| Databases security is an important research area of information security. Inference control in databases is a key field of multilevel secure database system (MLS-DBS) and is an important means to achieve database security. We will research on aggregation inference and cardial aggregation inference. For attributes association aggregation inference in MLS-DBS, the problem under table classification granularity is analysized and an algorithm to detect and eliminate attributes association aggregation inference is proposed. The algorithm translates the problem to undirected graph of attributes association problem. By detecting the loops of undirected graph of attributes association of the sensitive table, the inference paths are found.There must be attributes association aggregation inference if the inference paths exist.Then we can adjust the security levels of one or more tables to eliminate the inference paths. By analyzing all the pathes, all the cases of the minimum information lost can be found and the user can select one of them to eliminate attributes association aggregation inference.If all the inference paths of the sensitive tables are eliminated, attributes association aggregation inference will be eliminated. For the cardinal aggregation inference, the strategies of eliminating cardinal aggregation inference are analysised,and an algorithm to eliminate cardinal aggregation inference is proposed.The table creater can define sensitive concept and the maxmum number of tuple to be accessed. When users whose security level is equal to that of table access the table, the conception of limitation is introduced to count the tuples of the sensitive concept. The users can only access the number of tuples in sensitive concept less than that of the predefined number. In this way, the cardinal inference is eliminated. We implement the algorithm on the basis of the security mechnanism of multilevel security database system SDM3.
|
PDF Full Text Request