Controlled query evaluation for enforcing confidentiality in complete information systems

摘要

An important goal of security in information systems is confidentiality. A confidentiality policy specifies which users should be forbidden to acquire what kind of information. A controlled query evaluation should enforce such a policy even if users are able to reason about a priori knowledge and the answers to previous queries. The following aspects are considered: formal models of confidentiality policies based on potential secrets or secrecies, user awareness of the policy instance, and enforcement methods applying either lying or refusal, or a combination thereof. Reconsidering previous work and filling the gaps, we comprehensively treat and compare the resulting 12 cases. Thereby, the assumed completeness of the information system is essentially used.