Skip to main content
SpringerLink
Log in

Dynamic Disclosure Monitor (D 2 Mon): An Improved Query Processing Solution

  • Conference paper
Secure Data Management (SDM 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3674))

Included in the following conference series:

Abstract

The Dynamic Disclosure Monitor (D2Mon) is a security mechanism that executes during query processing time to prevent sensitive data from being inferred. A limitation of D2Mon is that it unnecessarily examines the entire history database in computing inferences. In this paper, we present a process that can be used to reduce the number of tuples that must be examined in computing inferences during query processing time. In particular, we show how a priori knowledge of a database dependency can be used to reduce the search space of a relation when applying database dependencies. Using the database dependencies, we develop a process that forms an index table into the database that identifies those tuples that can be used in satisfying database dependencies. We show how this process can be used to extend D2Mon to reduce the number of tuples that must be examined in the history database when computing inferences. We further show that inferences that are computed by D2Mon using our extension are sound and complete.

This work was partially supported by the National Science Foundation under grants numbers IIS-0237782 and P200A000308-02.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosure. IEEE Trans. Knowledge and Data Eng. (November 2000)

    Google Scholar 

  2. Buczkowski, L.J.: Database inference controller. In: Spooner, D.L., Landwehr, C. (eds.) Database Security III: Status and Prospects, pp. 311–322. North-Holland, Amsterdam (1990)

    Google Scholar 

  3. Dawson, S., De di Capitani Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. In: Proc. of the 20th IEEE Symposium on Security and Privacy, Oakland, CA, May 9–12 (1999)

    Google Scholar 

  4. Denning, D.E.: Commutative filters for reducing inference threats in multilevel database systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 134–146 (1985)

    Google Scholar 

  5. Farkas, C., Jajodia, S.: The inference problem: a survey. SIGKDD Explor. Newsl. 4(2), 6–11 (2002)

    Article  Google Scholar 

  6. Farkas, C., Toland, T., Eastman, C.: The inference problem and updates in relational databases. In: Proc. IFIP WG11.3 Working Conference on Database and Application Security, July 15-18, pp. 171–186 (2001)

    Google Scholar 

  7. Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proc. IEEE Symp. on Security and Privacy, pp. 75–86 (1984)

    Google Scholar 

  8. Hinke, T.H.: Inference aggregation detection in database management systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 96–106 (1988)

    Google Scholar 

  9. Jajodia, S., Meadows, C.: Inference problems in multilevel secure database management systems. In: Abrams, M.D., Jajodia, S., Podell, H. (eds.) Information Security: An integrated collection of essays, pp. 570–584. IEEE Computer Society Press, Los Alamitos (1995)

    Google Scholar 

  10. Keefe, T.F., Thuraisingham, M.B., Tsai, W.T.: Secure query-processing strategies. IEEE Computer, 63–70 (March 1989)

    Google Scholar 

  11. Marks, D.G.: Inference in MLS database systems. IEEE Trans. Knowledge and Data Eng. 8(1), 46–55 (1996)

    Article  Google Scholar 

  12. Marks, D.G., Motro, A., Jajodia, S.: Enhancing the controlled disclosure of sensitive information. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 290–303. Springer, Heidelberg (1996)

    Google Scholar 

  13. Mazumdar, S., Stemple, D., Sheard, T.: Resolving the tension between integrity and security using a theorem prover. In: Proc. ACM Int’l Conf. Management of Data, pp. 233–242 (1988)

    Google Scholar 

  14. Morgenstern, M.: Controlling logical inference in multilevel database systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 245–255 (1988)

    Google Scholar 

  15. Smith, G.W.: Modeling security-relevant data semantics. In: Proc. IEEE Symp. Research in Security and Privacy, pp. 384–391 (1990)

    Google Scholar 

  16. Stachour, P.D., Thuraisingham, B.: Design of LDV: A multilevel secure relational database management system. IEEE Trans. Knowledge and Data Eng. 2(2), 190–209 (1990)

    Article  Google Scholar 

  17. Su, T., Ozsoyoglu, G.: Inference in MLS database systems. IEEE Trans. Knowledge and Data Eng. 3(4), 474–485 (1991)

    Article  Google Scholar 

  18. Hinke, T.H., Delugach, H.S., Chandrasekhar, A.: A fast algorithm for detecting second paths in database inference analysis. Jour. of Computer Security 3(2,3), 147–168 (1995)

    Google Scholar 

  19. Thuraisingham, B.M.: Security checking in relational database management systems augmented with inference engines. Computers and Security 6, 479–492 (1987)

    Article  Google Scholar 

  20. Ullman, J.D.: Principles of Database and Knowledge-base Systems, vol. 1,2. Computer Science Press, Rockville (1988)

    Google Scholar 

  21. Yip, R.W., Levitt, K.N.: Data level inference detection in database systems. In: Proc. of the 11th IEEE Computer Security Foundation Workshop, Rockport, MA, June 1998, pp. 179–189 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, University of South Carolina Upstate, 800 University Way, Spartanburg, SC, 29303, USA

    Tyrone S. Toland

  2. Department of Computer Science and Engineering, University of South Carolina, Columbia, SC, 29208, USA

    Csilla Farkas & Caroline M. Eastman

Authors
  1. Tyrone S. Toland
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Csilla Farkas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Caroline M. Eastman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Philips Research, The Netherlands

    Willem Jonker

  2. Information & System Security, Philips Research, High Tech Campus 37 (WY 71), 5656, Eindhoven, AE, The Netherlands

    Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Toland, T.S., Farkas, C., Eastman, C.M. (2005). Dynamic Disclosure Monitor (D 2 Mon): An Improved Query Processing Solution. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2005. Lecture Notes in Computer Science, vol 3674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552338_9

Download citation

  • DOI: https://doi.org/10.1007/11552338_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28798-8

  • Online ISBN: 978-3-540-31974-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation