Abstract
Multilevel relational databases store information at different security classifications. An inference problem exists if it is possible for a user with a low clearance to draw conclusions about information at higher classifications. We are developing a new tool, called DISSECT, for analyzing multilevel relational database schemas to assist in the detection and elimination of inference problems. This tool would be used interactively by a data designer to analyze a candidate database schema for potential inference problems. DISSECT creates a graphical representation of the multilevel database schema and of discovered potential inference channels in the database. Inferences can be blocked by upgrading the classification of some of the foreign key relationships. DISSECT will then discover any new inference problems that may have been introduced by the repair of previously-detected problems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. E. Bell and L. J. LaPadula. Secure Computer Systems: Unified Exposition and MULTICS Interpretation. Technical Report ESD-TR-75-306, The MITRE Corporation, Bedford, Massachusetts, March 1976.
L. J. Binns. Inference through secondary path analysis. In Proceedings of the Sixth IFIP Working Conference on Database Security, August 1992.
L. J. Buczkowski. Database inference controller. In D. L. Spooner and C. Landwehr, editors, Database Security III: Status and Prospects. North-Holland, 1990.
P. Dwyer, E. Onuegbe, P. Stachour, and B. Thuraisingham. Secure Distributed Data Views—Implementation Specification for a DBMS. Interim Report A005, Honeywell Systems Research Center and Corporate Systems Development Division, May 1988.
T. D. Garvey and T. F. Lunt. Cover stories for database security. In Proceedings the Fifth IFIP WG 11.3 Workshop on Database Security, November 1991.
T. D. Garvey, T. F. Lunt, and M. E. Stickel. Abductive and approximate reasoning models for characterizing inference channels. In Proceedings of the Fourth Workshop on the Foundations of Computer Security, June 1991.
T.D. Garvey, T.F. Lunt, X. Qian, and M.E. Stickel. Toward a tool to detect and eliminate inference problems in the design of multilevel databases. In Proceedings of the IFIP TC11/WG11.3 Sixth Working Conference on Database Security, pages 159–177, August 1992.
T. H. Hinke. Inference aggregation detection in database management systems. In Proceedings of the 1988 IEEE Symposium on Security and Privacy, April 19S8.
T. H. Hinke and H. Delugach. AERIE: An inference modeling and detection approach for databases. In Proceedings of the Sixth IFIP Working Conference on Database Security, August 1992.
P. D. Karp, J. D. Lowrance, and T. Strat. Grasper-CL User’s Guide. Technical report, Artificial Intelligence Center, SRI International, Menlo Park, California, June 1992.
T. Y. Lin. Commutative security algebra and aggregation. In Proceedings of the Second RADC Database Security Workshop, Franconia, New Hampshire, May 1989.
T. F. Lunt. Aggregation and inference: Facts and fallacies. In Proceedings of the 1989 IEEE Symposium on Research in Security and Privacy, May 1989.
T. F. Lunt, D. E. Denning, R. R. Schell, W. R. Shockley, and M. Heckman. The SeaView security model. IEEE Transactions on Software Engineering, June 1990.
T. F. Lunt and D. Hsieh. The SeaView secure database system: A progress report. In Proceedings of the 1990 European Symposium on Research in Computer Security, October 1990.
T. F. Lunt, R. R. Schell, W. R. Shockley, M. Heckman, and D. Warren. Toward a multilevel relational data language. In Proceedings of the Fourth Aerospace Computer Security Applications Conference, December 1988.
M. Morgenstern. Security and inference in multilevel database and knowledge-base systems. In Proceedings of the ACM International Conference on Management of Data (SIGMOD-87), May 1987.
M. Morgenstern. Controlling logical inference in multilevel database systems. In Proceedings of the 1988 IEEE Symposium on Security and Privacy, April 1988.
X. Qian, M. E. Stickel, P. D. Karp, T. F. Lunt, and T. D. Garvey. Detection and elimination of inference channels in multilevel relational databases. In Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy, May 1993.
E.H. Ruspini. Imprecision and uncertainty in the entity-relationship model. In C.V. Negoita and H.E. Prade, editors, Fuzzy Logic and Knowledge Engineering, pages 3–17. Verlag TÜV Rheinland, Cologne, 1986.
E.H. Ruspini. Epistemic logic, probability, and the calculus of evidence. In Proceedings of the Tenth International Joint Conference on Artificial Intelligence, Milan, Italy, 1987.
E.H. Ruspini. The logical foundations of evidential reasoning. Technical note 408, Artificial Intelligence Center, SRI International, Menlo Park, California, 1987.
J. Sowa. Conceptual Structures: Information Processing in Minds and Machines. Addison-Wesley, Reading, Massachusetts, 1984.
M. B. Thuraisingham. The Use of Conceptual Structures for Handling the Inference Problem. Technical Report M90-55, The MITRE Corporation, Bedford, Massachusetts, August 1990.
Editor information
Rights and permissions
Copyright information
© 1993 Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden
About this chapter
Cite this chapter
Lunt, T.F. (1993). Inference Control for relational databases. In: Lippold, H., Schmitz, P., Seibt, D. (eds) Sicherheit in netzgestützten Informationssystemen. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-87805-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-322-87805-2_10
Publisher Name: Vieweg+Teubner Verlag
Print ISBN: 978-3-528-05352-9
Online ISBN: 978-3-322-87805-2
eBook Packages: Springer Book Archive