Title: Inference-usability confinement by maintaining inference-proof views of an information system

Authors: Joachim Biskup

Addresses: Technische Universität Dortmund, D-44221 Dortmund, Germany

Abstract: Extending traditional access control and complementing emerging usage control, inference-usability confinement aims at customising sensitive data to be returned to a client in such a way that the manipulated items are still useful for the recipient but do not enable any usage beyond the intended ones. In the context of a logic-oriented information system, a confinement mechanism generates an inference-proof view of the actually stored instance(s) while interacting with a client. We survey our specific approach to policy-driven inference-usability confinement for a server-client architecture, discussing various parameters and the resulting confinement mechanisms. Basically, the confinement is achieved by enforcing an invariant of the following kind: at any point in time, the information content of the data available to a client does not violate any protection requirement expressed by a declarative confidentiality policy. In this context, the information content of data and, accordingly, the inference-proofness of such data crucially depend on the client's a priori knowledge, general reasoning capabilities and awareness of the confinement mechanism.

Keywords: combined approach; confidentiality policy; control mechanisms; indistinguishability properties; inference-usability confinement; inference-proof view; information systems; interaction history; lying approach; refusal approach; privacy; security; access control; usage control; server-client architecture.

DOI: 10.1504/IJCSE.2012.046178

International Journal of Computational Science and Engineering, 2012 Vol.7 No.1, pp.17 - 37

Available online: 29 Mar 2012

Full-text access for editors Access for subscribers Purchase this article Comment on this article