Correspondence:
[**]
Address for correspondence: Joachim Biskup, Technische Universität Dortmund, 44221 Dortmund, Germany. Tel.: +49 231 755 2641; Fax: +49 231 755 2405; E-mail: joachim.biskup@cs.tu-dortmund.de.
Note: [1] This article is a revised and extended version of the contribution [7] to DBSec 2011, published by Springer-Verlag in volume 6818 of LNCS. Besides much more explanations given throughout the article, the following additional material is newly presented: the background taken from the field of Boolean functions including a proof of a basic proposition (Proposition 2), a complete formal verification of the protocol (proof of Theorem 1), and a comprehensive complexity analysis (Section 5).
Note: [*] This work has been performed within the framework of the Collaborative Research Center “Providing Information by Resource-Constrained Data Analysis”, supported by the Deutsche Forschungsgemeinschaft under Grant SFB 876/A5.
Abstract: Policy-based inference control of queries submitted to a logic-oriented information system aims at confining answers to queries such that the user cannot infer the validity of any sentence specified in a confidentiality policy. Such a control requires us to consider the history of queries and answers to a particular user. In most previous approaches, the control system captures the history by maintaining a fictitious view the user is supposed to generate by exploiting rational reasoning. In this paper, we propose and explore an alternative option to represent the history, namely by suitably adapting the confidentiality policy after returning an answer to a query. Basically, such a policy adaptation precomputes all relevant steps of formal proofs that the fictitious view logically implies some policy element. Focusing on propositional information systems, we present a comprehensive protocol for policy adaptation, which always keeps the current version of the confidentiality policy redundancy-free and fully vulnerable. This protocol is formally proved to be effective by a reduction argument, showing that policy adaptation is able to simulate the achievements of maintaining a view. We also briefly discuss the efficiency for special cases under dedicated data structures.
