Abstract
This paper presents formally how the covert channel unavoidably opened by checking integrity constraints is exploitable to unveil unreadable data and is thus the source of tension between confidentiality and integrity. Only discretionary confidentiality models which independantly grant the READ and the UPDATE privileges on data items and transition rules (a special case of transition integrity constraints) are considered here. Because of a relational representation of transition rules and the introduction of the concept of saturation, unveiling is simply a relational query. Unveiling is exact or partial — several possible values are returned — depending on the mathematical properties of the transition rules.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bancilhon, F., Spyratos, N., Protection of Information in Relational Data Bases, VLDB, 1977.
Bertino, E., Weigand, H., An Approach to Authorization Modeling in Object Oriented Database Systems, Data &Knowledge Engineering, volume 12, Number 1, February 1994.
Bussolati, U., Fugini, M.G, Martella, G., A Conceptual Framework for Security System Design, Proc. 9th IFIP World Conf., Paris, September 1983.
Castano, S., Fugini, M., Giancarlo, M., Pierangela, S., Database Security, Addison Wesley, 1994.
Delannoy, X., La Cohérence dans les Bases de Données, Research Report RR-936I, University of Grenoble (France), IMAG-TIMC Lab., November 1994.
Delannoy, X., The Tension Between Transition Rules and Confidentiality, Research Report, University of Grenoble (France), IMAG-TIMC Lab., January 1996.
Gardarin, G., Valduriez, P., SGBD Relationels: Analyse et Compararaison des Bases de Données, Eyrolles, 1989.
Greffen, P., Apers, P., Integrity Control in Relational Database Systems — An Overview, Data & Knowledge Engineering, 10 (1993), p187–223, North Holland, 1993.
Griffiths, P., Bradford, W., An Authorization Mechanism for a Relational Database System, ACM Transactions on Database Systems, Vol. 1, No. 3, page 242–255, September 1976.
Fugini, M. G., Martella, G., ACTEN: A Conceptual Model for Security System Design, Computers and Security, Elsevier (North Holland), 3(3), 1984.
Ingres manuals, Release 4.55, Computer Associate, 1993.
Manna, Z., Pnueli, A., The Temporal Logic of Reactive and Concurrent Systems-Specification —, Springer-Verlag, 1991.
Mazumdar, S., Stemple, D., Shread, T., Resolving the Tension between Integrity and Security Using a Theorem Prover, ACM SIGMOD, 1988.
Melton, J., Personal correspondance with Jim Melton, Senior Architect of Standards for Sybase Corp. and Editor of the ISO SQL-92 and emerging SQL-3 standards, December 1995.
Morgenstern, M., Security and Inference in Multilevel Database and Knowledge-Based Systems, Proceedings of Association for Computing Machinery Special Interest Group on Management of Data, 1987.
Oracle Manuals, Release 7, Oracle Corp., 1995.
Information Technology — Database Language SQL, Third Edition, ISO/IEC 9075 (and 1994 addendum), 1992.
Database Language SQL (SQL3), ISO-ANSI Working Draft, ANSI TC X3H2, ISO/IEC JTC 1/SC 21/WG 3, August 1994.
Wiseman, S., Terry, P., Wood, A., Harrold, C., The Trusted Path between SMITE and the User, IEEE Symposium on Security and Privacy, April 18–21, Oakland, 1988.
Wiseman, S., The trouble with Secure Databases, Procs. MILCOMP'89, London, September 1989.
Wiseman, S., On the Problem of Security in Data Bases, Database Security III, Status and Prospects, Results of the IFIP WG 11.3 Workshop on Database Security, September 1989.
Wiseman, S., Control of Confidentiality in Databases, Computers and Security, Vol. 9, No.6, October 1990.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Delannoy, X.C. (1996). Understanding the tension between transition rules and confidentiality. In: Morrison, R., Kennedy, J. (eds) Advances in Databases. BNCOD 1996. Lecture Notes in Computer Science, vol 1094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-61442-7_6
Download citation
DOI: https://doi.org/10.1007/3-540-61442-7_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61442-5
Online ISBN: 978-3-540-68589-0
eBook Packages: Springer Book Archive