The inference problem: a survey

Access control models protect sensitive data from unauthorized disclosure via direct accesses, however, they fail to prevent indirect accesses. Indirect data disclosure via inference channels occurs when sensitive information can be inferred from non-sensitive data and metadata. Inference channels are often low-bandwidth and complex; nevertheless, detection and removal of inference channels is necessary to guarantee data security. This paper presents a survey of the current and emerging research in data inference control and emphasizes the importance of targeting this so often overlooked problem during database security design.

[1]  Sujeet Shenoi,et al.  Catalytic inference analysis: detecting inference threats due to knowledge discovery , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[2]  Teresa F. Lunt,et al.  Current Issues in Statistical Database Security , 1991, Database Security.

[3]  Sarit Kraus,et al.  Data-Security in Heterogeneous Agent Systems , 1998, CIA.

[4]  Matthew Morgenstern,et al.  Controlling logical inference in multilevel database systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[5]  Gregory Piatetsky-Shapiro,et al.  Knowledge Discovery in Personal Data vs. Privacy: A mini-symposium , 1995, IEEE Expert.

[6]  Karl N. Levitt,et al.  Data level inference detection in database systems , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[7]  Sabrina De Capitani di Vimercati,et al.  Minimal data upgrading to prevent inference and association attacks , 1999, PODS '99.

[8]  Frank van Harmelen,et al.  Sesame: A Generic Architecture for Storing and Querying RDF and RDF Schema , 2002, SEMWEB.

[9]  Yannis Papakonstantinou,et al.  DTD inference for views of XML data , 2000, PODS.

[10]  William R. Braithwaite National Health Information Privacy Bill Generates Heat at SCAMC , 1996, J. Am. Medical Informatics Assoc..

[11]  Bhavani M. Thuraisingham,et al.  Design of LDV: a multilevel secure relational database management system , 1990 .

[12]  George T. Duncan,et al.  Obtaining Information while Preserving Privacy: A Markov Perturbation Method for Tabular Data , 1997 .

[13]  Sujeet Shenoi,et al.  A Practical Formalism for Imprecise Inference Control , 1994, DBSec.

[14]  Ernesto Damiani,et al.  Design and implementation of an access control processor for XML documents , 2000, Comput. Networks.

[15]  Alin Deutsch,et al.  A Query Language for XML , 1999, Comput. Networks.

[16]  David W. Stemple,et al.  Resolving the tension between integrity and security using a theorem prover , 1988, SIGMOD '88.

[17]  Randall P. Wolf,et al.  A Framework for Inference-Directed Data Mining , 1996, DBSec.

[18]  Lucas C. J. Dreyer,et al.  Dynamic aspects of the InfoPriv model for information privacy , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[19]  Gio Wiederhold,et al.  Web Implementation of a Security Mediator for Medical Databases , 1997, DBSec.

[20]  Gary W. Smith,et al.  Modeling security-relevant data semantics , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[21]  Brock N. Meeks Privacy lost, anytime, anywhere , 1997, CACM.

[22]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[23]  Sabrina De Capitani di Vimercati,et al.  Specification and enforcement of classification and inference constraints , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[24]  Jerry R. Hobbs,et al.  Accessing Information and Services on the DAML-Enabled Web , 2001, SemWeb.

[25]  Alan F. Karr,et al.  Web-Based Systems that Disseminate Information from Databases but Protect Confidentiality , 2002, Advances in Digital Government.

[26]  Thomas H. Hinke,et al.  Inference aggregation detection in database management systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[27]  Chris Clifton,et al.  SECURITY AND PRIVACY IMPLICATIONS OF DATA MINING , 1996 .

[28]  Charu C. Aggarwal,et al.  On the design and quantification of privacy preserving data mining algorithms , 2001, PODS.

[29]  James G. Anderson,et al.  Clearing the way for physicians' use of clinical information systems , 1997, CACM.

[30]  Lincoln D. Stein Web Security: A Step-by-Step Reference Guide , 1998 .

[31]  Bhavani M. Thuraisingham,et al.  Security Issues for Data Warehousing and Data Mining , 1996, DBSec.

[32]  Bhavani M. Thuraisingham,et al.  Security checking in relational database management systems augmented with inference engines , 1987, Comput. Secur..

[33]  Elisa Bertino,et al.  Author-X: A Java-Based System for XML Data Protection , 2000, DBSec.

[34]  Rakesh Agrawal,et al.  Privacy-preserving data mining , 2000, SIGMOD 2000.

[35]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[36]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[37]  Thomas C. Rindfleisch,et al.  Privacy, information technology, and health care , 1997, CACM.

[38]  Daniel E. O'Leary Some Privacy Issues in Knowledge Discovery: The OECD Personal Privacy Guidelines , 1995, IEEE Expert.

[39]  Volker Roth,et al.  Concepts and architecture of a security-centric mobile agent server , 2001, Proceedings 5th International Symposium on Autonomous Decentralized Systems.

[40]  T. C. Ting Privacy and confidentiality in healthcare delivery information system , 1999, Proceedings 12th IEEE Symposium on Computer-Based Medical Systems (Cat. No.99CB36365).

[41]  Marcus J. Ranum,et al.  Web Security Sourcebook , 1997 .

[42]  Troy Duster,et al.  Genetic Information and the Workplace: Legislative Approaches and Policy Challenges , 1997, Science.

[43]  Gultekin Özsoyoglu,et al.  On Inference Control in Semantic Data Models for Statistical Databases , 1990, J. Comput. Syst. Sci..

[44]  D.G. Marks,et al.  Inference in MLS Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[45]  Leoan J. Buczkowski Database Inference Controller , 1989, Database Security.

[46]  Frank van Harmelen,et al.  Sesame: An Architecture for Storin gand Querying RDF Data and Schema Information , 2003, Spinning the Semantic Web.

[47]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[48]  Harry S. Delugach,et al.  A Fast Algorithm for Detecting Second Paths in Database Inference Analysis , 1995, J. Comput. Secur..

[49]  Georges Gardarin,et al.  Using Conceptual Modeling and Intelligent Agents to Integrate Semi-structured Documents in Federated Databases , 1997, Conceptual Modeling.

[50]  Gultekin Özsoyoglu,et al.  Controlling FD and MVD Inferences in Multilevel Relational Database Systems , 1991, IEEE Trans. Knowl. Data Eng..

[51]  Mark E. Stickel Elimination of inference channels by optimal upgrading , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[52]  Ian Horrocks,et al.  The Semantic Web: The Roles of XML and RDF , 2000, IEEE Internet Comput..

[53]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2000, Journal of Cryptology.

[54]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[55]  Joachim Biskup,et al.  The personal model of data: Towards a privacy-oriented information system , 1988, Comput. Secur..

[56]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[57]  Csilla Farkas,et al.  Secure XML Views , 2002, DBSec.

[58]  Randall P. Wolf,et al.  Protecting databases from inference attacks , 1997, Comput. Secur..

[59]  Chris Clifton,et al.  Using Sample Size to Limit Exposure to Data Mining , 2000, J. Comput. Secur..

[60]  G. Wiederhold,et al.  A security mediator for health care information. , 1996, Proceedings : a conference of the American Medical Informatics Association. AMIA Fall Symposium.

[61]  Dorothy E. Denning Commutative Filters for Reducing Inference Threats in Multilevel Database Systems , 1985, 1985 IEEE Symposium on Security and Privacy.

[62]  Joachim Biskup,et al.  Controlled Query Evaluation for Known Policies by Combining Lying and Refusal , 2002, FoIKS.

[63]  Daniel E. O'Leary,et al.  Knowledge Discovery as a Threat to Database Security , 1991, Knowledge Discovery in Databases.

[64]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .