Abstract
The Dynamic Disclosure Monitor (D2Mon) is a security mechanism that executes during query processing time to prevent sensitive data from being inferred. A limitation of D2Mon is that it unnecessarily examines the entire history database in computing inferences. In this paper, we present a process that can be used to reduce the number of tuples that must be examined in computing inferences during query processing time. In particular, we show how a priori knowledge of a database dependency can be used to reduce the search space of a relation when applying database dependencies. Using the database dependencies, we develop a process that forms an index table into the database that identifies those tuples that can be used in satisfying database dependencies. We show how this process can be used to extend D2Mon to reduce the number of tuples that must be examined in the history database when computing inferences. We further show that inferences that are computed by D2Mon using our extension are sound and complete.
This work was partially supported by the National Science Foundation under grants numbers IIS-0237782 and P200A000308-02.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosure. IEEE Trans. Knowledge and Data Eng. (November 2000)
Buczkowski, L.J.: Database inference controller. In: Spooner, D.L., Landwehr, C. (eds.) Database Security III: Status and Prospects, pp. 311–322. North-Holland, Amsterdam (1990)
Dawson, S., De di Capitani Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. In: Proc. of the 20th IEEE Symposium on Security and Privacy, Oakland, CA, May 9–12 (1999)
Denning, D.E.: Commutative filters for reducing inference threats in multilevel database systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 134–146 (1985)
Farkas, C., Jajodia, S.: The inference problem: a survey. SIGKDD Explor. Newsl. 4(2), 6–11 (2002)
Farkas, C., Toland, T., Eastman, C.: The inference problem and updates in relational databases. In: Proc. IFIP WG11.3 Working Conference on Database and Application Security, July 15-18, pp. 171–186 (2001)
Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proc. IEEE Symp. on Security and Privacy, pp. 75–86 (1984)
Hinke, T.H.: Inference aggregation detection in database management systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 96–106 (1988)
Jajodia, S., Meadows, C.: Inference problems in multilevel secure database management systems. In: Abrams, M.D., Jajodia, S., Podell, H. (eds.) Information Security: An integrated collection of essays, pp. 570–584. IEEE Computer Society Press, Los Alamitos (1995)
Keefe, T.F., Thuraisingham, M.B., Tsai, W.T.: Secure query-processing strategies. IEEE Computer, 63–70 (March 1989)
Marks, D.G.: Inference in MLS database systems. IEEE Trans. Knowledge and Data Eng. 8(1), 46–55 (1996)
Marks, D.G., Motro, A., Jajodia, S.: Enhancing the controlled disclosure of sensitive information. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 290–303. Springer, Heidelberg (1996)
Mazumdar, S., Stemple, D., Sheard, T.: Resolving the tension between integrity and security using a theorem prover. In: Proc. ACM Int’l Conf. Management of Data, pp. 233–242 (1988)
Morgenstern, M.: Controlling logical inference in multilevel database systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 245–255 (1988)
Smith, G.W.: Modeling security-relevant data semantics. In: Proc. IEEE Symp. Research in Security and Privacy, pp. 384–391 (1990)
Stachour, P.D., Thuraisingham, B.: Design of LDV: A multilevel secure relational database management system. IEEE Trans. Knowledge and Data Eng. 2(2), 190–209 (1990)
Su, T., Ozsoyoglu, G.: Inference in MLS database systems. IEEE Trans. Knowledge and Data Eng. 3(4), 474–485 (1991)
Hinke, T.H., Delugach, H.S., Chandrasekhar, A.: A fast algorithm for detecting second paths in database inference analysis. Jour. of Computer Security 3(2,3), 147–168 (1995)
Thuraisingham, B.M.: Security checking in relational database management systems augmented with inference engines. Computers and Security 6, 479–492 (1987)
Ullman, J.D.: Principles of Database and Knowledge-base Systems, vol. 1,2. Computer Science Press, Rockville (1988)
Yip, R.W., Levitt, K.N.: Data level inference detection in database systems. In: Proc. of the 11th IEEE Computer Security Foundation Workshop, Rockport, MA, June 1998, pp. 179–189 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Toland, T.S., Farkas, C., Eastman, C.M. (2005). Dynamic Disclosure Monitor (D 2 Mon): An Improved Query Processing Solution. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2005. Lecture Notes in Computer Science, vol 3674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552338_9
Download citation
DOI: https://doi.org/10.1007/11552338_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28798-8
Online ISBN: 978-3-540-31974-0
eBook Packages: Computer ScienceComputer Science (R0)