An axiomatic interpretation of confidentiality demands in logic-based relational databases

Spalka, Adrian; Cremers, Armin B.

doi:10.1007/BFb0031748

Adrian Spalka¹ &
Armin B. Cremers¹

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1154))

Included in the following conference series:

International Workshop on Logic in Databases

137 Accesses
1 Citations

Abstract

Secure multilevel relational database models based on Bell and La Padula's interpretation of mandatory security policies suffer from severe semantic problems. We claim that the intention of these policies can be reduced to a single generic confidentiality demand. We interpret it in the context of a logic-based database as a distortion of the intended model and state it as an axiom in addition to the axioms of a relational database. We then show that many security properties can already be proved from these few axioms. These properties characterise a mandatory-security-policy-conforming database with an unequivocal semantics of the data and a notion of integrity identical to that of relational databases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bell, David Elliott, and Leonard J. La Padula. (1975) Secure computer system: Unified exposition and multics interpretation. MITRE Technical Report 2997. MITRE Corp, Bedford, MA
Google Scholar
Bonatti, Piero, Sarit Kraus and V.S. Subrahmanian. (1992) ‘Declarative Foundations of Secure Deductive Databases'. Ed Joachim Biskup and Richard Hull. 4th International Conference on Database Theory — ICDT'92. LNCS, vol 646. Berlin, Heidelberg: Springer-Verlag. pp 391–406. [Also in: IEEE Transactions on Knowledge and Data Engineering 7.3 (1995):406–422.]
Google Scholar
Bonyun, David A. (1980) ‘The Secure Relational Database Management System Kernel: Three Years After'. 1980 IEEE Symposium on Security and Privacy. IEEE Computer Society Press. pp 34–37.
Google Scholar
Bourbaki, Nicolas. (1968) Theory of Sets. Paris: Hermann.
Google Scholar
Cremers, Armin B., Ulrike Griefahn and Ralf Hinze. (1994) Deduktive Datenbanken. Braunschweig: Vieweg.
Google Scholar
Denning, Dorothy E., Teresa F. Lunt, Roger R. Schell, Mark Heckman and William R. Shockley. (1987) ‘A Multilevel Relational Data Model'. 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society Press. pp 220–234.
Google Scholar
-,-,-, William R. Shockley and Mark Heckman. (1988) ‘The SeaView Security Model'. 1988 Symposium on Security and Privacy. IEEE Computer Society Press. pp 218–233.
Google Scholar
Feiertag, R.J., K.N. Levitt and L. Robinson. (1977) ‘Proving multilevel security of a system design'. 6th ACM Symposium on Operating System Principles. ACM SIGOPS Operating System Review 11.5:57–65.
Google Scholar
Graubart, Richard D., and John P.L. Woodward. (1982) ‘A Preliminary Naval Surveillance DBMS Security Model'. 1982 IEEE Symposium on Security and Privacy. IEEE Computer Society Press. pp 21–37.
Google Scholar
Landwehr, Carl E. (1981) ‘Formal Models for Computer Security'. ACM Computing Surveys 13.3:247–278.
Google Scholar
Qian, Xiaolei. (1994) ‘Inference Channel-Free Integrity Constraints in Multilevel Relational Databases'. 1994 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press. pp 158–167.
Google Scholar
-and Teresa F. Lunt. (1992) ‘Tuple-level vs. element-level classification'. Ed Bhavani M. Thuraisingham and Carl E. Landwehr. Database Security VI. IFIP WG11.3 Workshop on Database Security 1993. Amsterdam: North-Holland, 1993. pp 301–315.
Google Scholar
Sicherman, George L., Wiebren de Jonge and Reind P. van de Riet. (1983) ‘Answering Queries Without Revealing Secrets'. ACM Transactions on Database Systems 8.1:41–59.
Google Scholar
Spalka, Adrian. (1994) ‘Secure Logic Databases Allowed to Reveal Indefinite Information on Secrets'. Ed Joachim Biskup, Matthew Morgenstern and Carl E. Landwehr. Database Security VIII. IFIP WG11.3 Working Conference on Database Security 1994. Amsterdam: North-Holland. pp 297–316.
Google Scholar
-. (1996a) A Study of the Extensibility of Logic-Based Databases with Confdentiality Capabilities. PhD Thesis. Universtity of Bonn, Germany.
Google Scholar
-. (1996b) ‘The Non-Primitiveness of the Simple-Security Property and its Non-Applicability to Relational Databases'. 9th IEEE Computer Security Foundations Workshop 1996. IEEE Computer Society Press.
Google Scholar
Winslett, Marianne, Kenneth Smith and Xiaolei Qian. (1994) ‘Formal Query Languages for Secure Relational Databases'. ACM Transactions on Database Systems 19.4:626–662.
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science III, University of Bonn, Roemerstrasse 164, D-53117, Bonn, Germany
Adrian Spalka & Armin B. Cremers

Authors

Adrian Spalka
View author publications
You can also search for this author in PubMed Google Scholar
Armin B. Cremers
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Dino Pedreschi Carlo Zaniolo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Spalka, A., Cremers, A.B. (1996). An axiomatic interpretation of confidentiality demands in logic-based relational databases. In: Pedreschi, D., Zaniolo, C. (eds) Logic in Databases. LID 1996. Lecture Notes in Computer Science, vol 1154. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0031748

Download citation

DOI: https://doi.org/10.1007/BFb0031748
Published: 26 June 2005
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61814-0
Online ISBN: 978-3-540-70683-0
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics