Inferring Secret Information in Relational Databases

Stefan Böttcher

Abstract

We formalize the problem of finding information leaks in multi-user database systems, and we reduce this problem to the problem of inferring secret answers to database queries from other answers to database queries and a set of given Boolean integrity constraints. Furthermore, we investigate some sufficient conditions under which the answer to a query can be inferred from a previously answered set of database queries and a set of Boolean integrity constraints. Finally, show that the problem of finding information leaks is NP-hard, and we suggest a reformulation of the problem as a query composition and simplification problem.

References

  1. Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu: Hippocratic Databases. VLDB 2002, Hong Kong, 2002.
  2. Rakesh Agrawal, Roberto J. Bayardo Jr., Christos Faloutsos, Jerry Kiernan, Ralf Rantzau, Ramakrishnan Srikant: Auditing Compliance with a Hippocratic Database. VLDB 2004, Toronto, Canada, 2004.
  3. Foto Afrati, Chen Li and Prasenjit Mitra: On Containment of Conjunctive Queries with Arithmetic Comparisons. EDBT 2004, Heraklion, Crete, Greece, 2004.
  4. Stefan Böttcher, Rita Steinmetz. Information Disclosure by XPath Queries. 3rd International Workshop on Secure Data Management 2006 (SDM). Seoul, Korea, 2006.
  5. Garey, M.R., Johnson, D.S.: Computers and intractability. Bell Labs, 1979.
  6. Anthony Klug: Locking Expressions for Increased Database Concurrency. Journal of the Association for Cornputmg Machinery, Vol 30, No I, January 1983, pp 36-54.
  7. Ashwin Machanavajjhala, Johannes Gehrke, Daniel Kifer: l-Diversity: Privacy Beyond kAnonymity. ICDE, Atlanta, USA, 2006.
  8. D. W. Loveland: Automated Theorem Proving: A Logical Basis. North Holland, 1978.
  9. Chao Yao, Xiaoyang Sean Wang, Sushil Jajodia: Checking for k-Anonymity Violation by Views. VLDB 2005, Trondheim, Norway, 2005.
Download


Paper Citation


in Harvard Style

Böttcher S. (2007). Inferring Secret Information in Relational Databases . In Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007) ISBN 978-972-8865-96-2, pages 179-187. DOI: 10.5220/0002437501790187


in Bibtex Style

@conference{wosis07,
author={Stefan Böttcher},
title={Inferring Secret Information in Relational Databases},
booktitle={Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)},
year={2007},
pages={179-187},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002437501790187},
isbn={978-972-8865-96-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)
TI - Inferring Secret Information in Relational Databases
SN - 978-972-8865-96-2
AU - Böttcher S.
PY - 2007
SP - 179
EP - 187
DO - 10.5220/0002437501790187