Authors: Wiese, Lena
Title: Preprocessing for controlled query evaluation in complete first-order databases
Language (ISO): en
Abstract: This dissertation investigates a mechanism for confidentiality preservation in first-order logic databases. The logical basis is given by the inference control framework of Controlled Query Evaluation (CQE). Beyond traditional access control, CQE incorporates an explicit representation of a user's knowledge and his ability to reason with information; it hence prevents disclosure of confidential information that would occur due to inferences drawn by the user. This thesis pioneers a new approach in the CQE context: An unprotected database instance is transformed into an inference-proof instance that does not reveal confidential information; the inference-proof instance formally guarantees confidentiality with respect to a representation of user knowledge and a specification of confidential information. Hence, inference-proofness ensures that all user queries can truthfully be answered by the database; no sequence of responses enables the user to infer confidential information. Due to this concept, query evaluation on the inference-proof instance does not incur any performance degradation. As a second design goal, the availability requirement to maintain as much as possible of the correct information in the input database is accounted for by minimization of a distortion distance. The transformation modifies the input instance to provide the user with a consistent view of the data. The algorithm relies on query evaluation on the database to efficiently identify those tuples that are to be added or deleted. Due to undecidability of the general first-order case, appropriate fragments are analyzed. The formalization is started with universal formulas (for which a restriction to allowed formulas is chosen); it moves on to existential formulas and then finishes up with tuple-generating dependencies accompanied by existential and denial formulas. The due proofs of refutation soundness engage a version of Herbrand's theorem with semantic trees. An effort was made to present a broad background of related work. Last but not least, exposition and analysis of a prototypical implementation prove practicality of the approach.
Subject Headings: Database
Data privacy
Inference control
Confidentiality
Security
Information systems
Logic in information systems
Model generation
First-order logic
Datenbank
Informationssysteme
Sicherheit
Datensicherheit
Vertraulichkeit
Inferenzkontrolle
Logik in Informationssystemen
Modellgenerierung
Logik erster Ordnung
URI: http://hdl.handle.net/2003/26383
http://dx.doi.org/10.17877/DE290R-8309
Issue Date: 2009-08-31T09:33:40Z
Appears in Collections:LS 06 Informationssysteme und Sicherheit (ISSI), Information Engineering (IE)

Files in This Item:
File Description SizeFormat 
Wiese2009Dissertation.pdfDNB1.74 MBAdobe PDFView/Open


This item is protected by original copyright



All resources in the repository are protected by copyright.