Advertisement

Inference Control in Distributed Environment: A Comparison Study

  • Adel JebaliEmail author
  • Salma Sassi
  • Abderrazak Jemai
Conference paper
  • 114 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12026)

Abstract

Traditional access control models aim to prevent data leakage via direct accesses. A direct access occurs when a requester performs his query directly into the desired object, however these models fail to protect sensitive data from being accessed with inference channels. An inference channel is produced by the combination of a legitimate response which the user receives from the system and metadata. Detecting and removing inference in database systems guarantee a high quality design in terms of data secrecy and privacy. Parting from the fact that data distribution exacerbates inference problem, we give in this paper a survey of the current and emerging research on the inference problem in both centralized and distributed database systems and highlighting research directions in this field.

Keywords

Access control Inference control External knowledge Data distribution Secrecy and privacy 

References

  1. 1.
    Akeel, F., Fathabadi, A.S., Paci, F., Gravell, A., Wills, G.: Formal modelling of data integration systems security policies. Data Sci. Eng. 1(3), 139–148 (2016)Google Scholar
  2. 2.
    Akeel, F.Y., Wills, G.B., Gravell, A.M.: Exposing data leakage in data integration systems. In: 2014 9th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 420–425. IEEE (2014)Google Scholar
  3. 3.
    An, X., Jutla, D., Cercone, N.: Auditing and inference control for privacy preservation in uncertain environments. In: Havinga, P., Lijding, M., Meratnia, N., Wegdam, M. (eds.) EuroSSC 2006. LNCS, vol. 4272, pp. 159–173. Springer, Heidelberg (2006).  https://doi.org/10.1007/11907503_12CrossRefGoogle Scholar
  4. 4.
    An, X., Jutla, D., Cercone, N.: Dynamic inference control in privacy preference enforcement. In: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, p. 24. ACM (2006)Google Scholar
  5. 5.
    Bahloul, S.N., Coquery, E., Hacid, M.S.: Access control to materialized views: an inference-based approach. In: Proceedings of the 2011 Joint EDBT/ICDT Ph. D. Workshop, pp. 19–24. ACM (2011)Google Scholar
  6. 6.
    Bahloul, S.N., Coquery, E., Hacid, M.S.: Securing materialized views: a rewriting-based approach. In: 29emes Journées BDA, pp. 1–25 (2013)Google Scholar
  7. 7.
    Biskup, J., Embley, D.W., Lochner, J.H.: Reducing inference control to access control for normalized database schemas. Inf. Process. Lett. 106(1), 8–12 (2008)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Biskup, J., Hartmann, S., Link, S., Lochner, J.-H.: Efficient inference control for open relational queries. In: Foresti, S., Jajodia, S. (eds.) DBSec 2010. LNCS, vol. 6166, pp. 162–176. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13739-6_11CrossRefGoogle Scholar
  9. 9.
    Biskup, J., Preuß, M., Wiese, L.: On the inference-proofness of database fragmentation satisfying confidentiality constraints. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 246–261. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24861-0_17CrossRefGoogle Scholar
  10. 10.
    Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)CrossRefGoogle Scholar
  11. 11.
    Chang, L.W., Moskowitz, I.: A study of inference problems in distributed databases. In: Gudes, E., Shenoi, S. (eds.) Research Directions in Data and Applications Security. ITIFIP, vol. 128, pp. 191–204. Springer, Boston, MA (2003).  https://doi.org/10.1007/978-0-387-35697-6_15CrossRefzbMATHGoogle Scholar
  12. 12.
    Chen, Y., Chu, W.W.: Database security protection via inference detection. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, F.-Y. (eds.) ISI 2006. LNCS, vol. 3975, pp. 452–458. Springer, Heidelberg (2006).  https://doi.org/10.1007/11760146_40CrossRefGoogle Scholar
  13. 13.
    Chen, Y., Chu, W.W.: Protection of database security via collaborative inference detection. In: Chen, H., Yang, C.C. (eds.) Intelligence and Security Informatics. SCI, vol. 135, pp. 275–303. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-69209-6_15
  14. 14.
    Clifton, C., et al.: Privacy-preserving data integration and sharing. In: Proceedings of the 9th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery, pp. 19–26. ACM (2004)Google Scholar
  15. 15.
    Cuzzocrea, A., Hacid, M.S., Grillo, N.: Effectively and efficiently selecting access control rules on materialized views over relational databases. In: Proceedings of the Fourteenth International Database Engineering & Applications Symposium, pp. 225–235. ACM (2010)Google Scholar
  16. 16.
    Delugach, H.S., Hinke, T.H.: Wizard: a database inference analysis and detection system. IEEE Trans. Knowl. Data Eng. 8(1), 56–66 (1996)CrossRefGoogle Scholar
  17. 17.
    Domingo-Ferrer, J.: Advances in inference control in statistical databases: an overview. In: Domingo-Ferrer, J. (ed.) Inference Control in Statistical Databases. LNCS, vol. 2316, pp. 1–7. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-47804-3_1CrossRefzbMATHGoogle Scholar
  18. 18.
    Fan, W., Geerts, F., Li, J., Xiong, M.: Discovering conditional functional dependencies. IEEE Trans. Knowl. Data Eng. 23(5), 683–698 (2011)CrossRefGoogle Scholar
  19. 19.
    Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explor. Newslett. 4(2), 6–11 (2002)CrossRefGoogle Scholar
  20. 20.
    Guarnieri, M., Marinovic, S., Basin, D.: Securing databases from probabilistic inference. In: 2017 IEEE 30th Computer Security Foundations Symposium (CSF), pp. 343–359. IEEE (2017)Google Scholar
  21. 21.
    Haddad, M., Hacid, M.S., Laurini, R.: Data integration in presence of authorization policies. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 92–99. IEEE (2012)Google Scholar
  22. 22.
    Haddad, M., Stevovic, J., Chiasera, A., Velegrakis, Y., Hacid, M.-S.: Access control for data integration in presence of data dependencies. In: Bhowmick, S.S., Dyreson, C.E., Jensen, C.S., Lee, M.L., Muliantara, A., Thalheim, B. (eds.) DASFAA 2014. LNCS, vol. 8422, pp. 203–217. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-05813-9_14CrossRefGoogle Scholar
  23. 23.
    Hale, J., Shenoi, S.: Catalytic inference analysis: detecting inference threats due to knowledge discovery. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 188–199. IEEE (1997)Google Scholar
  24. 24.
    Hinke, T.H.: Inference aggregation detection in database management systems. In: Proceedings of the 1988 IEEE Symposium on Security and Privacy, pp. 96–106. IEEE (1988)Google Scholar
  25. 25.
    Hinke, T.H., Delugach, H.S.: AERIE: an inference modeling and detection approach for databases. In: Sixth Working Conference on Database Security, p. 187 (1992)Google Scholar
  26. 26.
    Hinke, T.H., Delugach, H.S., Wolf, R.P.: Protecting databases from inference attacks. Comput. Secur. 16(8), 687–708 (1997)CrossRefGoogle Scholar
  27. 27.
    Katos, V., Vrakas, D., Katsaros, P.: A framework for access control with inference constraints. In: 2011 IEEE 35th Annual Computer Software and Applications Conference (COMPSAC), pp. 289–297. IEEE (2011)Google Scholar
  28. 28.
    Landwehr, C., Jajodia, S.: The use of conceptual structures for handling the inference problem (1992)Google Scholar
  29. 29.
    de Mantaras, R.L., Saina, L.: Inference attacks in peer-to-peer homogeneous distributed data mining. In: 16th European Conference on Artificial Intelligence, ECAI 2004, 22–27 August 2004, Valencia, Spain: Including Prestigious Applicants [sic] of Intelligent Systems (PAIS 2004): Proceedings, vol. 110, p. 450. IOS Press (2004)Google Scholar
  30. 30.
    Morgenstern, M.: Controlling logical inference in multilevel database systems. In: Proceedings of the 1988 IEEE Symposium on Security and Privacy, pp. 245–255. IEEE (1988)Google Scholar
  31. 31.
    Nait-Bahloul, S., Coquery, E., Hacid, M.-S.: Authorization policies for materialized views. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 525–530. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30436-1_43CrossRefGoogle Scholar
  32. 32.
    Qian, X., Stickel, M.E., Karp, P.D., Lunt, T.F., Garvey, T.D.: Detection and elimination of inference channels in multilevel relational database systems. In: Proceedings of 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 196–205. IEEE (1993)Google Scholar
  33. 33.
    Rath, S., Jones, D., Hale, J., Shenoi, S.: A tool for inference detection and knowledge discovery in databases. In: Spooner, D.L., Demurjian, S.A., Dobson, J.E. (eds.) Database Security IX. IAICT, pp. 317–332. Springer, Boston (1996).  https://doi.org/10.1007/978-0-387-34932-9_20CrossRefGoogle Scholar
  34. 34.
    Sayah, T., Coquery, E., Thion, R., Hacid, M.-S.: Inference leakage detection for authorization policies over RDF data. In: Samarati, P. (ed.) DBSec 2015. LNCS, vol. 9149, pp. 346–361. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-20810-7_24CrossRefGoogle Scholar
  35. 35.
    Sellami, M., Gammoudi, M.M., Hacid, M.S.: Secure data integration: a formal concept analysis based approach. In: Decker, H., Lhotská, L., Link, S., Spies, M., Wagner, R.R. (eds.) DEXA 2014. LNCS, vol. 8645, pp. 326–333. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-10085-2_30CrossRefGoogle Scholar
  36. 36.
    Sellami, M., Hacid, M.-S., Gammoudi, M.M.: Inference control in data integration systems. In: Debruyne, C., et al. (eds.) OTM 2015. LNCS, vol. 9415, pp. 285–302. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-26148-5_17CrossRefGoogle Scholar
  37. 37.
    Shafer, G.: Detecting inference attacks using association rules (2001)Google Scholar
  38. 38.
    Staddon, J.: Dynamic inference control. In: Proceedings of the 8th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery, pp. 94–100. ACM (2003)Google Scholar
  39. 39.
    Su, T.A., Ozsoyoglu, G.: Controlling FD and MVD inferences in multilevel relational database systems. IEEE Trans. Knowl. Data Eng. 3(4), 474–485 (1991)CrossRefGoogle Scholar
  40. 40.
    Thuraisingham, B.: Handling security constraints during multilevel database design. In: Burns, R. (ed.) Research Directions zn Database Securt (v, IV, Mitre Technical report, M92B0000 118, Mitre Corp., McLean, Va (1992) Google Scholar
  41. 41.
    Thuraisingham, B., Ford, W., Collins, M., O’Keeffe, J.: Design and implementation of a database inference controller. Data Knowl. Eng. 11(3), 271–297 (1993)CrossRefGoogle Scholar
  42. 42.
    Thuraisingham, M.: Security checking in relational database management systems augmented with inference engines. Comput. Secur. 6(6), 479–492 (1987)CrossRefGoogle Scholar
  43. 43.
    Toland, T.S., Farkas, C., Eastman, C.M.: The inference problem: maintaining maximal availability in the presence of database updates. Comput. Secur. 29(1), 88–103 (2010)CrossRefGoogle Scholar
  44. 44.
    Tracy, J., Chang, L., Moskowitz, I.S.: An agent-based approach to inference prevention in distributed database systems. Int. J. Artif. Intell. Tools 12(03), 297–313 (2003)CrossRefGoogle Scholar
  45. 45.
    di Vimercati, S.D.C., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE Trans. Dependable Secure Comput. 11(6), 510–523 (2014)CrossRefGoogle Scholar
  46. 46.
    Wang, H., Liu, R.: Privacy-preserving publishing microdata with full functional dependencies. Data Knowl. Eng. 70(3), 249–268 (2011).  https://doi.org/10.1016/j.datak.2010.11.002, http://www.sciencedirect.com/science/article/pii/S0169023X10001291
  47. 47.
    Wang, J., Yang, J., Guo, F., Min, H.: Resist the database intrusion caused by functional dependency. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 54–57. IEEE (2017)Google Scholar
  48. 48.
    Xu, X., Xiong, L., Liu, J.: Database fragmentation with confidentiality constraints: a graph search approach. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 263–270. ACM (2015)Google Scholar
  49. 49.
    Yang, Y., Li, Y., Deng, R.H.: New paradigm of inference control with trusted computing. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 243–258. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73538-0_18CrossRefGoogle Scholar
  50. 50.
    Yip, R.W., Levitt, E.: Data level inference detection in database systems. In: 1998 Proceedings of 11th IEEE Computer Security Foundations Workshop, pp. 179–189. IEEE (1998)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Faculty of Mathematical Physical and Natural Sciences of Tunis, SERCOM LaboratoryTunis El Manar UniversityTunisTunisia
  2. 2.ESPRIT School of EngineeringTunisTunisia
  3. 3.Faculty of Law Economics and Management of Jendouba, VPNC LaboratoryJendouba UniversityJendoubaTunisia
  4. 4.Polytechnic School of Tunisia, SERCOM Laboratory, INSATCarthage UniversityTunisTunisia

Personalised recommendations