Despite advances in recent years in the area of mandatory access control in database systems, today's information repositories remain vulnerable to inference and data association attacks that can result in serious information leakage. Such information leakage can be prevented by properly classifying information according to constraints that express relationships among the security levels of data objects. In this paper we address the problem of classifying information by enforcing explicit data classification as well as inference and association constraints. We formulate the problem of determining a classification that ensures satisfaction of the constraints, while at the same time guaranteeing that information will not be unnecessarily overclassified. We present an approach to the solution of this problem and give an algorithm implementing it which is linear in simple cases, and low-order polynomial (n2) in the general case. We also analyze a variant of the problem that is NP-hard.
Minimal Data Upgrading to Prevent Inference and Association Attacks / S. Dawson, S. De Capitani di Vimercati, P. Lincoln, P. Samarati - In: Proc. of the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems[s.l] : ACM, 1999. - ISBN 1-58113-062-7. - pp. 114-125 (( Intervento presentato al 18. convegno 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems tenutosi a Philadelphia, CA, USA nel 1999 [10.1145/303976.303988].
Minimal Data Upgrading to Prevent Inference and Association Attacks
S. De Capitani di VimercatiSecondo
;P. SamaratiUltimo
1999
Abstract
Despite advances in recent years in the area of mandatory access control in database systems, today's information repositories remain vulnerable to inference and data association attacks that can result in serious information leakage. Such information leakage can be prevented by properly classifying information according to constraints that express relationships among the security levels of data objects. In this paper we address the problem of classifying information by enforcing explicit data classification as well as inference and association constraints. We formulate the problem of determining a classification that ensures satisfaction of the constraints, while at the same time guaranteeing that information will not be unnecessarily overclassified. We present an approach to the solution of this problem and give an algorithm implementing it which is linear in simple cases, and low-order polynomial (n2) in the general case. We also analyze a variant of the problem that is NP-hard.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
