| Inference in database security area is a problem of indirect disclosure of sensitive information, which caused by some wise adversaries from using the correlations among data. Preventing unauthorized inferences is complicated both by the variety of ways in which humans infer new information and by the wide variety of information they use to make inferences. However, to realize high secure information system, the ability of inference control must be provided.Existent researches on database inference control are not sufficient, and cannot satisfy the security requirements that are rapidly increased in information systems. Since the research points of inference control were scattered, a general inference control mechanism is provided. To improve the ability of XML inference control, constraint based inference control and semantic extension inference control on XML database are researched one after the other. Data mining techniques can be used in a more untraceable inference attacking. To overcoming this problem, the rule mining and hiding methods on extensible association rules among multi-relations in relational database and multi-subtrees in XML database are researched respectively. To supply a gap about ignored evaluation phase of most existing inference control approaches, an inference channel evaluation method is studied. The main research works are described as below.Relational database is a base of the most of recent information management systems. For providing a general method of relational database inference control, sensitive information is uniformly represented by a new definition of query, and also the correlations among data are uniformly described as relevancies among columns of tables. By this way, a sound and complete inference control method based on those relevancies is presented, which includes several policies for inference controlling and can resolve most kinds of recent inference problems in a same way.XML security has been receiving much attention of the researchers around the world, especially in inference control area. Since constraint is ubiquitous in XML database, an inference control method based on it is presented after the foundation researches on partition and formalization about it. By using RDF to encapsulate XML nodes, some new concepts about XML object, XML type, etc. come into being, and are used to realize an object-oriented XML inference control, which can enlarge the ability of resolving inference problem, relative to constraint based inference control. In the meanwhile, two mechanisms of XML inference control, static and dynamic, are provided for the inference security of different applications.In order to overcome the drawbacks of the existing method in privacy preserving association rule mining, a new concept of extension association rule is defined to describe the correlations among data in multi-relations and multi-subtrees. An improved algorithm of extension association rule mining is presented based on the modification on Warmr, and the corresponding rule hiding method is also studied, which can make the defense capacity of information system even more powerful, aim to inference attacking.To realize the evaluation of inference channel, an information-flow model for inference channel is represented based on the analysis of the infer function, a contribution of earlier researchers. The combination of evaluation and inference control policies can make the final control more rational, so as to balance the contradiction between the security and availability of database system. A related experiment scheme is designed, and the availability of inference channel evaluation is proved by the experiment.Using the result of above researches, an implementation scheme is designed on the base of an actual secure database management system, including an assistant tool of static inference control and a dynamic inference control mechanism in the runtime of database system.
|
PDF Full Text Request