This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Wizard: A Database Inference Analysis and Detection System
February 1996 (vol. 8 no. 1)
pp. 56-66

Abstract—The database inference problem is a well-known problem in database security and information system security in general. In order to prevent an adversary from inferring classified information from combinations of unclassified information, a database inference analyst must be able to detect and prevent possible inferences. Detecting database inference problems at database design time provides great power in reducing problems over the lifetime of a database. We have developed and constructed a system called Wizard to analyze databases for their inference problems. The system takes as input a database schema, its constituent instances (if available) and additional human-supplied domain information, and provides a set of associations between entities and/or activities that can be grouped by their potential severity of inference vulnerability. A knowledge acquisition process called microanalysis permits semantic knowledge of a database to be incorporated into the analysis using conceptual graphs. These graphs are then analyzed with respect to inference-relevant domains we call facets using tools we have developed. We can determine inference problems within single facets as well as some inference problems between two or more facets. The architecture of the system is meant to be general so that further refinements of inference information subdomains can be easily incorporated into the system.

[1] ANSI, "Information Resource Dictionary System (IRDS) technical report, part 1: Conceptual schema for IRDS." Technical Report X3/TR-14:1995, American National Standards Institute (ANSI), 1995.
[2] H.S. Delugach and T.H. Hinke,"AERIE: Database inference modeling and detection using conceptual graphs," H.D. Pfeiffer and T.E. Nagle, eds., Conceptual Structures: Theory and Implementation, no. 754in Lecture Notes in Artificial Intelligence, chapter 16. New York: Springer-Verlag, 1993, reprinted from Proc. Seventh Ann. Workshop Conceptual Graphs, New Mexico State Univ., Las Cruces, July8-10, 1992.
[3] H.S. Delugach and T.H. Hinke.,"Microanalyzed knowledge chunks for knowledge acquisition in database inference analysis," Tech. Report 95-01, Dept. of Computer Science, Univ. of Alabama, Huntsville, 1995.
[4] G. Ellis and R.A. Levinson, eds., Proc. Second Int'l Workshop on PEIRCE: A Conceptual Graphs Workbench, 1993, held in association with the First Int'l Conf. Conceptual Structures, Laval Univ., Quebec, Canada, Aug. 1993.
[5] G. Ellis, and R.A. Levinson, eds, Proc. Third Int'l Workshop on PEIRCE: A Conceptual Graphs Workbench, 1994, held in association with the Second Int'l Conf. Conceptual Structures,, Univ. of Maryland, College Park, Aug. 1994.
[6] R. Elmasri and S.B. Navathe, Fundamentals of Database Systems, Benjamin/Cummings, Houston, 1989.
[7] T.H. Hinke,"Inference aggregation detection in database management systems," IEEE Symp. Security and Privacy,Oakland, Calif., USA, Apr. 1988.
[8] T.H. Hinke and H.S. Delugach,"AERIE: An inference modeling and detection approach for databases," B.W. Thuraisingham and C.E. Landwehr, eds., Database Security, VI: Status and Prospects, no. A-21, IFIP Transactions.Amsterdam: Elsevier Science Publ. (North-Holland), 1993.
[9] T.H. Hinke and H.S. Delugach,"A fast algorithm for finding second paths in database inference analysis," J. Computer Security, in press.
[10] T.H. Hinke,H.S. Delugach, and A. Chandrasekhar,"Layered knowledge chunks for database inference detection," Proc. Seventh IFIP WG 11.3 Working Conf. Database Security,Huntsville, Al., Sept. 1993.
[11] D. Hsieh,T.F. Lunt, and P.K. Boucher,"The Seaview prototype," Technical Report A012, SRI International, Aug. 1993.
[12] G.W. Mineau,B. Moulin, and J.F. Sowa, eds., Conceptual Graphs for Knowledge Representation, no. 699in Lecture Notes in Artificial Intelligence. New York: Springer-Verlag, 1993.
[13] M. Morgenstern,, "Security and inference in multilevel database and knowledge-base systems," Proc. SIGMOD (ACM Special Interest Group on Management of Data), ACM, 1987.
[14] M. Morgenstern,"Controlling logical inference in multilevel database systems," IEEE Symp. Security and Privacy,Oakland, Calif., USA, Apr. 1988.
[15] S. Polovina and J. Heaton,"An introduction to conceptual graphs," AI Expert, pp. 36-43, May 1992.
[16] X. Qian,M.E. Stickel,P.D. Karp,T.F. Lunt, and T.D. Garvey,"Detection and elimination of inference channels in multilevel relational database systems," Proc. IEEE Computer Society Symp. Research in Security and Privacy, pp. 196-205, May 1993.
[17] J.F. Sowa, Conceptual Structures: Information Processing in Mind and Machine, Addison-Wesley, Reading, Mass., 1984.
[18] W.M. Tepfenhart,J.P. Dick, and J.F. Sowa, eds., Conceptual Structures: Current Practices, no. 835in Lecture Notes in Artificial Intelligence. New York: Springer-Verlag, 1994.
[19] B. Thuraisingham,, "The use of conceptual structures for handling the inference problem, and cover stories for database security," Proc. Fifth IFIP WG 11.3 Working Conf. Database Security,Shepherdstown, W. Va., USA, Nov. 1991.
[20] J. Ullman, Principles of Database and Knowledge-Base Systems, vol. 1. Computer Science Press, 1988.

Index Terms:
Information security, conceptual graphs, database inference, inference detection, inference analysis, transitive associations.
Citation:
Harry S. Delugach, Thomas H. Hinke, "Wizard: A Database Inference Analysis and Detection System," IEEE Transactions on Knowledge and Data Engineering, vol. 8, no. 1, pp. 56-66, Feb. 1996, doi:10.1109/69.485629
Usage of this product signifies your acceptance of the Terms of Use.