Abstract
Controlled query evaluation preserves confidentiality in information systems at runtime. A security policy defines a set of potential secrets to be hidden from a certain user. Each time the user issues a query, a censor checks whether the correct answer would enable the user to infer any of those potential secrets. Given an incomplete information system, the following problem arises: Is it safe to admit that the database cannot provide an answer to a certain query because it lacks the requested information? We show that the answer needs to be refused more often than necessary at first glance, as otherwise the user would be able to make meta level inferences that would lead to a violation of the security policy. A maximally cooperative censor, which preserves confidentiality but only refuses the answer when absolutely necessary, is presented and analyzed. © 2004 Springer Science + Business Media, Inc.
Cite
CITATION STYLE
Biskup, J., & Weibert, T. (2004). Refusal in incomplete databases. In IFIP Advances in Information and Communication Technology (Vol. 144, pp. 143–158). Springer New York LLC. https://doi.org/10.1007/1-4020-8128-6_10
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
