Secrecy-Preserving Reasoning using Secrecy Envelopes

Inmany applications of networked information systems, the need to share information often has to be balanced against the need to protect secret information from unintended disclosure, e.g., due to copyright, privacy, security, or commercial considerations. We study the problem of secrecy-preserving reasoning, that is, answering queries using secret information, whenever it is possible to do so, without compromising secret information. In the case of a knowledge base that is queried by a single querying agent, we introduce the notion of a secrecy envelope. This is a superset of the secret part of the knowledge base that needs to be concealed from the querying agent in order to ensure that the secret information is not compromised. We establish several important properties of secrecy envelopes and present an algorithm for computing minimal secrecy envelopes. We extend our analysis of secrecy preserving reasoning to the setting where different parts of the knowledge base need to be protected from different querying agents that are subject to certain restrictions on the sharing of answers supplied to them by the knowledge base.