This Article 
 Bibliographic References 
 Add to: 
Foundations of Secure Deductive Databases
June 1995 (vol. 7 no. 3)
pp. 406-422

Abstract—In this paper, we develop a formal logical foundation for secure deductive databases. This logical foundation is based on an extended logic involving several modal operators. We develop two models of interaction between the user and the database called “yes-no” dialogs, and “yes-no-don’t know” dialogs. Both dialog frameworks allow the database to lie to the user. We develop an algorithm for answering queries using yes-no dialogs and prove that secure query processing using yes-no dialogs is NP-complete. Consequently, the degree of computational intractability of query processing with yes-no dialogs is no worse than for ordinary databases. Furthermore, the algorithm is maximally cooperative to user in the sense that lying is resorted to only when absolutely necessary. For Horn databases, we show that secure query processing can be achieved in linear time - hence, this is no more intractable than the situation in ordinary databases. Finally, we identify necessary and sufficient conditions for the database to be able to preserve security. Similar results are also obtained for yes-no-don’t know dialogs.

[1] N.R. Adam and J.C. Wortmann, “Security-Control Methods for Statistical Databases: A Comparative Study,” ACM Computing Surveys, vol. 21, pp. 515-556, 1989.
[2] F. Bancilhon and N. Spyratos,“Protection of information in relational data bases,” Proc. Intl Symp. Very Large Data Bases,Tokyo, pp. 494-500, 1977.
[3] F. Bancilhon, D. Maier, Y. Sagiv, and J.D. Ullman, "Magic Sets and Other Strange Ways to Implement Logic Programs," Proc. Fifth ACM PODS Symp. Principles of Database Systems, pp. 1-15, 1986.
[4] C. Bell, A. Nerode, R. Ng, and V.S. Subrahmanian, "Implementing Deductive Databases by Linear Programming," Proc. ACM SIGACT/SIGART/SIGMOD Symp. Principles of Database Systems, pp. 283-292, 1992. Available as Univ. of Maryland Technical Report CS-TR-2747, 1991.
[5] P. Bieber and F. Cuppens,“A definition of secure dependencies using the logic of security,” Proc. Computer Security Foundations Workshop IV, IEEE Press, 1991.
[6] J. Biskup and H.H. Bruggemann,“The personal model of data: Towards a privacy-oriented informationsystem,” Computers and Security, vol. 7, pp. 575-597, 1988.
[7] P. Bonatti,S Kraus,, and V.S. Subrahmanian,“Declarative foundations of secure deductive databases,” Univ. of Maryland Tech. Report, UMIACS TR 92-73 CS TR 2922, 1992.
[8] B.F. Chellas,Modal logic: An introduction, Cambridge Univ. Press, Cambridge, 1980.
[9] F. Cuppens,“A modal logic framework to solve aggregation problems,” S. Jajodia and C. Landwehr, eds., Database Security, vol. 5: Status and Prospects, NorthHolland, 1992.
[10] D.E.R. Denning, Cryptography and Data Security. Addison-Wesley, 1983.
[11] D.E. Denning and M. Morgenstern,“Military database technology study: AI techniques for security andreliability,” SRI Int’l Tech. Report-Project 1644, 1986.
[12] D. Denning,T.F. Lunt,R.R. Schell,M. Heckman,, and W. Shockley,“A multilevel relational data model,” Proc. IEEE Symp. Security and Privacy,Oakland, Calif., pp. 46-56, 1987.
[13] W.F. Dowling and J. Gallier,“Linear-time algorithms for testing the satisfiability of propositionalHorn formulae,” J. Logic Programming, vol. 1, no. 3, pp. 267-284, 1984.
[14] M.R. Garey and D.S. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness.New York: W.H. Freeman, 1979.
[15] J. Gray and P. Syverson,“A logical approach to multilevel security of probabilisticsystems,” Proc. IEEE Computer Society Symp. Research in Security and Privacy,Oakland, Calif., May 1992.
[16] F. Hillier and G. Lieberman,Operations research, Holden-Day, 1974.
[17] S. Jajodia and R. Sandhu, "Polyinstantiation Integrity in Multilevel Relations," Proc. IEEE Symp. Research Security and Privacy, pp. 104-115, 1990.
[18] S. Kraus,D. Lehmann,, and M. Magidor,“Nonmonotonic reasoning, preferential models, and cumulativelogics,” Artificial Intelligence, vol. 44, pp. 167-207, 1990.
[19] J.W. Lloyd, Foundations of Logic Programming, Springer Series in Symbolic Computation, second ed. New York: Springer-Verlag, 1987.
[20] A. Nerode,W. Marek,, and V.S. Subrahmanian,“Logic programming and non-monotonic reasoning,” Proc. First Int’l Workshop, MIT Press, 1991.
[21] A. Nerode, R.T. Ng, and V.S. Subrahmanian, "Computing Circumscriptive Databases, Part I: Theory and Algorithms," Information and Computation, vol. 116, no. 1, pp. 58-90, 1995.
[22] D. Sacca and C. Zaniolo, “On the Implementation of a Simple Class of Logic Queries for Databases,” Proc. Fifth ACM SIGMOD-SIGACT Symp. Principles of Database Systems, pp. 16-23, 1986.
[23] J. Shoenfield,Mathematical Logic, Addison Wesley, 1967.
[24] G. Sicherman,W. de Jonge,, and R.P. van de Riet,“Answering queries without revealing secrets,” ACM Trans. Database Systems, vol. 8, no. 1, pp. 41-49, 1983.
[25] T.-A. Su and G. Ozsoyoglu, Controlling fd and mvd Inferences in Multilevel Relational Database Systems IEEE Trans. Knowledge and Data Eng., vol. 3, no. 4, pp. 474-485, Dec. 1991.
[26] M.Y. Vardi, "The Complexity of Relational Query Languages," Proc. ACM Symp. Theory of Computing, pp. 137-146, 1982.
[27] I. Wilson,“Views as security objects in multilevel secure relational DBMS,” Proc. IEEE Symp. Security and Privacy,Oakland, Calif., pp. 70-84, 1988.
[28] S.R. Wiseman, "Control of Confidentiality in Databases," Computers and Security, vol. 9, no. 6, pp. 529-537, Oct. 1990.
[29] S. Wiseman,“Lies, dammed lies, and database,” Royal Signals and Radar Establishment, memo 4503, England, 1991.

Index Terms:
Deductive databases, secure databases, computer security, logic programming.
Piero A. Bonatti, Sarit Kraus, V.s. Subrahmanian, "Foundations of Secure Deductive Databases," IEEE Transactions on Knowledge and Data Engineering, vol. 7, no. 3, pp. 406-422, June 1995, doi:10.1109/69.390247
Usage of this product signifies your acceptance of the Terms of Use.