动态推理控制

防止未授权的用户从可读取的安全等级较低的数据中推理出安全等级较高的数据是多级关系数据库达到安全的必要保证。由于数据库中元组、属性、元素之间的相互关联性,多级关系数据库存在着推理通道。它的存在对信息的安全造成很大威胁。主要论述了多级安全数据库系统的推理通道的来源,分析了目前在多级安全数据库系统中推理问题的成果。在此基础上,提出了一种动态控制推理通道的方法并给出了相应算法。     

安全数据库中的推理控制初探

通过对多级数据库管理系统的深入研究发现,在多级安全数据库中存在多种间接方式导致信息由高级流向低级,因此有必要对数据库进行推理分析,在数据库管理系统实现与多级数据库系统设计时,就可以充分考虑到数据之间的内在联系,做出适当的约束安排,从而尽量避免推理通道的出现。     

安全数据库中的推理控制初探

通过对多级数据库管理系统的深入研究发现,在多级安全数据库中存在多种间接方式导致信息由高级流向低级,因此有必要对数据库进行推理分析。在数据库管理系统实现与多级数据库系统设计时,就可以充分考虑到数据之间的内在联系,做出适当的约束安排,从而尽量避免推理通道的出现。     

多级安全数据库系统的推理分析

介绍了多级安全数据库系统的推理问题,及用于推理的信息来源和方法策略;研究并分析了目前在多级安全数据库系统中推理问题的成果：推理的形式化,数据库设计中的推理控制技术,数据库系统运行时的推理控制方法,以及数据级的推理控制方法,并指出了各个方法的局限性.     

多层关系数据库的函数依赖推理控制

多层关系数据库是解决安全数据库中多实例问题的良好方法。防止未授权的用户从可读取的安全等级较低的数据中推理出安全等级较高的数据是多层关系数据库达到安全的必要保证。由于数据库中元组、属性、元素之间的相互关联性,推理问题成为安全数据库的重要内容。文章以数据库中的函数依赖来检查多层关系数据库的各个属性的安全等级,并在此基础上调整各个属性的安全等级,以保证数据的安全性。     

动态多级安全数据库系统(DMSDS)的设计与实现

该文描述了在ＯＲＡＣＬＥ环境下实现的基于约束处理的细粒度动态多级安全数据库系统（ＤＭＳＤＳ）中所实施的多级安全模型，并介绍了实现该模型所进行存取控制、安全等级分派等模块的设计和实现。     

一种基于标记的动态推理控制方法

多级安全数据库中,如果多个用户能通过共谋从低安全级别的数据通过推理得到高安全级别数据时,则称该系统存在合作推理问题。提出一种基于标记的动态推理控制方法,在分析出所有推理通道的基础上,根据推理通道可能被利用的概率动态决定对象是否允许访问。分析表明,该方法能够在保证推理控制的前提下,实现柔性数据访问控制。与已有动态推理控制方法相比,本算法更加有效。     

元数据相关推理研究

在多级安全数据库中,推理通道的存在会对信息的安全造成威胁。在推理问题中,与元数据相关的推理是其中的一个重要方面,对该问题的研究有助于数据库的安全增强。将与元数据相关的推理问题进一步划分为不同类别描述,对不同类别的推理问题,分别探讨了如何进行控制,并给出了解决的方法。为了消除推理通道,需要修改属性的安全级别标识信息;提出了一个标识修改的模型MTL,用于通过修改属性安全标识来消除推理通道。     

多级安全数据库系统推理问题研究

在多级安全数据库系统中,推理问题是低安全级的用户利用他能够访问到的数据以及自身的知识,推断出高安全级的机密信息,从而构成对数据库的攻击。该文综述了控制数据库推理问题的方法,并比较了它们的优缺点。     

函数依赖推理控制的方法

文章研究了在多级安全数据库系统中由于函数依赖(FD)引起的推理问题,分析了Su和Ozsoyolu提出的CLA算法存在的问题,在此基础上,提出了一个递归的最小信息丢失分层密级调整算法,并分析了算法的时间复杂度。     

一种基于粗糙集的多级安全数据库推理问题的量化分析方法

信息大都存放在数据库中,信息安全很大程度上依赖数据库的安全。推理是从已知的信息推出新的信息,它是对数据库安全的一个重要威胁,特别数据挖掘的发展,这个威胁变得更加严重。简单描述了多级安全数据库系统的推理问题;介绍了粗糙集理论的相关概念;利用粗糙集理论提出了一种对推理风险进行量化的方法,它不依赖系统安全员的知识,能够处理确定性和非确定性的推理通道;并给出了一个分析例子。     

基于粗糙集的推理通道消除

基于粗糙集理论对推理通道问题进行了研究。通过采用属性约简和属性值约简方法对数据库中的数据进行处理。在属性值约简基础之上,采用一种改进算法找出了数据库中推理规则集。进一步,将推理规则集中属性频率高的属性安全级别提高至决策属性的安全级别,从而消除推理通道。最后通过一个实例表明提出的消除通道算法是有效的。     

Design and implementation of a database inference controller

The Inference Problem compromises database systems which are usually considered to be secure. here, users pose sets of queries and infer unauthorized information from the responses that they obtain. An Inference Controller is a device that prevents and/or detects security violations via inference. We are particularly interested in the inference problem which occurs in a multilevel operating environment. In such an environment, the users are cleared at different security levels and they access a multilevel database where the data is classified at different sensitivity levels. A multilevel secure database management system (MLS/DBMS) manages a multilevel database where its users cannot access data to which they are not authorized. However, providing a solution to the inference problem, where users issue multiple requests and consequently infer unauthorized knowledge is beyond the capability of currently available MLS/DBMSs. This paper describes the design and prototype development of an Inference Controller for a MLS/DBMS that functions during query processing. To our knowledge this is the first such inference controller prototype to be developed. We also describe some extensions to the inference controller so that an integrated solution can be provided to the problem.     

Wizard: a database inference analysis and detection system

The database inference problem is a well-known problem in database security and information system security in general. In order to prevent an adversary from inferring classified information from combinations of unclassified information, a database inference analyst must be able to detect and prevent possible inferences. Detecting database inference problems at database design time provides great power in reducing problems over the lifetime of a database. We have developed and constructed a system called Wizard to analyze databases for their inference problems. The system takes as input a database schema, its constituent instances (if available) and additional human-supplied domain information, and provides a set of associations between entities and/or activities that can be grouped by their potential severity of inference vulnerability. A knowledge acquisition process called microanalysis permits semantic knowledge of a database to be incorporated into the analysis using conceptual graphs. These graphs are then analyzed with respect to inference-relevant domains we call facets using tools we have developed. We can determine inference problems within single facets as well as some inference problems between two or more facets. The architecture of the system is meant to be general so that further refinements of inference information subdomains can be easily incorporated into the system     

Modeling security-relevant data semantics

The use of an extended data model which represents both integrity and secrecy aspects of data is demonstrated. This Semantic Data Model for Security (SDMS) provides a technique that assists domain experts, security officers, and database designers in first understanding their security requirements, and then translating them into a good database design. Identifying security requirements at this semantic level provides the basis for analyzing the security requirements and the database design for inference and signaling vulnerabilities. Another contribution is a comprehensive taxonomy of security-relevant data semantics that must be captured and understood to implement a multilevel secure automated information system     

数据库推理通道的动态控制

数据库推理问题是数据库安全研究的重要组成部分,主要研究推理通道的检测方法和控制策略。该文提出一种动态控制推理通道的方法。该方法为每个推理通道建立一个标识集合,利用集合中元素和推理通道中对象的关联来控制查询的处理,使用户能灵活地访问数据但又得不到足够的信息来推理。与以前提出的方案不同,该方案保证了数据的最大可用性,同时有效地阻止推理并保持了快速的查询处理能力。     

An equational logic based approach to the security problem against inference attacks on object-oriented databases

A query is said to be secure against inference attacks by a user if there exists no database instance for which the user can infer the result of the query, using only authorized queries to the user. In this paper, first, the security problem against inference attacks on object-oriented databases is formalized. The definition of inference attacks is based on equational logic. Secondly, the security problem is shown to be undecidable, and a decidable sufficient condition for a given query to be secure under a given schema is proposed. The idea of the sufficient condition is to over-estimate inference attacks using over-estimated results of static type inference. The third contribution is to propose subclasses of schemas and queries for which the security problem becomes decidable. Lastly, the decidability of the security problem is shown to be incomparable with the static type inferability, although the tightness of the over-estimation of the inference attacks is affected in a large degree by that of the static type inference.