Data level inference detection in database systems

Existing work on inference detection for database systems mainly employ functional dependencies in the database schema to detect inferences. It has been noticed that analyzing the data stored in the database may help to detect more inferences. We describe our effort in developing a data level inference detection system. We have identified five inference rules that a user can use to perform inferences. They are "subsume", "unique characteristic", "overlapping", "complementary", and "functional dependency" inference rules. The existence of these inference rules confirms the inadequacy of detecting inferences using just functional dependencies. The rules can be applied any number of times and in any order. These inference rules are sound. They are not necessarily complete, although we have no example that demonstrates incompleteness. We employ a rule based approach so that future inference rules can be incorporated into the detection system. We have developed a prototype of the inference detection system using Perl on a Sun SPARC 20 workstation. The preliminary results show that on average it takes seconds to process a query for a database with thousands of records. Thus, our approach to inference detection is best performed offline, and would be most useful to detect subtle inference attacks.

[1]  Randall P. Wolf,et al.  ILIAD: an integrated laboratory for inference analysis and detection , 1996 .

[2]  Mark E. Stickel Elimination of inference channels by optimal upgrading , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Bhavani M. Thuraisingham,et al.  The Use of Conceptual Structures for Handling the Inference Problem , 1991, DBSec.

[4]  Thomas H. Hinke,et al.  Inference aggregation detection in database management systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[5]  Sujeet Shenoi,et al.  Catalytic inference analysis: detecting inference threats due to knowledge discovery , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  Harry S. Delugach,et al.  Layered Knowledge Chunks for Database Inference , 1993, DBSec.

[7]  Randall P. Wolf,et al.  A Framework for Inference-Directed Data Mining , 1996, DBSec.

[8]  D.G. Marks,et al.  Inference in MLS Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[9]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[10]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[11]  Leonard J. Binns Inference Through Secondary Path Analysis , 1993, DBSec.

[12]  Harry S. Delugach,et al.  Aerie: An Inference Modeling and Detection Approach for Databases , 1993, DBSec.

[13]  Peter D. Karp,et al.  Detection and elimination of inference channels in multilevel relational database systems , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Sushil Jajodia,et al.  Aggregation in Relational Databases: Controlled Disclosure of Sensitive Information , 1994, ESORICS.

[15]  Gultekin Özsoyoglu,et al.  Data Dependencies and Inference Control in Multilevel Relational Database Systems , 1987, 1987 IEEE Symposium on Security and Privacy.

[16]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[17]  Teresa F. Lunt Aggregation and inference: facts and fallacies , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.