Abstract
This paper investigates the problem of confidentiality violations via illegal data inferences that occur when arithmetic constraints are combined with non-confidential numeric data to infer confidential information. The database is represented as a point in an (n + k)-dimensional constraint space, where n is the number of numerical data items stored in the database (extensional database) and k is the number of derivable attributes (intensional database). Database constraints over both extensional and intensional databases form an (n + k)-dimensional constraint object. A query answer over a data item x is an interval I of values along the x axis of the database such that I is correct (i.e., the actual data value is within I) and safe (i.e., users cannot infer which point within I is the actual data value). The security requirements are expressed by the accuracy with which users are allowed to disclose data items. More specifically, we develop two classification methods: (1) volume-based classification, where the entire volume of the disclosed constraint object that contains the data item is considered and (2) interval based classification, where the length of the interval that contains the data item is considered. We develop correct and safe inference algorithms for both cases.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundation and model. Technical report, Mitre Corp. Report No. M74-244, Bedford, Mass., 1975.
L. J. Buczkowski. Database inference controller. In D. L. Spooner and C. Landwehr, editors, Database Security III: Status and Prospects, pages 311–322. North-Holland, Amsterdam, 1990.
S. Dawson, S. De Capitani di Vimercati, and P. Samarati. Minimal data upgrating to prevent inference and association attacks. In Proc. of the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pages 114–125, 1999.
S. Dawson, S. De Capitani di Vimercati, and P. Samarati. Specification and enforcement of classification and inference constraints. In Proc. IEEE Symp. on Security and Privacy, 1999.
D. E. Denning. A lattice model of secure information flow. Comm. ACM, 19(5):236–243, May 1976.
D. E. Denning. Cryptography and Data Security. Addison-Wesley, Mass., 1982.
D. E. Denning. Commutative filters for reducing inference threats in multilevel database systems. In Proc. IEEE Symp. on Security and Privacy, pages 134–146, 1985.
J. A. Goguen and J. Meseguer. Unwinding and inference control. In Proc. IEEE Symp. on Security and Privacy, pages 75–86, 1984.
T. H. Hinke. Inference aggregation detection in database management systems. In Proc. IEEE Symp. on Security and Privacy, pages 96–106, 1988.
M. Morgenstern. Controlling logical inference in multilevel database systems. In Proc. IEEE Symp. on Security and Privacy, pages 245–255, 1988.
S. Mazumdar, D. Stemple, and T. Sheard. Resolving the tension between integrity and security using a theorem prover. In Proc. ACM Int’l Conf. Management of Data, pages 233–242, 1988.
S. Rath, D. Jones, J. Hale, and S. Shenoi. A tool for inference detection and knowledge discovery in databases. In Proc. of the 9th IFIP WG11.3 Workshop on Database Security, pages 317–332, 1995.
G. W. Smith. Modeling security-relevant data semantics. In Proc. IEEE Symp. Research in Security and Privacy, pages 384–391, 1990.
T. Su and G. Ozsoyoglu. Data dependencies and inference control in multilevel relational database systems. In Proc. IEEE Symp. Security and Privacy, pages 202–211, 1987.
T. Su and G. Ozsoyoglu. Inference in MLS database systems. IEEE Trans. Knowledge and Data Eng., 3(4):474–485, December 1991.
P. D. Stachour and B. Thuraisingham. Design of LDV: A multilevel secure relational database management system. IEEE Trans. Knowledge and Data Eng., 2(2):190–209, June 1990.
B. M. Thuraisingham. Security checking in relational database management systems augmented with inference engines. Computers and Security, 6:479–492, 1987.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brodsky, A., Farkas, C., Wijesekera, D., Wang, X.S. (2000). Constraints Inference Channels and Secure Databases. In: Dechter, R. (eds) Principles and Practice of Constraint Programming – CP 2000. CP 2000. Lecture Notes in Computer Science, vol 1894. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45349-0_9
Download citation
DOI: https://doi.org/10.1007/3-540-45349-0_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41053-9
Online ISBN: 978-3-540-45349-9
eBook Packages: Springer Book Archive