Abstract
In this paper we examine undesired inferences in distributed XML documents. An undesired inference is a chain of reasoning that leads to protected data of an organization or an individual, using only intentionally disclosed information. We propose a framework, called Ontology guided XML Security Engine (Oxsegin), to detect and prevent undesired inference attacks. Oxsegin uses the Correlated Inference Algorithm to detect sensitive associations that may exist at a lower security levels. The system operates on the DTD’s of XML documents to identify data associations and the corresponding security classifications. Oxsegin uses an ontological class-hierarchy to identify associations with two or more conflicting classifications. A Security Violation Pointer (SVP) is assigned to a set of tags that contribute to the conflicting classification. The likelihood of a detected security violation is measured by a confidence level coefficient attached to the SVPs.
This work was partially supported by the National Science Foundation under Grants IIS-0237782 and DUE-0112874
Chapter PDF
Similar content being viewed by others
Keywords
References
S. Abiteboul, D. Quass, J. McHugh, J. Widom, and J. Wiener. (1997). The Lorel query language for semi-structured data. Journal of Digital Libraries. Volume 1
B. Amann, I. Fundulaki, and M. Scholl, et at. (2001). Mapping XML Fragments to Community Web Ontologies. Proceedings Fourth International Workshop on the Web and Databases
E. Bertino, S. Castano, E. Ferrari, and M. Mesiti. (2000). Specifying and Enforcing Access Control Policies for XML Document Sources. WWW Journal, Baltzer Science Publishers, Vol.3, N.3.
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. (2000). XML Access Control Systems: A Component-Based Approach. In Proc. IFIP WG11.3 Working Conference on Database Security, The Netherlands.
P. Devanbu, M. Gertz et al. (2001). Flexible authentication of XML documents. ACM Conference on Computer and Communications Security.
F. Dridi and G. Neumann. (1998). Towards access control for logical document structure. In Proc. of the Ninth International Workshop of Database and Expert Systems Applications, pages 322–327, Vienna, Austria.
M. Erdman, S. Decker. Ontology-aware XML Queries. http://www.aifb.uni-karlsruhe.de/mer/Pubs/semantic-xql.webdb00.pdf
M. Erdman and R. Studer. (to appear). How to Structure and Access XML Documents with Ontologies. Data and Knowledge Engineering, Special Issue on Intelligent Information Integration
M. Erdman and R. Studer. (1999). Ontologies as Conceptual Model for XML Documents. Proc. of the 12-th Workshop for Knowledge, Acquisition, Modeling and Management. Banff, Canada.
A. Gabillon and E. Bruno. (2001). Regulating Access to XML Documents. In Proc. IFIP WG11.3 Working Conference on Database Security.
T.R. Gruber. (1993). A Translation Approach to Portable Ontology Specifications. Knowledge Acquisition. Vol.6, no.2, pp 199–221
S. Jajodia and C. Meadows. (1995). Inference problems in multilevel secure database management systems. In Information Security: An integrated collection of essays, pages 570–584, IEEE Computer Society Press, Los Alamitos, C.A.
M. Kifer, Georg Lausen, James Wu. (1995). Logical Foundations of Object Oriented and Frame Based Languages. Journal of ACM, vol. 42, p. 741–843
M. Kudo and S. Hada. (2000). XML Document Security based on Provisional Authorizations. In Proc. of the 7th ACM conference on Computer and Communications Security, Athens Greece, November.
T. Lee and J. Hendler (2001). The Semantic Web. Scientific American.
OIL. Ontology Inference. Layer. http://www.ontoknowledge.org/oil/
J. Robie, J. Lapp, and D. Schach. (1998). XML Query Language (XQL). Proceedings of the W3C Query Language Workshop (QL-98), Boston.
W3C. (2001). XML Encryption Requirements. W3C Working Draft, http://www.w3.org/TR/2001/WD-xml-encryption-req-20011018
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Farkas, C., Stoica, A.G. (2004). Correlated Data Inference. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds) Data and Applications Security XVII. IFIP International Federation for Information Processing, vol 142. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8070-0_9
Download citation
DOI: https://doi.org/10.1007/1-4020-8070-0_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8069-2
Online ISBN: 978-1-4020-8070-8
eBook Packages: Springer Book Archive