Abstract
Traditional access control models aim to prevent data leakage via direct accesses. A direct access occurs when a requester performs his query directly into the desired object, however these models fail to protect sensitive data from being accessed with inference channels. An inference channel is produced by the combination of a legitimate response which the user receives from the system and metadata. Detecting and removing inference in database systems guarantee a high quality design in terms of data secrecy and privacy. Parting from the fact that data distribution exacerbates inference problem, we give in this paper a survey of the current and emerging research on the inference problem in both centralized and distributed database systems and highlighting research directions in this field.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Akeel, F., Fathabadi, A.S., Paci, F., Gravell, A., Wills, G.: Formal modelling of data integration systems security policies. Data Sci. Eng. 1(3), 139–148 (2016)
Akeel, F.Y., Wills, G.B., Gravell, A.M.: Exposing data leakage in data integration systems. In: 2014 9th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 420–425. IEEE (2014)
An, X., Jutla, D., Cercone, N.: Auditing and inference control for privacy preservation in uncertain environments. In: Havinga, P., Lijding, M., Meratnia, N., Wegdam, M. (eds.) EuroSSC 2006. LNCS, vol. 4272, pp. 159–173. Springer, Heidelberg (2006). https://doi.org/10.1007/11907503_12
An, X., Jutla, D., Cercone, N.: Dynamic inference control in privacy preference enforcement. In: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, p. 24. ACM (2006)
Bahloul, S.N., Coquery, E., Hacid, M.S.: Access control to materialized views: an inference-based approach. In: Proceedings of the 2011 Joint EDBT/ICDT Ph. D. Workshop, pp. 19–24. ACM (2011)
Bahloul, S.N., Coquery, E., Hacid, M.S.: Securing materialized views: a rewriting-based approach. In: 29emes Journées BDA, pp. 1–25 (2013)
Biskup, J., Embley, D.W., Lochner, J.H.: Reducing inference control to access control for normalized database schemas. Inf. Process. Lett. 106(1), 8–12 (2008)
Biskup, J., Hartmann, S., Link, S., Lochner, J.-H.: Efficient inference control for open relational queries. In: Foresti, S., Jajodia, S. (eds.) DBSec 2010. LNCS, vol. 6166, pp. 162–176. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13739-6_11
Biskup, J., Preuß, M., Wiese, L.: On the inference-proofness of database fragmentation satisfying confidentiality constraints. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 246–261. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24861-0_17
Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)
Chang, L.W., Moskowitz, I.: A study of inference problems in distributed databases. In: Gudes, E., Shenoi, S. (eds.) Research Directions in Data and Applications Security. ITIFIP, vol. 128, pp. 191–204. Springer, Boston, MA (2003). https://doi.org/10.1007/978-0-387-35697-6_15
Chen, Y., Chu, W.W.: Database security protection via inference detection. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, F.-Y. (eds.) ISI 2006. LNCS, vol. 3975, pp. 452–458. Springer, Heidelberg (2006). https://doi.org/10.1007/11760146_40
Chen, Y., Chu, W.W.: Protection of database security via collaborative inference detection. In: Chen, H., Yang, C.C. (eds.) Intelligence and Security Informatics. SCI, vol. 135, pp. 275–303. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-69209-6_15
Clifton, C., et al.: Privacy-preserving data integration and sharing. In: Proceedings of the 9th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery, pp. 19–26. ACM (2004)
Cuzzocrea, A., Hacid, M.S., Grillo, N.: Effectively and efficiently selecting access control rules on materialized views over relational databases. In: Proceedings of the Fourteenth International Database Engineering & Applications Symposium, pp. 225–235. ACM (2010)
Delugach, H.S., Hinke, T.H.: Wizard: a database inference analysis and detection system. IEEE Trans. Knowl. Data Eng. 8(1), 56–66 (1996)
Domingo-Ferrer, J.: Advances in inference control in statistical databases: an overview. In: Domingo-Ferrer, J. (ed.) Inference Control in Statistical Databases. LNCS, vol. 2316, pp. 1–7. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-47804-3_1
Fan, W., Geerts, F., Li, J., Xiong, M.: Discovering conditional functional dependencies. IEEE Trans. Knowl. Data Eng. 23(5), 683–698 (2011)
Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explor. Newslett. 4(2), 6–11 (2002)
Guarnieri, M., Marinovic, S., Basin, D.: Securing databases from probabilistic inference. In: 2017 IEEE 30th Computer Security Foundations Symposium (CSF), pp. 343–359. IEEE (2017)
Haddad, M., Hacid, M.S., Laurini, R.: Data integration in presence of authorization policies. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 92–99. IEEE (2012)
Haddad, M., Stevovic, J., Chiasera, A., Velegrakis, Y., Hacid, M.-S.: Access control for data integration in presence of data dependencies. In: Bhowmick, S.S., Dyreson, C.E., Jensen, C.S., Lee, M.L., Muliantara, A., Thalheim, B. (eds.) DASFAA 2014. LNCS, vol. 8422, pp. 203–217. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05813-9_14
Hale, J., Shenoi, S.: Catalytic inference analysis: detecting inference threats due to knowledge discovery. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 188–199. IEEE (1997)
Hinke, T.H.: Inference aggregation detection in database management systems. In: Proceedings of the 1988 IEEE Symposium on Security and Privacy, pp. 96–106. IEEE (1988)
Hinke, T.H., Delugach, H.S.: AERIE: an inference modeling and detection approach for databases. In: Sixth Working Conference on Database Security, p. 187 (1992)
Hinke, T.H., Delugach, H.S., Wolf, R.P.: Protecting databases from inference attacks. Comput. Secur. 16(8), 687–708 (1997)
Katos, V., Vrakas, D., Katsaros, P.: A framework for access control with inference constraints. In: 2011 IEEE 35th Annual Computer Software and Applications Conference (COMPSAC), pp. 289–297. IEEE (2011)
Landwehr, C., Jajodia, S.: The use of conceptual structures for handling the inference problem (1992)
de Mantaras, R.L., Saina, L.: Inference attacks in peer-to-peer homogeneous distributed data mining. In: 16th European Conference on Artificial Intelligence, ECAI 2004, 22–27 August 2004, Valencia, Spain: Including Prestigious Applicants [sic] of Intelligent Systems (PAIS 2004): Proceedings, vol. 110, p. 450. IOS Press (2004)
Morgenstern, M.: Controlling logical inference in multilevel database systems. In: Proceedings of the 1988 IEEE Symposium on Security and Privacy, pp. 245–255. IEEE (1988)
Nait-Bahloul, S., Coquery, E., Hacid, M.-S.: Authorization policies for materialized views. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 525–530. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_43
Qian, X., Stickel, M.E., Karp, P.D., Lunt, T.F., Garvey, T.D.: Detection and elimination of inference channels in multilevel relational database systems. In: Proceedings of 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 196–205. IEEE (1993)
Rath, S., Jones, D., Hale, J., Shenoi, S.: A tool for inference detection and knowledge discovery in databases. In: Spooner, D.L., Demurjian, S.A., Dobson, J.E. (eds.) Database Security IX. IAICT, pp. 317–332. Springer, Boston (1996). https://doi.org/10.1007/978-0-387-34932-9_20
Sayah, T., Coquery, E., Thion, R., Hacid, M.-S.: Inference leakage detection for authorization policies over RDF data. In: Samarati, P. (ed.) DBSec 2015. LNCS, vol. 9149, pp. 346–361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20810-7_24
Sellami, M., Gammoudi, M.M., Hacid, M.S.: Secure data integration: a formal concept analysis based approach. In: Decker, H., Lhotská, L., Link, S., Spies, M., Wagner, R.R. (eds.) DEXA 2014. LNCS, vol. 8645, pp. 326–333. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10085-2_30
Sellami, M., Hacid, M.-S., Gammoudi, M.M.: Inference control in data integration systems. In: Debruyne, C., et al. (eds.) OTM 2015. LNCS, vol. 9415, pp. 285–302. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26148-5_17
Shafer, G.: Detecting inference attacks using association rules (2001)
Staddon, J.: Dynamic inference control. In: Proceedings of the 8th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery, pp. 94–100. ACM (2003)
Su, T.A., Ozsoyoglu, G.: Controlling FD and MVD inferences in multilevel relational database systems. IEEE Trans. Knowl. Data Eng. 3(4), 474–485 (1991)
Thuraisingham, B.: Handling security constraints during multilevel database design. In: Burns, R. (ed.) Research Directions zn Database Securt (v, IV, Mitre Technical report, M92B0000 118, Mitre Corp., McLean, Va (1992)
Thuraisingham, B., Ford, W., Collins, M., O’Keeffe, J.: Design and implementation of a database inference controller. Data Knowl. Eng. 11(3), 271–297 (1993)
Thuraisingham, M.: Security checking in relational database management systems augmented with inference engines. Comput. Secur. 6(6), 479–492 (1987)
Toland, T.S., Farkas, C., Eastman, C.M.: The inference problem: maintaining maximal availability in the presence of database updates. Comput. Secur. 29(1), 88–103 (2010)
Tracy, J., Chang, L., Moskowitz, I.S.: An agent-based approach to inference prevention in distributed database systems. Int. J. Artif. Intell. Tools 12(03), 297–313 (2003)
di Vimercati, S.D.C., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE Trans. Dependable Secure Comput. 11(6), 510–523 (2014)
Wang, H., Liu, R.: Privacy-preserving publishing microdata with full functional dependencies. Data Knowl. Eng. 70(3), 249–268 (2011). https://doi.org/10.1016/j.datak.2010.11.002, http://www.sciencedirect.com/science/article/pii/S0169023X10001291
Wang, J., Yang, J., Guo, F., Min, H.: Resist the database intrusion caused by functional dependency. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 54–57. IEEE (2017)
Xu, X., Xiong, L., Liu, J.: Database fragmentation with confidentiality constraints: a graph search approach. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 263–270. ACM (2015)
Yang, Y., Li, Y., Deng, R.H.: New paradigm of inference control with trusted computing. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 243–258. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73538-0_18
Yip, R.W., Levitt, E.: Data level inference detection in database systems. In: 1998 Proceedings of 11th IEEE Computer Security Foundations Workshop, pp. 179–189. IEEE (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Jebali, A., Sassi, S., Jemai, A. (2020). Inference Control in Distributed Environment: A Comparison Study. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-41568-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41567-9
Online ISBN: 978-3-030-41568-6
eBook Packages: Computer ScienceComputer Science (R0)