Identifying Sensitive Associations in Databases for Release Control
In a database system, authorization-based access-control is generally the first line of defense, preventing unauthorized accesses to secret or sensitive data. However, this mechanism is susceptible to security breaches due to improper authorization (e.g., the general public is mistakenly granted access to a copy of sensitive data) and cannot block insider attacks (an authorized user accidentally or intentionally discloses secrets to outsiders). Supplementary to access-control, the release-control mechanism is to check all the outgoing documents for any leak of secret or sensitive information. This paper reports preliminary results on a specific release-control task, namely, how to deal with sensitive associations that need to be restricted from releasing. A sensitive association refers to a pair of values whose connection involves some secrets. The disclosure of such a pair may reveal the secretive connection and therefore should be controlled. The release control of sensitive associations is a very challenging and long term research problem. This paper introduces techniques to identify and represent sensitive associations hidden in a database.
KeywordsRelease Control Inference Problem Release Control System Public Table Referential Constraint
Unable to display preview. Download preview PDF.
- 1.Bettini, C., Wang, X.S., Jajodia, S.: A learning-based approach to information release control. In: Proceedings of the Sixth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS), Kluwer, Dordrecht (2003)Google Scholar
- 2.Brewster, K.: Inference and aggregation issues in secure database management systems. Technical Report 005, NCSC (1996)Google Scholar
- 3.Date, C.J.: An introduction to Database Systems, 7th edn. Addison Wesley Logman, Inc., Reading (2000)Google Scholar
- 4.Denning, D.E.: A preliminary note on the inference problem in multilevel database system. In: Proc. NCSC Invitational Workshop on Database Security, Baltimore, MD (June 1986)Google Scholar
- 6.Hristidis, V., Papakonstantinou, Y.: DISCOVER: Keyword search in relational databases. In: VLDB, pp. 670–681 (2002)Google Scholar
- 7.Krishnamurthy, R., Boral, H., Zaniolo, C.: Optimization of nonrecursive queries. In: VLDB, pp. 128–137 (1986)Google Scholar
- 8.Rosenthal, A., Wiederhold, G.: Document release versus data access controls: Two sides of a coin? In: Proceedings of the Tenth CIKM, November 5-10, pp. 544–546. ACM Press, New York (2001)Google Scholar
- 10.Wheeldon, R., Levene, M., Keenoy, K.: Search and navigation in relational databases (July 2003), arXiv.org Computer Science e-print
- 11.Wiederhold, G.: Protecting information when access is granted for collaboration. In: Proc. of Data and Application Security, Development and Directions, IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, pp. 1–14 (2000)Google Scholar