ILIAD: an integrated laboratory for inference analysis and detection

This paper describes a laboratory for exploring inference detection and analysis techniques.* This laboratory is called ILIAD (Integrated Laboratory for Inference Analysis and Detection). It has been implemented at the University of Alabama in Huntsville as part of our AERIE inference research project. The paper describes the overall architecture of the laboratory and then describes the major components: a database generation tool called Genie and an inference analysis tool called Wizard. Genie is used to generate test databases that can be analyzed by Wizard. The basis for Genie’s database generation function is a simulator that provides the coherence necessary for the database to include actual inferences. Genie also supports a fact generation language called FGL, which pemtits the user to define a large database with only a relatively small number of FGL statements. The Wizard tool operates on data descriptions called facets, which encode the results of an inference-directed microanalysis of a database. Wizard can detect second-path inference channels within a single facet as well as inference channels that span multiple facets. The paper concludes with some observations from our initial use of ILIAD.

[1]  R. G. G. Cattell,et al.  The Engineering Database Benchmark , 1994, The Benchmark Handbook.

[2]  Jeffrey D. Ullman,et al.  Principles Of Database And Knowledge-Base Systems , 1979 .

[3]  Leonard J. Binns Inference Through Secondary Path Analysis , 1993, DBSec.

[4]  Thomas H. Hinke,et al.  Database Inference Engine Design Approach , 1988, DBSec.

[5]  Harry S. Delugach,et al.  Layered Knowledge Chunks for Database Inference , 1993, DBSec.

[6]  Teresa F. Lunt,et al.  Toward a multilevel relational data language , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[7]  Thomas H. Hinke,et al.  Inference aggregation detection in database management systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[8]  Harry S. Delugach,et al.  A Fast Algorithm for Detecting Second Paths in Database Inference Analysis , 1995, J. Comput. Secur..

[9]  Peter D. Karp,et al.  Detection and elimination of inference channels in multilevel relational database systems , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Leonard J. Binns Implementation Considerations for Inference Detection: Intended vs. Actual Classification , 1993, Database Security.