Lena Wiese

Horizontal fragmentation for data outsourcing with formula-based confidentiality constraints

This article introduces the notion of horizontal fragmentation to the data outsourcing area. In a horizontal fragmentation, rows of tables are separated (instead of columns for vertical fragmentation). We give a formula-based definition of confidentiality constraints and an implication-based definition of horizontal fragmentation correctness. Then we apply the chase procedure to decide this correctness property and present an algorithm that computes a correct horizontal fragmentation.

Preprocessing for controlled query evaluation with availability policy

Controlled Query Evaluation (CQE) defines a logical framework to protect confidential information in a database. By modeling a users a priori knowledge appropriately, a CQE system not only controls access to certain database entries but also accounts for information inferred by the user. In this article, we present a static (preprocessing) CQE-approach for propositional databases with an availability policy. The resulting inference-proof and availability-preserving database ensures confidentiality of secret information while guaranteeing availability of certain database entries to a highest degree possible. We illustrate the semantics of the system by a comprehensive example and state the essential requirements for an inference-proof and availability-preserving database. We present an algorithm that accomplishes the preprocessing by combining SAT solving and “Branch and Bound”.

On the inference-proofness of database fragmentation satisfying confidentiality constraints

Confidentiality of information should be preserved despite the emergence of data outsourcing. An existing approach is supposed to achieve confidentiality by vertical fragmentation and without relying on encryption. Although prohibiting unauthorised (direct) accesses to confidential information, this approach has so far ignored the fact that attackers might infer sensitive information logically by deduction. In this article vertical fragmentation is modelled within the framework of Controlled Query Evaluation (CQE) allowing for inference-proof answering of queries. Within this modelling the inference-proofness of fragmentation is proved formally, even if an attacker has some a priori knowledge in terms of a rather general class of semantic database constraints.

Towards controlled query evaluation for incomplete first-order databases

Controlled Query Evaluation (CQE) protects confidential information, stored in an information system. It prevents harmful inferences due to a users knowledge and reasoning. In this article we extend CQE to incomplete first-order databases, a data model which suits a broader range of applications than a previously studied propositional incomplete data model. Because of the complexity of the underlying implication problem, which describes the users reasoning, the representation of the users knowledge is the main obstacle to effective inference control. For knowledge representation, we introduce first-order modal logic to CQE. Especially, we deal with knowledge about a restricted data model in first-order logic. The restricted data model considered gives rise to a new problem: if the user is aware of the data model, his reasoning must be modeled appropriately. In the analysis of this “reasoning” model we consider both confidentiality and availability. Finally we show, how the considered data model can be reduced to the propositional case and analyze confidentiality properties of the resulting implementation.

Clustering-based fragmentation and data replication for flexible query answering in distributed databases

One feature of cloud storage systems is data fragmentation (or sharding) so that data can be distributed over multiple servers and subqueries can be run in parallel on the fragments. On the other hand, flexible query answering can enable a database system to find related information for a user whose original query cannot be answered exactly. Query generalization is a way to implement flexible query answering on the syntax level. In this paper we study a clustering-based fragmentation for the generalization operator Anti-Instantiation with which related information can be found in distributed data. We use a standard clustering algorithm to derive a semantic fragmentation of data in the database. The database system uses the derived fragments to support an intelligent flexible query answering mechanism that avoids overgeneralization but supports data replication in a distributed database system. We show that the data replication problem can be expressed as a special Bin Packing Problem and can hence be solved by an off-the shelf solver for integer linear programs. We present a prototype system that makes use of a medical taxonomy to determine similarities between medical expressions.

Generalizing conjunctive queries for informative answers

Deductive generalization of queries is one method to provide informative answers to failing queries. We analyze properties of operators that generalize conjunctive queries consisting of positive as well as negative literals. We show that for the stepwise combination of these operators it suffices to apply the operator in one certain order.

Combining Consistency and Confidentiality Requirements in First-Order Databases

In a logical setting, consistency of a database instance with constraints is a fundamental requirement. We show how satisfaction of a set of constraints guarantees confidentiality of some information declared secret by a security policy --- albeit at the cost of some modified database entries. We identify a very general class of constraints for which this problem is effectively and in many cases efficiently solvable by means of an automatic procedure. A distance minimization ensures maximal availability of correct database entries.

Inference control in logic databases as a constraint satisfaction problem

We investigate inference control in logic databases. The administrator defines a confidentiality policy, i. e., the pieces of information which may not be disclosed to a certain user. We present a static approach which constructs an alternative database instance in which the confidential information is replaced by harmless information. The construction is performed by the means of constraint programming: The task of finding an appropriate database instance is delegated to a hierarchical constraint solver. We compare this static approach to a dynamic inference control mechanism - Controlled Query Evaluation - investigated in earlier work, and we also point out possible extensions which make use of the various opportunities offered by hierarchical constraint solvers.

On finding an inference-proof complete database for controlled query evaluation

Controlled Query Evaluation (CQE) offers a logical framework to prevent a user of a database from inadvertently gaining knowledge he is not allowed to know. By modeling the users a priori knowledge in an appropriate way, a CQE system can control not only plain access to database entries but also inferences made by the user. A dynamic CQE system that enforces inference control at runtime has already been investigated. In this article, we pursue a static approach that constructs an inference-proof database in a preprocessing step. The inference-proof database can respond to any query without enabling the user to infer confidential information. We illustrate the semantics of the system by a comprehensive example and state the essential requirements for an inference-proof and highly available database. We present an algorithm that accomplishes the preprocessing by combining SAT solving and “Branch and Bound”.

Keeping secrets in possibilistic knowledge bases with necessity-valued privacy policies

Controlled Query Evaluation (CQE) is a logical framework for the protection of secrets in databases. In this article, we extend the CQE framework to possibilistic logic: knowledge base, a priori knowledge and privacy policy are expressed with necessity-valued formulas that represent several degrees of certainty. We present a formal security definition and analyze an appropriate controlled evaluation algorithm for this possibilistic case.