Skip to main content
Conference ProceedingsOPEN ACCESS

Confidentiality policies and their enforcement for controlled query evaluation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2002) 2502 39-55
DOI: 10.1007/3-540-45853-0_3
9Citations
Citations of this article
18Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

An important goal of security in information systems is confidentiality. A confidentiality policy specifies which users should be forbidden to acquire what kind of information, and a controlled query evaluation should enforce such a policy even if users are able to reason about a priori knowledge and the answers to previous queries. We put the following aspects into a unifying and comprehensive framework: formal models of confidentiality policies based on potential secrets or secrecies, user awareness of the policy instance, and enforcement methods applying either lying or refusal, or a combination of lying and refusal. Two new evaluation methods are introduced. Different approaches are systematically compared and evaluated.

Author supplied keywords

Cite

CITATION STYLE

APA

Biskup, J., & Bonatti, P. (2002). Confidentiality policies and their enforcement for controlled query evaluation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2502, pp. 39–55). Springer Verlag. https://doi.org/10.1007/3-540-45853-0_3

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free