Security checking in relational database management systems augmented with inference engines

Thuraisingham, Meena

doi:10.1016/0167-4048(87)90029-0

Cited by 76 publications

(28 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These techniques often result in overclassification of data and, therefore, reduce the availability of data. Techniques in the second category seek to eliminate inference channel violations during query time [5], [11], [15], [18]. If an inference channel is detected, the query is either refused or modified to avoid security violations.…”

Section: Related Work and Their Limitationsmentioning

confidence: 99%

“…However, none of the above works has the formal notion of soundness and completeness for data-dependent and dataindependent disclosure and, thus, cannot establish these formal properties of disclosure inference. Also, most authors [2], [6], [13], [14], [11], [15], [18], with the exception of [5], [7], [16], [3], [4], do not consider the problem of actual inference for specific families of constraints (and its decidability, soundness, completeness, etc. ); rather, they develop a framework, assuming that disclosure inference algorithms are readily available.…”

Section: Related Work and Their Limitationsmentioning

confidence: 99%

See 1 more Smart Citation

Secure databases: constraints, inference channels, and monitoring disclosures

Brodsky

Farkas

Jajodia

2000

IEEE Trans. Knowl. Data Eng.

132

122

View full text Add to dashboard Cite

AbstractÐThis paper investigates the problem of inference channels that occur when database constraints are combined with nonsensitive data to obtain sensitive information. We present an integrated security mechanism, called the Disclosure Monitor, which guarantees data confidentiality by extending the standard mandatory access control mechanism with a Disclosure Inference Engine. The Disclosure Inference Engine generates all the information that can be disclosed to a user based on the user's past and present queries and the database and metadata constraints. The Disclosure Inference Engine operates in two modes: data-dependent mode, when disclosure is established based on the actual data items, and data-independent mode, when only queries are utilized to generate the disclosed information. The disclosure inference algorithms for both modes are characterized by the properties of soundness (i.e., everything that is generated by the algorithm is disclosed) and completeness (i.e., everything that can be disclosed is produced by the algorithm). The technical core of this paper concentrates on the development of sound and complete algorithms for both datadependent and data-independent disclosures.

show abstract

Section: Related Work and Their Limitationsmentioning

confidence: 99%

Section: Related Work and Their Limitationsmentioning

confidence: 99%

Secure databases: constraints, inference channels, and monitoring disclosures

Brodsky

Farkas

Jajodia

2000

IEEE Trans. Knowl. Data Eng.

132

122

View full text Add to dashboard Cite

show abstract

“…This work does not consider authorization rules dealing with implicit association of attributes; instead, the authors assume that the user knows the mapping between the attributes of any FD. Other approaches such as [9,27] analyze queries at runtime and if a query creates an inference channel then it is rejected. In [27], both queries and authorization rules are specified using first order logic.…”

Section: Related Workmentioning

confidence: 99%

“…Other approaches such as [9,27] analyze queries at runtime and if a query creates an inference channel then it is rejected. In [27], both queries and authorization rules are specified using first order logic. While the inference engine considers the past queries, the functional dependencies are not taken into account.…”

Section: Related Workmentioning

confidence: 99%

Access Control for Data Integration in Presence of Data Dependencies

Haddad

Stevovic

Chiasera

et al. 2014

Database Systems for Advanced Applications

View full text Add to dashboard Cite

Abstract. Defining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this paper, we propose a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms.

show abstract

“…Inference channels are removed by modifying the database design andlor by increasing the classification levels of some of the data items. The techniques of the second category seek to eliminate inference channel violations during query processing time [5,10,12,13,16,19]. If an inference channel is detected, the query is either refused or modified to avoid security violations.…”

Section: Introductionmentioning

confidence: 99%

The Inference Problem and Updates in Relational Databases

Farkas

Toland

Eastman

2002

Database and Application Security XV

View full text Add to dashboard Cite

In this paper, we extend the Disclosure Monitor (DiMon) security mechanism (Brodsky et al. [I]) to prevent illegal inferences via database constraints in dynamic databases. We study updates from two perspectives: 1) updates on tuples that were previously released to a user may cause that tuple to be "outdated", tbus providing greater freedom for releasing new tupies; 2) observation of changes in released tuples may create cardinality based inferences, which are not indicated by database dependencies. We present a mechanism, called Update Consolidator (UpCon) that propagates updates to the user's history file to ensure that no query is rejected based on outdated data. We also propose a Cardinality Inference Detection (CID) module, that generates all data that can be disclosed via cardinality based attacks. We show that UpCon and CID, when integrated into the DiMon architecture, guarantee conjidentiality (completeness property ofthe data-dependent disclosure inference aIgorithm) and maximal availability (soundness property of the data-dependent disclosure inference algorithm) even in the presence of updates.

show abstract

Security checking in relational database management systems augmented with inference engines

Cited by 76 publications

References 6 publications

Secure databases: constraints, inference channels, and monitoring disclosures

Secure databases: constraints, inference channels, and monitoring disclosures

Access Control for Data Integration in Presence of Data Dependencies

The Inference Problem and Updates in Relational Databases

Contact Info

Product

Resources

About