Unauthorized inferences in semistructured databases

In this paper we study the problem of providing controlled access to confidential data stored in semistructured databases. More specifically, we focus on privacy violations via data inferences that occur when domain knowledge is combined with non-private data. We propose a formal model, called Privacy Information Flow Model, to represent the information flow and the privacy requirements. These privacy requirements are enforced by the Privacy Mediator. Privacy Mediator guarantees that users are not be able to logically entail information that violates the privacy requirements. We present an inference algorithm that is sound and complete. The inference algorithm is developed for a tree-like, semistructured data model, selection-projection queries, and domain knowledge, represented as Horn-clause constraints.

[1]  Shusaku Tsumoto,et al.  Mining diagnostic rules from clinical databases using rough sets and medical diagnostic model , 2004, Inf. Sci..

[2]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[3]  Frédéric Cuppens,et al.  Towards a logical formalization of responsibility , 1997, ICAIL '97.

[4]  Bhavani M. Thuraisingham,et al.  Security checking in relational database management systems augmented with inference engines , 1987, Comput. Secur..

[5]  Jeffrey D. Ullman,et al.  Principles of Database and Knowledge-Base Systems, Volume II , 1988, Principles of computer science series.

[6]  Naphtali Rishe,et al.  A web-based spatial data access system using semantic R-trees , 2004, Inf. Sci..

[7]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[8]  Jeffrey D. Uuman Principles of database and knowledge- base systems , 1989 .

[9]  D.G. Marks,et al.  Inference in MLS Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[10]  Wenfei Fan,et al.  Path Constraints in Semistructured Databases , 2000, J. Comput. Syst. Sci..

[11]  Sabrina De Capitani di Vimercati,et al.  Minimal data upgrading to prevent inference and association attacks , 1999, PODS '99.

[12]  David W. Stemple,et al.  Resolving the tension between integrity and security using a theorem prover , 1988, SIGMOD '88.

[13]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.

[14]  Frédéric Cuppens,et al.  A Possibilistic Logic Encoding of Access Control , 2003, FLAIRS.

[15]  Richard J. Lipton,et al.  Secure databases: protection against user influence , 1979, TODS.

[16]  Weng Tat Chan,et al.  XML application schema matching using similarity measure and relaxation labeling , 2005, Inf. Sci..

[17]  Chris Clifton,et al.  Tools for privacy preserving distributed data mining , 2002, SKDD.

[18]  Ernesto Damiani,et al.  Design and implementation of an access control processor for XML documents , 2000, Comput. Networks.

[19]  Roy Goldman,et al.  Lore: a database management system for semistructured data , 1997, SGMD.

[20]  Sushil Jajodia,et al.  Secure databases: constraints and inference channels , 2000 .

[21]  Francis Y. L. Chin Security in statistical databases for queries with small counts , 1978, TODS.

[22]  T. C. Ting Privacy and confidentiality in healthcare delivery information system , 1999, Proceedings 12th IEEE Symposium on Computer-Based Medical Systems (Cat. No.99CB36365).

[23]  Frédéric Cuppens,et al.  A stratification-based approach for handling conflicts in access control , 2003, SACMAT '03.

[24]  Frédéric Cuppens,et al.  A Deontic Logic for Reasoning about Confidentiality , 1996, DEON.

[25]  Tsan-sheng Hsu,et al.  On The Damage and Compensation of Privacy Leakage , 2004, DBSec.

[26]  David Rine,et al.  Human exploration and development of space: using XML database Space Wide Web: Space Wide Web by adapters in distributed systems configuration from reusable components , 2003, Inf. Sci..

[27]  Fred Roberts,et al.  Report on DIMACS ⁄ Working Group on Data , 2005 .

[28]  Sabrina De Capitani di Vimercati,et al.  Specification and enforcement of classification and inference constraints , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[29]  Gio Wiederhold,et al.  Web Implementation of a Security Mediator for Medical Databases , 1997, DBSec.

[30]  Gary W. Smith Modeling Security-Relevant Data Semantics , 1991, IEEE Trans. Software Eng..

[31]  Serge Abiteboul,et al.  Querying Semi-Structured Data , 1997, Encyclopedia of Database Systems.

[32]  Tsan-sheng Hsu,et al.  Quantifying Privacy Leakage through Answering Database Queries , 2002, ISC.

[33]  William R. Braithwaite National Health Information Privacy Bill Generates Heat at SCAMC , 1996, J. Am. Medical Informatics Assoc..

[34]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[35]  Bhavani M. Thuraisingham,et al.  Design of LDV: a multilevel secure relational database management system , 1990 .

[36]  David J. Danelski,et al.  Privacy and Freedom , 1968 .

[38]  Jin H. Im,et al.  Privacy , 2002, Encyclopedia of Information Systems.

[39]  Matthew Morgenstern,et al.  Controlling logical inference in multilevel database systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[40]  John Leubsdorf,et al.  Privacy and Freedom , 1968 .

[41]  Sushil Jajodia,et al.  Inference Problems in Multilevel Secure Database Management Systems , 2006 .

[42]  Wenfei Fan,et al.  Path constraints on semistructured and structured data , 1998, PODS '98.

[43]  Lincoln D. Stein Web Security: A Step-by-Step Reference Guide , 1998 .

[44]  J. Queenan,et al.  Privacy lost. , 2001, Obstetrics and gynecology.

[45]  Jeffrey D. Ullman,et al.  A model of statistical database their security , 1977, TODS.

[46]  Dorothy E. Denning,et al.  A fast procedure for finding a tracker in a statistical database , 1980, TODS.

[47]  Troy Duster,et al.  Genetic Information and the Workplace: Legislative Approaches and Policy Challenges , 1997, Science.

[48]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[49]  Bharat K. Bhargava,et al.  Mobile data and transaction management , 2002, Inf. Sci..

[50]  Thomas H. Hinke,et al.  Inference aggregation detection in database management systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[51]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[52]  Leoan J. Buczkowski Database Inference Controller , 1989, Database Security.

[53]  Wenfei Fan,et al.  Constraints for semistructured data and XML , 2001, SGMD.

[54]  Chris Clifton,et al.  Defining Privacy for Data Mining , 2002 .

[55]  Yücel Saygin,et al.  Secure Association Rule Sharing , 2004, PAKDD.

[56]  Harry S. Delugach,et al.  A Fast Algorithm for Detecting Second Paths in Database Inference Analysis , 1995, J. Comput. Secur..

[57]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Rule Management , 2003, Journal of Network and Systems Management.

[58]  Marcus J. Ranum,et al.  Web Security Sourcebook , 1997 .

[59]  Thomas C. Rindfleisch,et al.  Privacy, information technology, and health care , 1997, CACM.

[60]  Daniel E. O'Leary Some Privacy Issues in Knowledge Discovery: The OECD Personal Privacy Guidelines , 1995, IEEE Expert.

[61]  Donna L. Hudson Medical Expert Systems , 2006 .

[62]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[63]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[64]  Reind P. van de Riet,et al.  Answering queries without revealing secrets , 1983, TODS.

[65]  Brock N. Meeks Privacy lost, anytime, anywhere , 1997, CACM.

[66]  Dan Suciu,et al.  A query language and optimization techniques for unstructured data , 1996, SIGMOD '96.

[67]  Dan Suciu,et al.  Semistructured Data and XML , 2001, FODO.

[68]  Tsan-sheng Hsu,et al.  A Logical Model for Privacy Protection , 2001, ISC.

[69]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[70]  Gultekin Özsoyoglu,et al.  Controlling FD and MVD Inferences in Multilevel Relational Database Systems , 1991, IEEE Trans. Knowl. Data Eng..

[71]  Paul P. Wang,et al.  Medical expert systems , 2004, Inf. Sci..

[72]  Catherine A. Meadows Extending the Brewer-Nash model to a multilevel context , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[73]  Joachim Biskup,et al.  The personal model of data: Towards a privacy-oriented information system , 1988, Comput. Secur..

[74]  Frédéric Cuppens,et al.  A Modal Logical Framework for Security Policies , 1997, ISMIS.

[75]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[76]  James G. Anderson,et al.  Clearing the way for physicians' use of clinical information systems , 1997, CACM.

[77]  G. Wiederhold,et al.  A security mediator for health care information. , 1996, Proceedings : a conference of the American Medical Informatics Association. AMIA Fall Symposium.

[78]  Dorothy E. Denning Commutative Filters for Reducing Inference Threats in Multilevel Database Systems , 1985, 1985 IEEE Symposium on Security and Privacy.

[79]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[80]  Peter J. Denning,et al.  The tracker: a threat to statistical database security , 1979, TODS.

[81]  S. Jajodia,et al.  Information Security: An Integrated Collection of Essays , 1994 .

[82]  Lucas C. J. Dreyer,et al.  Dynamic aspects of the InfoPriv model for information privacy , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).