Research On Key Technology Of Inference Control Based On Channel

Technology of Database Management System (DBMS) has been deeply applied to most field of our country life, information system based on DBMS has played an important role in the process of information-based construction of our country. Some security problems have gradually emerged with the deep application of DBMS. Now our country's market of DBMS is monopolized by foreign product, even in some sensitive fields such as government, national defense, and astronautics. This is a serious threaten to our national security, therefore it's very important to develop our country's DBMS with high security.Inference control is an important field of database security, but because of the complexity of itself, there exist no common solution that can solve all kinds of inference problems. By now some relative ripe researches have only solve inference problems of certain kinds. This thesis researches the key technology of inference problem based on data dependence.Functional dependence is an important kind of inference rule. Getting the functional dependence exist on relation instance by data mining technology can help the defense to inference attack. This thesis researches and synthesizes the existing data mining technology of functional dependence, and makes some improvements.The solution based on inference channel is suitable for the inference problem based on data dependence, but most researches have put their focuses on how to control the inference problem with existing channel, there is little research on how to construct the inference channel itself. This thesis researches the character of inference channel based on functional and multivalued dependence, and proposes the constructing algorithms of inference channel based on the two dependences above, and the completeness of the algorithms is proved.The inference control within the design period eliminates inference leak by adjusting the level assignment scheme. This thesis researches the existing adjust algorithms, whose granularity of access control is attribute or tuple, and improve the algorithm based on the granularity of attribute with the depth-first search and corresponding pruning policy.The inference control within the query period analyses the user's query in run-time, and modifies the query result to eliminate inference leak, which can guarantee the usability to database users. This thesis proposes the idea of filtrate the query history based on channel object, and constructs inference instance dynamically, based on history object instances and rules of constructing inference channel, and then proposes the relative algorithms, which can effectively reduce the expend of time and space.The content of this thesis has been validated by prototype system.