An Effective and Efficient Inference Control System for Relational Database Queries
Loading...
Date
2011-02-16
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Protecting confidential information in relational databases while ensuring availability of
public information at the same time is a demanding task. Unwanted information flows
due to the reasoning capabilities of database users require sophisticated inference control
mechanisms, since access control is in general not sufficient to guarantee the preservation
of confidentiality. The policy-driven approach of Controlled Query Evaluation (CQE)
turned out to be an effective means for controlling inferences in databases that can be
modeled in a logical framework. It uses a censor function to determine whether or not
the honest answer to a user query enables the user to disclose confidential information
which is declared in form of a confidentiality policy. In doing so, CQE also takes answers
to previous queries and the user’s background knowledge about the inner workings of the
mechanism into account.
Relational databases are usually modeled using first-order logic. In this context, the
decision problem to be solved by the CQE censor becomes undecidable in general because
the censor basically performs theorem proving over an ever growing user log. In this
thesis, we develop a stateless CQE mechanism that does not need to maintain such a user
log but still reaches the declarative goals of inference control. This feature comes at the
price of several restrictions for the database administrator who declares the schema of the
database, the security administrator who declares the information to be kept confidential,
and the database user who sends queries to the database.
We first investigate a scenario with quite restricted possibilities for expressing queries
and confidentiality policies and propose an efficient stateless CQE mechanism. Due to the
assumed restrictions, the censor function of this mechanism reduces to a simple pattern
matching. Based on this case, we systematically enhance the proposed query and policy
languages and investigate the respective effects on confidentiality. We suitably adapt the
stateless CQE mechanism to these enhancements and formally prove the preservation
of confidentiality. Finally, we develop efficient algorithmic implementations of stateless
CQE, thereby showing that inference control in relational databases is feasible for actual
relational database management systems under suitable restrictions.
Description
Table of contents
Keywords
confidentiality, controlled query evaluation, first-order logic, inference control, information security, relational databases