Skip to main content
SpringerLink
Log in

Controlled query evaluation for enforcing confidentiality in complete information systems

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

An important goal of security in information systems is confidentiality. A confidentiality policy specifies which users should be forbidden to acquire what kind of information. A controlled query evaluation should enforce such a policy even if users are able to reason about a priori knowledge and the answers to previous queries. The following aspects are considered: formal models of confidentiality policies based on potential secrets or secrecies, user awareness of the policy instance, and enforcement methods applying either lying or refusal, or a combination thereof. Reconsidering previous work and filling the gaps, we comprehensively treat and compare the resulting 12 cases. Thereby, the assumed completeness of the information system is essentially used.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Biskup J (2000) For unknown secrecies refusal is better than lying. Data Knowl Eng 33:1–23

    Article  Google Scholar 

  2. Biskup J, Bonatti PA (2001) Lying versus refusal for known potential secrets. Data Knowl Eng 38:199–222

    Article  Google Scholar 

  3. Biskup J, Bonatti PA (2002) Controlled query evaluation for known policies by combining lying and refusal. In: Proceedings of the 2nd international symposium on the foundations of information and knowledge systems (FoIKS 02), Schloss Salzau, February 2002. Lecture notes in computer science, vol 2284. Springer, Berlin Heidelberg New York, pp 49–66

  4. Biskup J, Bonatti PA (2002) Confidentiality policies and their enforcement for controlled query evaluation. In: Proceedings of the 7th European symposium on research in computer security (ESORICS 02), Zurich, October 2002. Lecture notes in computer science, vol 2502, Springer, Berlin Heidelberg New York, pp 39–54

  5. Bonatti PA, Kraus S, Subrahmanian VS (1995) Foundations of secure deductive databases. IEEE Trans Knowl Data Eng 7(3):406–422

    Article  Google Scholar 

  6. Castano S, Fugini M, Martella G, Samarati P (1994) Database security. Addison-Wesley, Reading, MA

  7. Denning DE (1982) Cryptography and data security. Addison-Wesley, Reading, MA

  8. Lloyd JW (1987) Foundations of logic programming. Springer, Berlin Heidelberg New York

  9. Shoenfield JR (1967) Mathematical logic. Addison-Wesley, Reading, MA

  10. Sicherman GL, de Jonge W, van de Riet RP (1983) Answering queries without revealing secrets. ACM Trans Database Sys 8(1):41–59

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fachbereich Informatik, Universität Dortmund, 44221, Dortmund, Germany

    Joachim Biskup

  2. Sezione di Informatica, Università di Napoli “Frederico II”, 80126, Napoli, Italy

    Piero Bonatti

Authors
  1. Joachim Biskup
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Piero Bonatti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joachim Biskup.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Biskup, J., Bonatti, P. Controlled query evaluation for enforcing confidentiality in complete information systems. IJIS 3, 14–27 (2004). https://doi.org/10.1007/s10207-004-0032-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-004-0032-1

Keywords

Search

Navigation