Reasoning over leaks of information for Access Control of Databases

September 26, 2022

Pierre Bourhis (INRIA Lille)

Controlling the Access of Data in Database management systems is a classical problem and it has been solved through different mechanisms. One of the most common implemented in most Databases management systems is the mechanism of views, i.e defining the accessible data of a user as the result of a query. This mechanism is also used in principle in other systems such as in social networks.

Unfortunately, this approach has some defaults. Even though it does not leak any secret information, the user seeing the data can infer some of these secret data by using different knowledge such as the logical definition of the query used to define the accessible data and different property of the database.

In this talk, I will present a formalism allowing to check when a set of views do not leak any information even through this kind of attacks.