论文信息 - Identifying Sensitive Associations in Databases for Release Control

Identifying Sensitive Associations in Databases for Release Control

In a database system, authorization-based access-control is generally the first line of defense, preventing unauthorized accesses to secret or sensitive data. However, this mechanism is susceptible to security breaches due to improper authorization (e.g., the general public is mistakenly granted access to a copy of sensitive data) and cannot block insider attacks (an authorized user accidentally or intentionally discloses secrets to outsiders). Supplementary to access-control, the release-control mechanism is to check all the outgoing documents for any leak of secret or sensitive information. This paper reports preliminary results on a specific release-control task, namely, how to deal with sensitive associations that need to be restricted from releasing. A sensitive association refers to a pair of values whose connection involves some secrets. The disclosure of such a pair may reveal the secretive connection and therefore should be controlled. The release control of sensitive associations is a very challenging and long term research problem. This paper introduces techniques to identify and represent sensitive associations hidden in a database.

[1] Carlo Zaniolo,et al. Optimization of Nonrecursive Queries , 1986, VLDB.

[2] Sushil Jajodia,et al. A Learning-based Approach to Information Release Control , 2003, IICIS.

[3] Gio Wiederhold,et al. Protecting Information when Access is Granted for Collaboration , 2000, DBSec.

[4] Bhavani Thuraisingham,et al. Security Constraints in a Multilevel Secure Distributed Database Management System , 1995, IEEE Trans. Knowl. Data Eng..

[5] Mark Levene,et al. Search and Navigation in Relational Databases , 2003, ArXiv.

[6] Stéphane Bressan,et al. Introduction to Database Systems , 2005 .

[7] Sushil Jajodia,et al. The inference problem: a survey , 2002, SKDD.

[8] Mark Levene,et al. DbSurfer: A Search and Navigation Tool for Relational Databases , 2004, BNCOD.

[9] Vagelis Hristidis,et al. DISCOVER: Keyword Search in Relational Databases , 2002, VLDB.

[10] Keith A. Brewster,et al. Inference and aggregation issues in secure database management systems , 1996 .

[11] Arnon Rosenthal,et al. Document release versus data access controls: two sides of the same coin? , 2001, CIKM '01.