Issue No. 06 - November/December (2000 vol. 12)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/69.895801
<p><b>Abstract</b>—This paper investigates the problem of inference channels that occur when database constraints are combined with nonsensitive data to obtain sensitive information. We present an integrated security mechanism, called the <it>Disclosure Monitor</it>, which guarantees data confidentiality by extending the standard mandatory access control mechanism with a <it>Disclosure Inference Engine</it>. The Disclosure Inference Engine generates all the information that can be disclosed to a user based on the user's past and present queries and the database and metadata constraints. The Disclosure Inference Engine operates in two modes: <it>data-dependent</it> mode, when disclosure is established based on the actual data items, and <it>data-independent</it> mode, when only queries are utilized to generate the disclosed information. The disclosure inference algorithms for both modes are characterized by the properties of <it>soundness</it> (i.e., everything that is generated by the algorithm is disclosed) and <it>completeness</it> (i.e., everything that can be disclosed is produced by the algorithm). The technical core of this paper concentrates on the development of sound and complete algorithms for both data-dependent and data-independent disclosures.</p>
Multilevel security, data confidentiality, inference problem, constraints, data-dependent disclosure, data-independent disclosure, inference algorithms, soundness, completeness, decidability.
C. Farkas, A. Brodsky and S. Jajodia, "Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures," in IEEE Transactions on Knowledge & Data Engineering, vol. 12, no. , pp. 900-919, 2000.