Abstract
This paper proposes a formal method for modeling database security based on a logical interpretation of two problems: the (internal) information flow controls and the (external) information inference controls. Examples are developed that illustrate the inability of “classical” security models such as non-interference and non-deducibility to completely take into account the inference problem, because both are too constraining: the former model leads to the existence problem, whereas the latter one leads to the elimination problem. The causality model, which has been developed to solve the information flow control problem by considering that “what is known, must be permitted to be known”, does not also explicitly take into account the inference problem. But we show that it is possible to extend causality so that inference can in fact be solved by formalizing the security policy consistency in the following way “any information must not be both permitted and forbidden, to be known”. However, some difficulties remain if we do not consider that a subject can perform not only valid derivations but also plausible derivations. In particular, we show that classical solutions to the inference problem such as use of polyinstantiated databases are not plainly satisfactory, unless the security policy is able to estimate how it is plausible that an abductive reasoning can occur.
Chapter PDF
Similar content being viewed by others
References
C. E. Alchourron. Philosophical Foundations of Deontic Logic and its Practical Applications in Computational Contexts. In Proc. of the First International Workshop on Deontic Logic in Computer Science, Amsterdam, The Netherlands, 1991. Invited Lecture.
D. Bell and L. LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical Report ESD-TR-75-306, MTR-2997, MITRE, Bedford, Mass, 1975.
P. Bieber and F. Cuppens. Computer Security Policies and Deontic Logic. In Proc. of the First International Workshop on Deontic Logic in Computer Science, Amsterdam, The Netherlands, 1991.
P. Bieber and F. Cuppens. A Logical View of Secure Dependencies. Journal of Computer Security, 1(1):99–129, 1992.
P. Bieber and F. Cuppens. Secure Dependencies with Dynamic Level Assignments. In Proc. of the computer security foundations workshop, Franconia, 1992.
N. Boulahia-Cuppens and F. Cuppens. Asynchronous composition and required security condition. In IEEE Symposium on Security and Privacy, Oakland, 1994.
E. Cohen. Information Transmission in Sequential Programs. In Foundations of Secure Computation. Academic Press, 1978.
F. Cuppens. A modal logic framework to solve aggregation problems. In S. Jajodia and C. Landwehr, editors, Database Security, 5: Status and Prospects. North-Holland, 1992. Results of the IFIP WG 11.3 Workshop on Database Security.
F. Cuppens. A Logical Analysis of Authorized and Prohibited Information Flows. In IEEE Symposium on Security and Privacy, Oakland, 1993.
F. Cuppens and R. Demolombe. Normative Conflicts in a Confidentiality Policy. In ECAI-94 Workshop on Artificial Normative Reasoning, Amsterdam, The Netherlands, 1994.
F. Cuppens and K. Yazdanian. A “Natural” Decomposition of Multi-level Relations. In IEEE Symposium on Security and Privacy, Oakland, 1992.
R. Demolombe and L. Fariñas del Cerro. Efficient representation of incomplete information. In J. Schmidt and C Thanos, editors, Foundations of Knowledge Base Management. Springer Verlag, 1990.
D. Denning. Cryptography and Data Security. Addison-Wesley, 1982.
D. Denning, T. Lunt, R. Shell, M. Heckman, and W. Shockley. A Multilevel Relational Data Model. In IEEE Symposium on Security and Privacy, Oakland, 1987.
D. Denning, T. Lunt, R. Shell, W. Shockley, and M. Heckman. The SeaView Security Model. In IEEE Symposium on Security and Privacy, Oakland, 1988.
D. Dubois and H. Prade. Possibility Theory: an approach to computerized processing of uncertainty. Plenum Press, 1988.
T. Garvey, T. Lunt, X. Qian, and M. Stickel. Toward a Tool to Detect and Eliminate Inference Problems in the Design of Multilevel Databases. In Proc. of the Sixth IFIP WG 11.3 Working Conference on Database Security, Vancouver, 1992.
T. D. Garvey and T. F. Lunt. Cover Stories for Database Security. In S. Jajodia and C. Landwehr, editors, Database Security, 5: Status and Prospects. North-Holland, 1992. Results of the IFIP WG 11.3 Workshop on Database Security.
T. D. Garvey, T. F. Lunt, and M. E. Stickel. Abductive and Approximate Reasoning Models for Characterizing Inference Channels. In Proc. of the computer security foundations workshop, Franconia, 1991.
J. Glasgow and G. McEwen. Reasoning about knowledge and permission in secure distributed systems. In Proc. of the computer security foundations workshop, Fianconia, 1988.
J. Goguen and J. Meseguer. Unwinding and Inference Control. In IEEE Symposium on Security and Privacy, Oakland, 1984.
M. J. Grohn. A model of a protected data management system. Technical Report ESD-TR-76-289, I. P. Sharp Associates Ltd., Bedford, Mass, 1976.
J. Guttman and M. Nadel. What needs securing. In Proc. of the computer security foundations workshop, Franconia, 1988.
J. T. Haigh, R. C. O'Brien, P. D. Stachour, and D. L. Toups. The LDV Approach to Database Security. In D. L. Spooner and C. Landwehr, editors, Database Security, III: Status and Prospects. North-Holland, 1990. Results of the IFIP WG 11.3 Workshop on Database Security.
T. H. Hinke. Inference Aggregation Detection in Database Management Systems. In IEEE Symposium on Security and Privacy, Oakland, 1988.
T. H. Hinke and M. Schaeffer. Secure data management system. Technical Report RADC-TR-75-266, System Development Corporation, 1975.
T. Imielinski and W. Lipski. Incomplete information in relational databases. JACM, 31(4), October 1984.
S. Jajodia and R. Sandhu. Polyinstatiation Integrity in Multilevel Relations. In IEEE Symposium on Security and Privacy, Oakland, 1990.
B. W. Lampson. A note on the confinement problem. Communication of the Association for Computing Machinery, 16(10):613–615, 1973.
K.-C. Liu and R. Sunderraman. General indefinite and maybe information in relational databases. In R. Ritter, editor, Information processing 89, pages 809–814, New-York, 1989. Elsevier.
R. Sandhu and S. Jajodia. Honest Databases That Can Keep Secrets. In Proceedings of the 14th National Computer Security Conference, Washington, D.C., 1991.
G. Shafer. A Mathematical Theory of Evidence. Princeton University Press, 1976.
G. W. Smith. Multilevel Secure Database Design: A Practical Application. In Fifth Annual Computer Security Applications Conference, Tucson, Arizona, 1989.
D. Sutherland. A Model of Information. In Proceedings of the 9th National Computer Security Conference, 1986.
B. Thuraisingham, W. Ford, M. Collins, and J. O'Keefe. Design and implementation of a database inference controller. Data & Knowledge Engineering, 11(3), December 1993.
G. Trouessin. Quantitative Evaluation of Confidentiality by Entropy Calculation. In Proc. of the computer security foundations workshop, Franconia, 1991.
R. A. Whitehurst and T. F. Lunt. The Seaview Verification. In Proc. of the computer security foundations workshop, Fianconia., 1989.
L. A. Zadeh. Fuzzy Sets as a Basis for a Theory of Possibility. Fuzzy Sets and Systems, 1, 1978.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cuppens, F., Trouessin, G. (1994). Information flow controls vs inference controls: An integrated approach. In: Gollmann, D. (eds) Computer Security — ESORICS 94. ESORICS 1994. Lecture Notes in Computer Science, vol 875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58618-0_78
Download citation
DOI: https://doi.org/10.1007/3-540-58618-0_78
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58618-0
Online ISBN: 978-3-540-49034-0
eBook Packages: Springer Book Archive