Security checking in relational database management systems augmented with inference engines
Computers and Security
Principles of database and knowledge-base systems, Vol. I
Principles of database and knowledge-base systems, Vol. I
Resolving the tension between integrity and security using a theorem prover
SIGMOD '88 Proceedings of the 1988 ACM SIGMOD international conference on Management of data
Minimal data upgrading to prevent inference and association attacks
PODS '99 Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Design of LDV: A Multilevel Secure Relational Database Management
IEEE Transactions on Knowledge and Data Engineering
Controlling FD and MVD Inferences in Multilevel Relational Database Systems
IEEE Transactions on Knowledge and Data Engineering
Inference in MLS Database Systems
IEEE Transactions on Knowledge and Data Engineering
Enhancing the Controlled Disclosure of Sensitive Information
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Decathlon in Multidimensional Modeling: Open Issues and Some Solutions
DaWaK 2000 Proceedings of the 4th International Conference on Data Warehousing and Knowledge Discovery
Auditing Interval-Based Inference
CAiSE '02 Proceedings of the 14th International Conference on Advanced Information Systems Engineering
Cardinality-Based Inference Control in Sum-Only Data Cubes
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
The inference problem: a survey
ACM SIGKDD Explorations Newsletter
The inference problem and updates in relational databases
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Privacy: A Machine Learning View
IEEE Transactions on Knowledge and Data Engineering
An identifiability-based access control model for privacy protection in open systems
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Cardinality-based inference control in data cubes
Journal of Computer Security
Checking for k-anonymity violation by views
VLDB '05 Proceedings of the 31st international conference on Very large data bases
Secure resource description framework: an access control model
Proceedings of the eleventh ACM symposium on Access control models and technologies
Redundancy and information leakage in fine-grained access control
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
An epistemic framework for privacy protection in database linking
Data & Knowledge Engineering
Controlled query evaluation with open queries for a decidable relational submodel
Annals of Mathematics and Artificial Intelligence
Secure XML publishing without information leakage in the presence of data inference
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Reducing inference control to access control for normalized database schemas
Information Processing Letters
Precomputation of privacy policy parameters for auditing SQL queries
Proceedings of the 2nd international conference on Ubiquitous information management and communication
Bag-based data models for incomplete information and their closure properties
Journal of Intelligent Information Systems
Auditing Inference Based Disclosures in Dynamic Databases
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Disclosure Analysis and Control in Statistical Databases
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Query rewriting for detection of privacy violation through inferencing
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Evaluating privacy threats in released database views by symmetric indistinguishability
Journal of Computer Security - Selected papers from the Third and Fourth Secure Data Management (SDM) workshops
Publishing naive Bayesian classifiers: privacy without accuracy loss
Proceedings of the VLDB Endowment
Self-enforcing Private Inference Control
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Semantics-aware security policy specification for the semantic web data
International Journal of Information and Computer Security
Confidentiality policies for controlled query evaluation
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Granulation as a privacy protection mechanism
Transactions on rough sets VII
Protecting individual information against inference attacks in data publishing
DASFAA'07 Proceedings of the 12th international conference on Database systems for advanced applications
Verification of the security against inference attacks on XML databases
APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Requirements and protocols for inference-proof interactions in information systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Suppressing microdata to prevent classification based inference
The VLDB Journal — The International Journal on Very Large Data Bases
A systematic literature review of inference strategies
International Journal of Information and Computer Security
Efficient inference control for open relational queries
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Privacy disclosure analysis and control for 2D contingency tables containing inaccurate data
PSD'10 Proceedings of the 2010 international conference on Privacy in statistical databases
Horizontal fragmentation for data outsourcing with formula-based confidentiality constraints
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Enhanced insider threat detection model that increases data availability
ICDCIT'11 Proceedings of the 7th international conference on Distributed computing and internet technology
Anonymity meets game theory: secure data integration with malicious participants
The VLDB Journal — The International Journal on Very Large Data Bases
Dynamic disclosure monitor (D2Mon): an improved query processing solution
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Information release control: a learning-based architecture
Journal on Data Semantics II
An inference detection algorithm based on related tuples mining
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part III
Controlled query evaluation with open queries for a decidable relational submodel
FoIKS'06 Proceedings of the 4th international conference on Foundations of Information and Knowledge Systems
Indistinguishability: the other aspect of privacy
SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
DNIS'10 Proceedings of the 6th international conference on Databases in Networked Information Systems
Unauthorized inferences in semistructured databases
Information Sciences: an International Journal
Characterisations of multivalued dependency implication over undetermined universes
Journal of Computer and System Sciences
Disclosure analysis for two-way contingency tables
PSD'06 Proceedings of the 2006 CENEX-SDC project international conference on Privacy in Statistical Databases
Towards controlled query evaluation for incomplete first-order databases
FoIKS'10 Proceedings of the 6th international conference on Foundations of Information and Knowledge Systems
Predicting and preventing insider threat in relational database systems
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Mitigation of malicious modifications by insiders in databases
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Inference-usability confinement by maintaining inference-proof views of an information system
International Journal of Computational Science and Engineering
A trust-and-risk aware RBAC framework: tackling insider threat
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Data Base Management Systems (DBMSs): Meeting the requirements of the EU data protection legislation
International Journal of Information Management: The Journal for Information Professionals
Towards an understanding of social inference opportunities in social computing
Proceedings of the 17th ACM international conference on Supporting group work
Enforcing confidentiality in relational databases by reducing inference control to access control
ISC'07 Proceedings of the 10th international conference on Information Security
Probabilistic Inference Channel Detection and Restriction Applied to Patients' Privacy Assurance
International Journal of Information Security and Privacy
| Hi-index | 0.00 |
This paper investigates the problem of inference channels that occur when database constraints are combined with nonsensitive data to obtain sensitive information. We present an integrated security mechanism, called the Disclosure Monitor, which guarantees data confidentiality by extending the standard mandatory access control mechanism with a Disclosure Inference Engine. The Disclosure Inference Engine generates all the information that can be disclosed to a user based on the user's past and present queries and the database and metadata constraints. The Disclosure Inference Engine operates in two modes: data-dependent mode, when disclosure is established based on the actual data items, and data-independent mode, when only queries are utilized to generate the disclosed information. The disclosure inference algorithms for both modes are characterized by the properties of soundness (i.e., everything that is generated by the algorithm is disclosed) and completeness (i.e., everything that can be disclosed is produced by the algorithm). The technical core of this paper concentrates on the development of sound and complete algorithms for both data-dependent and data-independent disclosures.