Introduction

Jaideep Vaidya, Ehud Gudes, Jaideep Vaidya, Ehud Gudes
2011 Journal of Computer Security  
objective of this annual conference is to disseminate original research results, development efforts and innovative ideas in the area of data and applications security, and to provide a platform for researchers and practitioners to share their knowledge and experience. The four papers in this Special Issue were invited submissions that were substantially extended for journal publication and subjected to the customary review process of the Journal of Computer Security. These four papers address
more » ... ifferent levels of data protection: enabling inference proof view updates and view refreshes, enabling efficient protection of privacy in outsourced databases, presenting a semantics-based automated reasoning approach for detecting security threats, and enabling efficient enforcement of spatiotemporal access control when the precise locations cannot be stated. The first paper, "Inference-proof view update transactions with forwarded refreshments" by Joachim Biskup, Christian Gogolin, Jens Seiler and Torben Weibert, examines the problem of making view updates inference proof. It provides a formal specification of the goal of inference-proofness in terms of indistinguishability, and extends the inference control method of controlled query evaluation with lying (which only applies to static information systems) to correctly handle view updates and view refreshes. The key idea is to only allow updates that do not cause consistency or confidentiality problems. The update is denied if it causes a consistency problem but the denial does not lead to inference. However, when the update can create consistency problems and a denial would lead to confidentiality problems, the server lies and notifies the client that the update is successful, without actually carrying it out. The server may also lie and claim that the update is already compatible with the database, if that is necessary to guarantee confidentiality. The paper also develops protocols that can handle view update transactions. The second paper, "Selective data outsourcing for enforcing privacy" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi and Pierangela Samarati, presents an approach for preserving privacy requirements in an outsourced database. The approach taken in the paper is based on fragmentation of tables/relations in the database. However, unlike existing approaches, the paper does not require encryption of sensitive attributes in the different fragments to prevent association attacks. Rather, the paper relies on the data owner to store a fragment of the relation locally, ensuring that at least one of the attribute in the confidentiality constraint is stored locally, thus breaking the association with 0926-227X/11/$27.50
doi:10.3233/jcs-2011-0427 fatcat:wfotqaoqc5djfa5fjoqh3oa5we