torben

doi:10.1007/978-3-642-04444-1_18

Cited by 9 publications

(2 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Clearly, such refreshments are also useful when the server requests an update of the instance by himself, as further studied in [9]. Additionally, we could combine updates requested by the server and view updates issued by a client.…”

Section: Conclusion and Related Workmentioning

confidence: 96%

Inference-proof view update transactions with forwarded refreshments

Biskup¹,

Gogolin

Seiler

et al. 2011

JCS

Self Cite

View full text Add to dashboard Cite

Inference control aims at disabling a participant to gain a piece of information to be kept confidential. Considering a server-client architecture for information systems, we extend Controlled Query Evaluation (CQE), an inference control method to enforce confidentiality in static information systems under queries, to databases that are updatable by a client. More specifically, within the framework of the lying approach to CQE, we study how the server should translate a view update request issued by a client into a new database state in an inference-proof way. In order to avoid dangerous inferences, some such updates have to be denied even though the new database instance would be compatible with the set of integrity constraints declared in the schema and supposed to be known to the client. In contrast, seen from the client's point of view some other updates leading to an incompatible instance should not be denied. We design a control method to resolve this seemingly paradoxical situation and then prove that the general security definitions of CQE, suitably extended to capture both query evaluation and view update processing, and other properties linked to view updates hold. Moreover, we further enhance that control method by adding an inference-proof subprotocol for refreshing the views of the other clients. To ensure inferenceproofness, from the other clients' point of view, any view update might be a transaction, i.e., a sequence of elementary updates. 1

show abstract

Section: Conclusion and Related Workmentioning

confidence: 96%

Inference-proof view update transactions with forwarded refreshments

Biskup¹,

Gogolin

Seiler

et al. 2011

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…The controlled query evaluation (CQE) framework first introduced by Sicherman et al [19] offers a mechanism for answering database queries without revealing secrets. This framework which has been explored extensively by Biskup and colleagues in a series of papers [85,86,87,88,89,90,91,92,93,94,95,96] includes: (a) policies that specify secrets (queries for which all possible answers must be protected), potential secrets (queries for which only some of the answers must be protected); (b) policies for answering queries so as to protect secrets and potential secrets including lying in response to a query, refusing to answer a query, and their combinations; and (c) alternative assumptions regarding whether or not the querying agent is aware of the queries whose answers the KB is trying to protect. Recent work within this framework has introduced techniques using SAT-solvers and constraint solvers for preprocessing the databases so that the resulting database can answer queries in a manner that is consistent with the specified policies.…”

Section: Related Workmentioning

confidence: 99%