Int. J. of Computational Science and Engineering   »   2012 Vol.7, No.1

 

 

Title: Inference-usability confinement by maintaining inference-proof views of an information system

 

Author: Joachim Biskup

 

Address: Technische Universität Dortmund, D-44221 Dortmund, Germany

 

Abstract: Extending traditional access control and complementing emerging usage control, inference-usability confinement aims at customising sensitive data to be returned to a client in such a way that the manipulated items are still useful for the recipient but do not enable any usage beyond the intended ones. In the context of a logic-oriented information system, a confinement mechanism generates an inference-proof view of the actually stored instance(s) while interacting with a client. We survey our specific approach to policy-driven inference-usability confinement for a server-client architecture, discussing various parameters and the resulting confinement mechanisms. Basically, the confinement is achieved by enforcing an invariant of the following kind: at any point in time, the information content of the data available to a client does not violate any protection requirement expressed by a declarative confidentiality policy. In this context, the information content of data and, accordingly, the inference-proofness of such data crucially depend on the client's a priori knowledge, general reasoning capabilities and awareness of the confinement mechanism.

 

Keywords: combined approach; confidentiality policy; control mechanisms; indistinguishability properties; inference-usability confinement; inference-proof view; information systems; interaction history; lying approach; refusal approach; privacy; security; access control; usage control; server-client architecture.

 

DOI: 10.1504/IJCSE.2012.046178

 

Int. J. of Computational Science and Engineering, 2012 Vol.7, No.1, pp.17 - 37

 

Available online: 29 Mar 2012

 

 

Editors Full text accessAccess for SubscribersPurchase this articleComment on this article