Abstract : Inference control of queries for relational databases confines the information content and thus the usability of data returned to a client, aiming to keep some pieces of information confidential as specified in a policy, in particular for the sake of privacy. In general, there is a tradeoff between the following factors: on the one hand, the expressiveness offered to administrators to declare a schema, a confidentiality policy and assumptions about a client’s a priori knowledge; on the other hand, the computational complexity of a provably confidentiality preserving enforcement mechanism. We propose and investigate a new balanced solution for a widely applicable situation: we admit relational schemas with functional and join dependencies, which are also treated as a priori knowledge, and select-project sentences for policies and queries; we design an efficient signature-based enforcement mechanism that we implement for an Oracle/SQL-system. At declaration time, the inference signatures are compiled from an analysis of all possible crucial inferences, and at run time they are employed like in the field of intrusion detection.
https://hal.inria.fr/hal-01534773 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Thursday, June 8, 2017 - 11:06:38 AM Last modification on : Tuesday, October 20, 2020 - 9:50:13 AM Long-term archiving on: : Saturday, September 9, 2017 - 12:44:40 PM
Joachim Biskup, Sven Hartmann, Sebastian Link, Jan-Hendrik Lochner, Torsten Schlotmann. Signature-Based Inference-Usability Confinement for Relational Databases under Functional and Join Dependencies. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. pp.56-73, ⟨10.1007/978-3-642-31540-4_5⟩. ⟨hal-01534773⟩