This Article 
 Bibliographic References 
 Add to: 
Inference in MLS Database Systems
February 1996 (vol. 8 no. 1)
pp. 46-55

Abstract—Database systems that contain information of varying degrees of sensitivity pose the threat that some of the Low data may infer High data. This study derives conditions sufficient to identify such inference threats. First, it is reasoned that a database can only control material implications, as specified in formal logic systems. These material implications are found using Knowledge Discovery techniques. Material implications allow reasoning about outside knowledge, and provide the first assurance that outside knowledge does not assist in circumventing the inference controls. Database queries specify the properties of sets of data and are compared to help determine inferences. These queries are grouped into equivalence classes based upon their inference characteristics. A unique graph based model is developed for the equivalence classes that 1) makes such comparisons easy, and 2) allows implementation of an algorithm capable of finding those material implication rules where High data is inferred from Low data. This is the first method that offers assurance and sufficiency arguments that the mechanism is at least strong enough to protect the High data in the database from inference attacks that require Low data.

[1] L. Binns,"Inference through secondary path analysis," Proc. Sixth IFIP Working Conf. Database Security,Vancouver, B.C., Canada, Aug. 1992.
[2] R. Burns,"A conceptual model for multilevel database design, " Proc. Fifth Rome Laboratory Database Security Workshop,Fredonia, N.Y., Oct. 1992.
[3] R. Burns,"ER approach to multilevel database design," Proc. First RADC Database Security Workshop,Menlo Park, Calif., May 1988.
[4] D.E. Denning,S.G. Akl,M. Morgenstern,P.G. Neumann,R.R. Schell, and M. Heckman,"Views for multilevel database security," Proc. IEEE CS Symp. Security and Privacy,Oakland, Calif., 1986.
[5] T.D. Garvey,T.F. Lunt,X. Qian, and M. Stickel,"Toward a tool to detect and eliminate inference problems in the design of multilevel databases," Proc. Sixth IFIP Working Conf. Database Security,Vancouver, B.C., Canada, Aug. 1992.
[6] T.H. Hinke and H.S. Delugach,"AERIE: An inference modeling and detection approach for databases," B.W. Thuraisingham and C.E. Landwehr, eds., Database Security, VI: Status and Prospects, no. A-21, IFIP Transactions.Amsterdam: Elsevier Science Publ. (North-Holland), 1993.
[7] T.Y. Lin,"Multilevel database and aggregated security algebra," Database Security: Status and Prospects IV, S. Jajodia and C.E. Landwehr, eds. NorthHolland, 1991.
[8] M. Morgenstern,"Controlling logical inference in multilevel database systems," Proc. IEEE CS Symp. Security and Privacy, pp. 245-255, Apr. 1988.
[9] M. Motro,D.G. Marks, and S. Jajodia,"Aggregation in relational databases: Controlled disclosure of sensitive information," Proc. European Symp. Research in Computer Security,Brighton, U.K., Nov. 1994.
[10] G. Piatetsky-Shapiro and W.J. Frawley, Knowledge Discovery in Databases. AAAI/MIT Press, 1991.
[11] G. Smith,"Modeling security-relevant data semantics," Proc. IEEE Symp. Security and Privacy,Oakland, Calif., May 1990.
[12] B. Thuraisingham,"The use of conceptual structures for handling the inference problem, and cover stories for database security," Proc. Fifth IFIP WG 11.3 Working Conf. Database Security,Shepherdstown, W. Va., USA, Nov. 1991.
[13] J. Ullman, Principles of Database and Knowledge-Base Systems, vol. 1. Computer Science Press, 1988.
[14] J. Woodcock and M. Loomes, Software Engineering Mathematics: Formal Methods Demystified.London: Pitman Publishing, 1988.

Index Terms:
Inference, database security, knowledge discovery, MLS, query patterns.
Donald G. Marks, "Inference in MLS Database Systems," IEEE Transactions on Knowledge and Data Engineering, vol. 8, no. 1, pp. 46-55, Feb. 1996, doi:10.1109/69.485628
Usage of this product signifies your acceptance of the Terms of Use.