Abstract

An important goal of security in information systems is confidentiality. A confidentiality policy specifies which users should be forbidden to acquire what kind of information. A controlled query evaluation should enforce such a policy even if users are able to reason about a priori knowledge and the answers to previous queries. The following aspects are considered: formal models of confidentiality policies based on potential secrets or secrecies, user awareness of the policy instance, and enforcement methods applying either lying or refusal, or a combination thereof. Reconsidering previous work and filling the gaps, we comprehensively treat and compare the resulting 12 cases. Thereby, the assumed completeness of the information system is essentially used.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Confidentiality Policies and Their Enforcement for Controlled Query Evaluation
Joachim Biskup ... Piero Bonatti
-
Joachim Biskup, et. al.Joachim Biskup ... Piero Bonatti
01 Jan 2002
Exploring IS security themes: a literature analysis
Areej Alyami ... Carolanne Mahony
Journal of Decision Systems | VOL. 29
Areej Alyami, et. al.Areej Alyami ... Carolanne Mahony
18 Aug 2020
On the Impact of Perceived Vulnerability in the Adoption of Information Systems Security Innovations
Mumtaz Abdul Hameed ... Nalin Asanka Gamagedara Arachchilage
International Journal of Computer Network and Information Security | VOL. 11
Mumtaz Abdul Hameed, et. al.Mumtaz Abdul Hameed ... Nalin Asanka Gamagedara Arachchilage
08 Apr 2019
Information system security commitment: A study of external influences on senior management
Kevin A Barton ... Steve Terrell
Computers & Security | VOL. 59
Kevin A Barton, et. al.Kevin A Barton ... Steve Terrell
17 Feb 2016
View more papers

More From: International Journal of Information Security

Paper Title
Journal
Date
Author
Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering
Martin Bedoya ... Pantaleone Nespoli
International Journal of Information Security | VOL. -
Martin Bedoya, et. al.Martin Bedoya ... Pantaleone Nespoli
05 Oct 2024
“Animation” URL in NFT marketplaces considered harmful for privacy
Patricia Callejo ... Marcelo Bagnulo
International Journal of Information Security | VOL. -
Patricia Callejo, et. al.Patricia Callejo ... Marcelo Bagnulo
17 Sep 2024
An overview of proposals towards the privacy-preserving publication of trajectory data
Àlex Miranda-Pascual ... Thorsten Strufe
International Journal of Information Security | VOL. -
Àlex Miranda-Pascual, et. al.Àlex Miranda-Pascual ... Thorsten Strufe
04 Sep 2024
Enhancing privacy protections in national identification systems: an examination of stakeholders’ knowledge, attitudes, and practices of privacy by design
Mohamed Abomhara ... Stéphanie De Labriolle
International Journal of Information Security | VOL. -
Mohamed Abomhara, et. al.Mohamed Abomhara ... Stéphanie De Labriolle
03 Sep 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.