12,489 Hits in 4.8 sec

Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control [chapter]

Joachim Biskup, Jan-Hendrik Lochner
Lecture Notes in Computer Science  
pno.confidentiality salary of employee Smith (2000 $) is to be kept secret enforced by access control mechanisms inference problem "clever queries" possibly reveal secrets pno.: 12345 name: Smith pno.  ...  Lochner: Enforcing Confidentiality in Relational Databases Motivation Framework AC w/ Class. Instances Conclusion Databases Security Languages Motivation Framework AC w/ Class.  ...  Then, access control with classification instances is secure with respect to pot sec.  ... 
doi:10.1007/978-3-540-75496-1_27 fatcat:m33sauugjnayjkx5j62lu5qzwi

Database Security and Privacy [chapter]

Sabrina De Capitani, Sara Foresti, Sushil Jajodia, Pierangela Samarati
2014 Computing Handbook, Third Edition  
When the data are managed by an external third party, the problem of how to enforce the access control policy defined by the owner becomes crucial.  ...  : i) data confidentiality, ii) efficient evaluation of users' queries at the server-side, and iii) access control enforcement.  ...  Confidentiality constraint: Subset of attributes in a relation schema R that should not be jointly visible to unauthorized users.  ... 
doi:10.1201/b16768-61 fatcat:2ww5vriigbcavo5uboy3hnztze


2011 International Journal of Semantic Computing (IJSC)  
programming language-based approaches to mobile code certification and data confidentiality enforcement are discussed.  ...  Past and current research on the application of semantic web technologies for policy management and inference control, the application of data mining technologies for intrusion and malware detection, and  ...  A hallmark of this work was the development of inference controllers that protect relational database systems from confidentiality attacks that infer secrets from non-confidential data.  ... 
doi:10.1142/s1793351x11001201 fatcat:5yddnb5kgngfnpy3urke6ulwai

Review of Context Aware Access Control Approaches on Web Data

Rajni Baghla, Rekha Bhatia
2016 International Journal of Computer Applications  
In this paper the various access control scheme and its models to attain the confidentiality, integrity and possibility of objectives of database security in the organization are discussed.  ...  Since personal information of the user is subject to cyber crimes therefore, database level privacy is a fundamental requirement to protect the data.  ...  or access control rule, the policy enforcement carries out in less than 35ms  ... 
doi:10.5120/ijca2016911168 fatcat:dj2fj2jo45c7rpggpjgan27vaa

Information flow controls vs inference controls: An integrated approach [chapter]

F. Cuppens, G. Trouessin
1994 Lecture Notes in Computer Science  
But we show that it is possible to extend causality so that inference can in fact be solved by formalizing the security policy consistency in the following way "any information must not be both permitted  ...  In particular, we show that classical solutions to the inference problem such as use of polyinstantiated databases are not plainly satisfactory, unless the security policy is able to estimate how it is  ...  Acknowledgement We would like to thank the DRET for its support, Jill Manning for her help, and the anonymous referees for their comments on a previous draft of this paper.  ... 
doi:10.1007/3-540-58618-0_78 fatcat:hcyq6hpe7bax7ghuvcypifjrwu

Optimization of the Controlled Evaluation of Closed Relational Queries [chapter]

Joachim Biskup, Jan-Hendrik Lochner, Sebastian Sonntag
2009 IFIP Advances in Information and Communication Technology  
For relational databases, controlled query evaluation is an effective inference control mechanism preserving confidentiality regarding a previously declared confidentiality policy.  ...  In this paper, we propose an optimized framework for controlled query evaluation in relational databases, being efficiently implementable on the one hand and relaxing the constraints of previous approaches  ...  Inference Control in Relational Databases Security in relational databases in general and confidentiality in particular has been investigated from various perspectives. Early approaches, e. g.  ... 
doi:10.1007/978-3-642-01244-0_19 fatcat:jbz7jfazrrhf5ngmedn444wbry

Chasing after Secrets in Relational Databases

Joachim Biskup, Sven Hartmann, Sebastian Link, Jan-Hendrik Lochner
2010 Alberto Mendelzon Workshop on Foundations of Data Management  
Inference control can guarantee confidentiality but is costly to implement. Access control can be implemented efficiently but cannot guarantee confidentiality.  ...  We characterize the situation in which it becomes possible to infer secrets without any violation of a given access control policy.  ...  In these cases costly inference control can be reduced to an efficient form of access control, called "natural" in the following.  ... 
dblp:conf/amw/BiskupHLL10 fatcat:vekphyclqvfxxe3ewjzidw63ze

Efficient Inference Control for Open Relational Queries [chapter]

Joachim Biskup, Sven Hartmann, Sebastian Link, Jan-Hendrik Lochner
2010 Lecture Notes in Computer Science  
We present a control mechanism for preserving confidentiality in relational databases under open queries.  ...  This mechanism is based on a reduction of costly inference control to efficient access control that has recently been developed for closed database queries.  ...  Related Work Early approaches to security in relational databases mainly focused on discretionary access control (DAC), either by granting privileges to database users with data annotated by the respective  ... 
doi:10.1007/978-3-642-13739-6_11 fatcat:wpa5pwpi3rhqjjkju6gou5ttg4

Security Implications of Distributed Database Management System Models [article]

C.Sunil Kumar, J.Seetha, S.R.Vinotha
2014 arXiv   pre-print
The most important of these factors are single and multilevel access controls (MAC), protection and integrity maintenance.  ...  In this paper, the security strengths and weaknesses of both database models and the thorough problems initiate in the distributed environment are conversed.  ...  Acknowledgements The author would like to express their sincere gratitude to the Management of Dhanalakshmi College of Engineering, Chennai for their constant encouragement and co-operation.  ... 
arXiv:1401.7733v1 fatcat:sfskajpc2nc3fgynp7gksvjon4

Security Implications of Distributed Database Management System Models

Charupalli Sunil, J Seetha, S.R. Vinotha
2012 International Journal of Soft Computing and Software Engineering [JSCSE]  
The most important of these factors are single and multilevel access controls (MAC), protection and integrity maintenance.  ...  respect to security.  ...  Acknowledgements The author would like to express their sincere gratitude to the Management of Dhanalakshmi College of Engineering, Chennai for their constant encouragement and co-operation.  ... 
doi:10.7321/jscse.v2.n11.3 fatcat:4hsbm2k7nreyboucqeonkymigq

Advanced Access Control to Information Systems: Requirements, Compliance and Future Directives [chapter]

Faouzi Jaidi
2017 Advances in Security in Computing and Communications  
The chapter deals mainly with the thematic of advanced access control to IS and particularly to relational databases.  ...  Finally, we provide and discuss proposals and directives to enhance provably secure and compliant access control schemes as a main characteristic of future IS.  ...  enforcement Inference (indirect access) Fail to deal with inferences Fail to deal with inferences Fail to deal with inferences Requires specific study to each model Transitivity No  ... 
doi:10.5772/intechopen.69329 fatcat:kzibhgpuybh53iueqrtbjnptcy

Managing and accessing data in the cloud: Privacy risks and approaches

Sabrina De Capitani di Vimercati, Sara Foresti, Pierangela Samarati
2012 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)  
We will illustrate risks, solutions, and open problems related to ensuring privacy of users accessing services or resources in the cloud, sensitive information stored at external parties, and accesses  ...  As a matter of fact, the advancements in the Information Technology and the diffusion of novel paradigms such as data outsourcing and cloud computing, while allowing users and companies to easily access  ...  This work was supported in part by the Italian Ministry of Research within the PRIN 2008 project "PEPPER" (2008SY2PH4).  ... 
doi:10.1109/crisis.2012.6378956 dblp:conf/crisis/VimercatiFS12 fatcat:iostep5swbac3owyhskrs3oi24

Confidentiality Policies for Controlled Query Evaluation [chapter]

Joachim Biskup, Torben Weibert
2007 Lecture Notes in Computer Science  
Controlled Query Evaluation (CQE) is an approach to enforcing confidentiality in information systems at runtime.  ...  We give a formal definition of such confidentiality policies, and show how to enforce them by reusing the existing methods for CQE.  ...  Confidentiality can be achieved by various methods, which can be divided into two categories: access control, which us usually implemented by static access rights, and information flow control, which is  ... 
doi:10.1007/978-3-540-73538-0_1 fatcat:vnb3sgoxyba5nfcdzslyqep72e

Access control to materialized views

Sarah Nait Bahloul, Emmanuel Coquery, Mohand-Saïd Hacid
2011 Proceedings of the 2011 Joint EDBT/ICDT Ph.D. Workshop on - PhD '11  
Several techniques and models have been proposed to control access to databases, but to our knowledge the problem of automatically generating from access control rules defined over base relations the applicable  ...  In this context, issues related to confidentiality, integrity and availability of the data arise with a crucial importance, whether in economic, legal or medical domains.  ...  Acknowledgments This work is partially supported by the Rhône-Alpes Region, Cluster ISLE (Informatique, Signal, Logiciel Embarqué).  ... 
doi:10.1145/1966874.1966878 dblp:conf/edbt/BahloulCH11 fatcat:uiy2qhimtndgzceiyupwfexgum

Secure Databases: An Analysis of Clark-Wilson Model in a Database Environment [chapter]

Xiaocheng Ge, Fiona Polack, Régine Laleau
2004 Lecture Notes in Computer Science  
The paper explores common security models, and their relevance to databases. It demonstrates how security-relevant concepts can be extracted during a conventional database development.  ...  Information systems are vulnerable to accidental or malicious attacks.  ...  Our research focuses on database integrity, and those aspects of confidentiality that relate to data protection, namely access control.  ... 
doi:10.1007/978-3-540-25975-6_18 fatcat:gcm6ocgdo5drbnk3ddg2igjcqi
« Previous Showing results 1 — 15 out of 12,489 results