This Article 
 Bibliographic References 
 Add to: 
Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures
November/December 2000 (vol. 12 no. 6)
pp. 900-919

Abstract—This paper investigates the problem of inference channels that occur when database constraints are combined with nonsensitive data to obtain sensitive information. We present an integrated security mechanism, called the Disclosure Monitor, which guarantees data confidentiality by extending the standard mandatory access control mechanism with a Disclosure Inference Engine. The Disclosure Inference Engine generates all the information that can be disclosed to a user based on the user's past and present queries and the database and metadata constraints. The Disclosure Inference Engine operates in two modes: data-dependent mode, when disclosure is established based on the actual data items, and data-independent mode, when only queries are utilized to generate the disclosed information. The disclosure inference algorithms for both modes are characterized by the properties of soundness (i.e., everything that is generated by the algorithm is disclosed) and completeness (i.e., everything that can be disclosed is produced by the algorithm). The technical core of this paper concentrates on the development of sound and complete algorithms for both data-dependent and data-independent disclosures.

[1] A. Brodsky, C. Farkas, and S. Jajodia, “Data Disclosure and Inference Channels,” technical report, George Mason Univ., 2000.
[2] L.J. Buczkowski, “Database Inference Controller,” Database Security III: Status and Prospects, D.L. Spooner and C. Landwehr, eds., pp. 311–322, 1990.
[3] S. Dawson, S. De, C. di Vimercati, and P. Samarati, “Minimal Data Upgrating to Prevent Inference and Association Attacks,” Proc. 18th ACM SIGMOD-SIGACT-SIGART Symp. Principles of Database Systems, pp. 114–125, 1999.
[4] S. Dawson, S. De, C. di Vimercati, and P. Samarati, “Specification and Enforcement of Classification and Inference Constraints,” Proc. IEEE Symp. Security and Privacy, 1999.
[5] D.E. Denning, “Commutative Filters for Reducing Inference Threats in Multilevel Database Systems,” Proc. IEEE Symp. Security and Privacy, pp. 134–146, 1985.
[6] J.A. Goguen and J. Meseguer, “Unwinding and Inference Control,” Proc. IEEE Symp. Security and Privacy, pp. 75–86, 1984.
[7] T.H. Hinke, “Inference Aggregation Detection in Database Management Systems,” Proc. IEEE Symp. Security and Privacy, pp. 96–106, 1988.
[8] S. Jajodia and C. Meadows, “Inference Problems in Multilevel Secure Database Management Systems,” Information Security: An Integrated Collection of Essays, M.D. Abrams, S. Jajodia, and H. Podell, eds., pp. 570–584, Los Alamitos, Cailf.: IEEE CS Press, 1995.
[9] D.G. Marks, Inference in MLS Database IEEE Trans. Knowledge and Data Eng., vol. 8, no. 1, pp. 46-55 Feb. 1996.
[10] D.G. Marks, A. Motro, and S. Jajodia, “Enhancing the Controlled Disclosure of Sensitive Information,” Proc. European Symp. Research in Computer Security, pp. 290–303, 1996.
[11] S. Mazumdar, D. Stemple, and T. Sheard, “Resolving the Tension between Integrity and Security Using a Theorem Prover,” Proc. ACM Int'l Conf. Management of Data, pp. 233–242, 1988.
[12] C. Meadows, “Extending the Brewer-Nash Model to a Multilevel Context,” Proc. IEEE Symp. Security and Privacy, pp. 95–102, 1990.
[13] M. Morgenstern,"Controlling logical inference in multilevel database systems," Proc. IEEE CS Symp. Security and Privacy, pp. 245-255, Apr. 1988.
[14] G.W. Smith, “Modeling Security-Relevant Data Semantics,” Proc. IEEE Symp. Research in Security and Privacy, pp. 384–391, 1990.
[15] P. Stachour and B. Thuraisingham,“Design of LDV—a multilevel secure relational database managementsystem,” IEEE Trans. on Knowledge and Data Eng., vol. 2, no. 2, June 1990.
[16] T.-A. Su and G. Ozsoyoglu, Controlling fd and mvd Inferences in Multilevel Relational Database Systems IEEE Trans. Knowledge and Data Eng., vol. 3, no. 4, pp. 474-485, Dec. 1991.
[17] T.H. Hinke, H.S. Delugach, and A. Chandrasekhar, “A Fast Algorithm for Detecting Second Paths in Database Inference Analysis,” J. Computer Security, vol. 3,nos. 2 and 3, pp. 147–168, 1995.
[18] B. Thuraisingham,“Security checking in relational database management systems augmented withinference engines,” Computers and Security, vol. 6, no. 6, Dec. 1987.
[19] J. Ullman, Principles of Database and Knowledge-Base Systems, vol. 1. Computer Science Press, 1988.

Index Terms:
Multilevel security, data confidentiality, inference problem, constraints, data-dependent disclosure, data-independent disclosure, inference algorithms, soundness, completeness, decidability.
Alexander Brodsky, Csilla Farkas, Sushil Jajodia, "Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures," IEEE Transactions on Knowledge and Data Engineering, vol. 12, no. 6, pp. 900-919, Nov.-Dec. 2000, doi:10.1109/69.895801
Usage of this product signifies your acceptance of the Terms of Use.