Skip to main content
SpringerLink
Log in

Constraints Inference Channels and Secure Databases

  • Conference paper
  • First Online:
Principles and Practice of Constraint Programming – CP 2000 (CP 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1894))

Abstract

This paper investigates the problem of confidentiality violations via illegal data inferences that occur when arithmetic constraints are combined with non-confidential numeric data to infer confidential information. The database is represented as a point in an (n + k)-dimensional constraint space, where n is the number of numerical data items stored in the database (extensional database) and k is the number of derivable attributes (intensional database). Database constraints over both extensional and intensional databases form an (n + k)-dimensional constraint object. A query answer over a data item x is an interval I of values along the x axis of the database such that I is correct (i.e., the actual data value is within I) and safe (i.e., users cannot infer which point within I is the actual data value). The security requirements are expressed by the accuracy with which users are allowed to disclose data items. More specifically, we develop two classification methods: (1) volume-based classification, where the entire volume of the disclosed constraint object that contains the data item is considered and (2) interval based classification, where the length of the interval that contains the data item is considered. We develop correct and safe inference algorithms for both cases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundation and model. Technical report, Mitre Corp. Report No. M74-244, Bedford, Mass., 1975.

    Google Scholar 

  2. L. J. Buczkowski. Database inference controller. In D. L. Spooner and C. Landwehr, editors, Database Security III: Status and Prospects, pages 311–322. North-Holland, Amsterdam, 1990.

    Google Scholar 

  3. S. Dawson, S. De Capitani di Vimercati, and P. Samarati. Minimal data upgrating to prevent inference and association attacks. In Proc. of the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pages 114–125, 1999.

    Google Scholar 

  4. S. Dawson, S. De Capitani di Vimercati, and P. Samarati. Specification and enforcement of classification and inference constraints. In Proc. IEEE Symp. on Security and Privacy, 1999.

    Google Scholar 

  5. D. E. Denning. A lattice model of secure information flow. Comm. ACM, 19(5):236–243, May 1976.

    Google Scholar 

  6. D. E. Denning. Cryptography and Data Security. Addison-Wesley, Mass., 1982.

    MATH  Google Scholar 

  7. D. E. Denning. Commutative filters for reducing inference threats in multilevel database systems. In Proc. IEEE Symp. on Security and Privacy, pages 134–146, 1985.

    Google Scholar 

  8. J. A. Goguen and J. Meseguer. Unwinding and inference control. In Proc. IEEE Symp. on Security and Privacy, pages 75–86, 1984.

    Google Scholar 

  9. T. H. Hinke. Inference aggregation detection in database management systems. In Proc. IEEE Symp. on Security and Privacy, pages 96–106, 1988.

    Google Scholar 

  10. M. Morgenstern. Controlling logical inference in multilevel database systems. In Proc. IEEE Symp. on Security and Privacy, pages 245–255, 1988.

    Google Scholar 

  11. S. Mazumdar, D. Stemple, and T. Sheard. Resolving the tension between integrity and security using a theorem prover. In Proc. ACM Int’l Conf. Management of Data, pages 233–242, 1988.

    Google Scholar 

  12. S. Rath, D. Jones, J. Hale, and S. Shenoi. A tool for inference detection and knowledge discovery in databases. In Proc. of the 9th IFIP WG11.3 Workshop on Database Security, pages 317–332, 1995.

    Google Scholar 

  13. G. W. Smith. Modeling security-relevant data semantics. In Proc. IEEE Symp. Research in Security and Privacy, pages 384–391, 1990.

    Google Scholar 

  14. T. Su and G. Ozsoyoglu. Data dependencies and inference control in multilevel relational database systems. In Proc. IEEE Symp. Security and Privacy, pages 202–211, 1987.

    Google Scholar 

  15. T. Su and G. Ozsoyoglu. Inference in MLS database systems. IEEE Trans. Knowledge and Data Eng., 3(4):474–485, December 1991.

    Google Scholar 

  16. P. D. Stachour and B. Thuraisingham. Design of LDV: A multilevel secure relational database management system. IEEE Trans. Knowledge and Data Eng., 2(2):190–209, June 1990.

    Google Scholar 

  17. B. M. Thuraisingham. Security checking in relational database management systems augmented with inference engines. Computers and Security, 6:479–492, 1987.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Software Engineering, George Mason University, Fairfax, VA, 22030-4444

    Alexander Brodsky, Csilla Farkas, Duminda Wijesekera & X. Sean Wang

Authors
  1. Alexander Brodsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Csilla Farkas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Duminda Wijesekera
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. X. Sean Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Csilla Farkas .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of California at Irvine, Irvine, CA, 92697, USA

    Rina Dechter

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Brodsky, A., Farkas, C., Wijesekera, D., Wang, X.S. (2000). Constraints Inference Channels and Secure Databases. In: Dechter, R. (eds) Principles and Practice of Constraint Programming – CP 2000. CP 2000. Lecture Notes in Computer Science, vol 1894. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45349-0_9

Download citation

  • DOI: https://doi.org/10.1007/3-540-45349-0_9

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-41053-9

  • Online ISBN: 978-3-540-45349-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation