Sciweavers

ESORICS
2002
Springer

Confidentiality Policies and Their Enforcement for Controlled Query Evaluation

14 years 11 months ago
Confidentiality Policies and Their Enforcement for Controlled Query Evaluation
Abstract. An important goal of security in information systems is confidentiality. A confidentiality policy specifies which users should be forbidden to acquire what kind of information, and a controlled query evaluation should enforce such a policy even if users are able to reason about a priori knowledge and the answers to previous queries. We put the following aspects into a unifying and comprehensive framework: formal models of confidentiality policies based on potential secrets or secrecies, user awareness of the policy instance, and enforcement methods applying either lying or refusal, or a combination of lying and refusal. Two new evaluation methods are introduced. Different approaches are systematically compared and evaluated.
Joachim Biskup, Piero A. Bonatti
Added 24 Dec 2009
Updated 24 Dec 2009
Type Conference
Year 2002
Where ESORICS
Authors Joachim Biskup, Piero A. Bonatti
Comments (0)