Lies, Damned Lies, and Databases

摘要

A data base is expected to give correct and complete answers to queries. However,some applications take confidentiality to an extreme and require the database to deceive some users by supplying incorrect answers. Some requirements for databases which are intended to deceive some users are examined. The effectiveness of three secure database implementation techniques are compared. Example requirements for deceptive databases and security models for three implementation techniques are presented. The suitability of the three techniques is examined with respect to applications which deceive with integrity. Of the three techniques for achieving security in databases described, polyinstantiation is the most widely known technique, but view based classifications and the insert low approach are viable alternatives. Any of these three techniques could be used in a data base management system which supports databases that deceive their users. However, the requirement is not simply for a database that deceives, but for one where the deception is controllable. This is where polyinstantiation is weakest. Its inability to enforce even relatively simple integrity constraints means that cover stories can occur unintentionally. The resulting confusion could have serious consequences. Polyinstantiation is not the only technique for achieving security in databases and the alternatives merit further attention.