报告人/Speaker：Prof. Joachim Biskup, Technische Universität Dortmund, Germany（德国多特蒙德工业太阳成集团tyc33455cc）

邀请人/Host：王士林

时间/Time：2019-06-28（星期五），14:00-15:00

地点/Venue：软件大楼5号楼2楼5218

题目/Title: Strategies for Generating an Inference-Proof Database View

报告人简介/Brief Introduction of Speaker：

Joachim Biskup received his diploma degree in mathematics from Technical University of Hannover in 1972 and his doctor’s degree in computer science from RWTH Aachen University in 1975. Since 1981 he has been a professor of computer science in the University of Dortmund. He has performed research in recursion and complexity theory, information systems with an emphasis on database schema design, query optimization and mediation, various aspects of security, in particular access control and inference control for enforcing confidentiality. He has joined the program committees of many international conferences, including ICDT, FoIKS, ESORICS and DBSec.

报告摘要/Abstract：

This talk is based on joint work with P. Bonatti, L. Li, R. Menzel, M. Preuß, C.Tadros, L.Wiese etc.

Controlled Interaction Execution (CIE) is a long-term project to explore options under various settings to assist an information owner in enforcing his confidentiality requirements when communicating with an authorized partner. Besides dynamic ownerpartner interaction sequences, including query answering and update processing, generating a partner-specific view on the owner's data is a basic task of CIE. Such a view should be inference-proof regarding a confidentiality policy consisting of formally expressed prohibitions to learn a sensitive piece of information, equivalently of secrets to be kept hidden. Inference-proofness means that the original data -- hidden to the partner -- has been altered into a view observable by the partner such that (under some assumptions) all ways of rational reasoning to violate the policy have provably been blocked, even if the partner will exploit background knowledge including postulated a priori knowledge about the data application and the expected full awareness of the view generation algorithm. Hence, restricting to possibilistic policies, for each prohibition/secret S there exists possible alternative data that does not satisfy S but would lead to the same view.

We present and exemplify three strategies for view generation: intensional iterative generation by exhaustive querying, extensional iterative generation by eliminating violations, and extensional generation by global alterations. Regarding data the examples range over abstract data sources, relational databases founded on suitable fragments of first-order logic and XML documents. Regarding alterations, the examples range over total refusals, tailored weakenings by introducing disjunctions or suppressing data, lying, and a combined method.

欢迎广大教师和同学参加学术报告！