For unknown secrecies refusal is better than lying

摘要

A shared information system is expected to comply with the following potentially conflicting requirements. It should provide useful answers to arbitrary queries, while on the other hand it should preserve certain secrets according to a security policy. We study and compare two previously suggested approaches to meet these requirements, namely refusal of statements and lying. The investigation is performed using a highly abstract and general framework, both with respect to the information system and the preservation of secrets. We focus on the case that the user supposedly does not know the secrecies, i.e., the alternatives consisting of an actual secret and its negation. The assessment shows that for unknown secrecies refusal is better than lying. In particular, while preserving the same secrets refusal can provide more useful answers.