Abstract
The inference problem is an unauthorized disclosure of sensitive information via indirect accesses. It happens when generic users can infer classified information from the data or relations between data in a dataset available to them. This problem has drawn much attention from researchers in the database community due to its great compromise of data security. Unlike previously proposed approaches, this paper presents a new scheme for handling inference problems, which considers both security and functionality of a dataset. The scheme uses two main tools. One is the application of rough sets to form a minimal set of decision rules from the dataset. The other is the use of entropy, an important concept from information theory, to evaluate the amount of information contained in the dataset. By analyzing the changes of confidence in decision rules and in the amount of information, an optimal solution can be decided. The scheme is explicit and also easy to be implemented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Buczkowski, L.: Database inference controller. In: Database Security III: Status and Prospects, pp. 311–322. North-Holland, Amsterdam (1990)
Chang, L., Moskowitz, I.: Parsimonious downgrading and decision trees applied to the inference problem. In: Proc. New Security Paradigms Workshop (1998)
Chang, L., Moskowitz, I.: A Bayesian network schema for lessoning database inference. In: International Conference on Computational Intelligence for Modeling, Control and Automation, Las Vegas (July 2001)
Chen, X., Wei, R.: A Dynamic method for handling the inference problem in multilevel secure databases. In: Proc. ITCC 2005, pp. 751–756 (2005)
Denning, D.: Commutative filters for reducing inference threats in multilevel database systems. In: Proc. IEEE Symposium on Security and Privacy, pp. 134–146 (1985)
Goguen, J., Meseguer, J.: Unwinding and inference control. In: Proc. IEEE Symposium on Security and Privacy, pp. 75–86 (1984)
Hinke, T.: Inference aggregation detection in database management systems. In: Proc. IEEE Symposium on Security and Privacy, pp. 96–106 (1988)
Hinke, T.H., Delugach, H.S., Changdrasekhar, A.: A fast algorithm for detecting second paths in database inference analysis. Jour. of Computer Security 3(2,3), 147–168 (1995)
Hale, J., Shenoi, S.: Catalytic inference analysis: detecting inference threats due to knowledge discovery. In: IEEE Symposium on Security and Privacy, pp. 188–199 (1997)
Keef, T., Thuraisingham, M., Tsai, W.: Secure query processing strategies. IEEE Computer 22(3), 63–70 (1989)
Lin, T.Y., Marks, T.H., Thuraisingham, B.: Security and data mining. In: Database Security Vol. 9: Status ans Prospects, pp. 391–399 (1996)
Morgenstern, M.: Controlling logical inference in multilevel database systems. In: Proc. IEEE Symposium on Security and Privacy, pp. 245–255 (1988)
Marks, D.: Inference in MLS databse systems. IEEE Trans. Knowledge and Data Eng. 8(1), 46–55 (1996)
Marks, D., Motro, A., Jajodia, S.: Enhancing the controlled disclosure of sensitive information. In: Proc. European Symposium on Research in Computer Security (1996)
Mazumdar, S., Stemple, D., Sheard, T.: Resolving the tension between integrity and security using a theorem prover. In: Proc. ACM Int’l Conference on Management of Data, pp. 233–242 (1998)
Pawlak, Z.: Rough sets: theoretical aspects of reasoning about data. Kluwer Academic Publishers, Dordrecht (1992)
Roman, S.: Coding and information theory. Springer, Heidelberg (1992)
Shannon, C.: A mathematical theory of communication. Bell System Technical Journal 27, 379–423, 623-656 (1948)
Smith, G.: Modeling security-relevant data semantics. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 384–391 (1990)
Stickel, M.: Elimination of inference channels by optimal upgrading. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 168–174 (1994)
Staddon, J.: Dynamic inference control. In: DMKD 2003: 8th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery (2003)
Su, T., Ozsoyoglu, G.: Inference in MLS database systems. IEEE Trans. Knowledge and Data Eng. 3(4), 474–485 (1991)
Stachour, P., Thuraisingham, B.: Design of LDV: A multilevel secure relational database management system. IEEE Trans. Knowledge and Data Eng. 2(2), 190–209 (1990)
Thuraisingham, B.: Security checking in relational database management systems augmented with inference engines. Computers ans Security 6, 479–492 (1987)
Thuraisingham, B.: Towards the design of a secure data/knowledge base management system. Data knowledge and engineering (1990)
Yip, R., Levitt, K.: Data level inference detection in database systems. In: IEEE Eleventh Computer Security Foundations Workshop (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, X., Wei, R. (2005). A Scheme for Inference Problems Using Rough Sets and Entropy. In: Ślęzak, D., Yao, J., Peters, J.F., Ziarko, W., Hu, X. (eds) Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing. RSFDGrC 2005. Lecture Notes in Computer Science(), vol 3642. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11548706_59
Download citation
DOI: https://doi.org/10.1007/11548706_59
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28660-8
Online ISBN: 978-3-540-31824-8
eBook Packages: Computer ScienceComputer Science (R0)