Identifying Sensitive Associations in Databases for Release Control

  • Claudio Bettini
  • Xiaoyang Sean Wang
  • Sushil Jajodia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3178)

Abstract

In a database system, authorization-based access-control is generally the first line of defense, preventing unauthorized accesses to secret or sensitive data. However, this mechanism is susceptible to security breaches due to improper authorization (e.g., the general public is mistakenly granted access to a copy of sensitive data) and cannot block insider attacks (an authorized user accidentally or intentionally discloses secrets to outsiders). Supplementary to access-control, the release-control mechanism is to check all the outgoing documents for any leak of secret or sensitive information. This paper reports preliminary results on a specific release-control task, namely, how to deal with sensitive associations that need to be restricted from releasing. A sensitive association refers to a pair of values whose connection involves some secrets. The disclosure of such a pair may reveal the secretive connection and therefore should be controlled. The release control of sensitive associations is a very challenging and long term research problem. This paper introduces techniques to identify and represent sensitive associations hidden in a database.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bettini, C., Wang, X.S., Jajodia, S.: A learning-based approach to information release control. In: Proceedings of the Sixth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS), Kluwer, Dordrecht (2003)Google Scholar
  2. 2.
    Brewster, K.: Inference and aggregation issues in secure database management systems. Technical Report 005, NCSC (1996)Google Scholar
  3. 3.
    Date, C.J.: An introduction to Database Systems, 7th edn. Addison Wesley Logman, Inc., Reading (2000)Google Scholar
  4. 4.
    Denning, D.E.: A preliminary note on the inference problem in multilevel database system. In: Proc. NCSC Invitational Workshop on Database Security, Baltimore, MD (June 1986)Google Scholar
  5. 5.
    Farkas, C., Jajodia, S.: The inference problem: A survey. ACM SIGKDD Explorations 4(2), 6–11 (2003)CrossRefGoogle Scholar
  6. 6.
    Hristidis, V., Papakonstantinou, Y.: DISCOVER: Keyword search in relational databases. In: VLDB, pp. 670–681 (2002)Google Scholar
  7. 7.
    Krishnamurthy, R., Boral, H., Zaniolo, C.: Optimization of nonrecursive queries. In: VLDB, pp. 128–137 (1986)Google Scholar
  8. 8.
    Rosenthal, A., Wiederhold, G.: Document release versus data access controls: Two sides of a coin? In: Proceedings of the Tenth CIKM, November 5-10, pp. 544–546. ACM Press, New York (2001)Google Scholar
  9. 9.
    Thuraisingham, B., Ford, W.: Security constraints in a multilevel secure distributed database management system. IEEE Trans. Knowl. Data Eng. 7(2), 274–293 (1995)CrossRefGoogle Scholar
  10. 10.
    Wheeldon, R., Levene, M., Keenoy, K.: Search and navigation in relational databases (July 2003), arXiv.org Computer Science e-print
  11. 11.
    Wiederhold, G.: Protecting information when access is granted for collaboration. In: Proc. of Data and Application Security, Development and Directions, IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, pp. 1–14 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Claudio Bettini
    • 1
  • Xiaoyang Sean Wang
    • 2
  • Sushil Jajodia
    • 3
  1. 1.DICOUniversità di MilanoItaly
  2. 2.Department of Computer ScienceUniversity of Vermont
  3. 3.Center for Secure Information SystemsGeorge Mason University

Personalised recommendations