Security checking in relational database management systems augmented with inference engines
Computers and Security
Resolving the tension between integrity and security using a theorem prover
SIGMOD '88 Proceedings of the 1988 ACM SIGMOD international conference on Management of data
Secure Query-Processing Strategies
Computer
Cryptography and data security
Cryptography and data security
Design of LDV: A Multilevel Secure Relational Database Management
IEEE Transactions on Knowledge and Data Engineering
Controlling FD and MVD Inferences in Multilevel Relational Database Systems
IEEE Transactions on Knowledge and Data Engineering
Inference in MLS Database Systems
IEEE Transactions on Knowledge and Data Engineering
Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures
IEEE Transactions on Knowledge and Data Engineering
Enhancing the Controlled Disclosure of Sensitive Information
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Data Level Inference Detection in Database Systems
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Security against Inference Attacks on Negative Information in Object-Oriented Databases
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Concept and prototype of a collaborative business process environment for document processing
Data & Knowledge Engineering - Special issue: Collaborative business process technologies
Journal of Computer and System Sciences
Auditing Inference Based Disclosures in Dynamic Databases
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Verification of the security against inference attacks on XML databases
APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Requirements and protocols for inference-proof interactions in information systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A systematic literature review of inference strategies
International Journal of Information and Computer Security
Enhanced insider threat detection model that increases data availability
ICDCIT'11 Proceedings of the 7th international conference on Distributed computing and internet technology
Dynamic disclosure monitor (D2Mon): an improved query processing solution
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Predicting and preventing insider threat in relational database systems
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Mitigation of malicious modifications by insiders in databases
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Tackling Insider Threat in Cloud Relational Databases
UCC '12 Proceedings of the 2012 IEEE/ACM Fifth International Conference on Utility and Cloud Computing
| Hi-index | 0.00 |
In this paper, we extend the Disclosure Monitor (DiMon) security mechanism (Brodsky et al. [1]) to prevent illegal inferences via database constraints in dynamic databases. We study updates from two perspectives: 1) updates on tuples that were previously released to a user may cause that tuple to be "outdated", thus providing greater freedom for releasing new tuples; 2) observation of changes in released tuples may create cardinality based inferences, which are not indicated by database dependencies. We present a mechanism, called Update Consolidator (UpCon) that propagates updates to the user's history file to ensure that no query is rejected based on outdated data. We also propose a Cardinality Inference Detection (CID) module, that generates all data that can be disclosed via cardinality based attacks. We show that UpCon and CID, when integrated into the DiMon architecture, guarantee confidentiality (completeness property of the data-dependent disclosure inference algorithm) and maximal availability (soundness property of the data-dependent disclosure inference algorithm) even in the presence of updates.