| Database security protection has a big improvement after Multilevel Security Database brought in,but also brought in inference control problem.Inference channel in database’s security problem always be concerned,it means attacker can use conspire,patch up so on ways to infer the sensitivity information from low security information,and the attacker can evaluate the accuracy of the inference.Because there is probability to infer,attacker can use the specify plan to obtain sensitivity information from inference channel.The main problem about inference channel is how to detect and eliminate,this problem should be cared by both database developer and User instead by other security mechanism.In this paper we summary and analysis some typical inference problems in multilevel security database based on gird first,including inference problems in statistical database,union query and metadata based etc.Typical metadata based inference problem instance is entity integrity constraint,function dependency, multi-value dependency,value constraint and classification constraint etc.Then we analysis the formerly inference detection and elimination ways,in general,there are two way to detect and eliminate inference,one is processed in static design phase, another is dynamic processing in running-period.For the static design,we can apply semantic relational graph,function dependency and multi-value dependency detection algorithms to eliminate inference.For the dynamic detection and elimination,usually are transformed to process the security constraints.This paper makes some contributions including:1.Proposed multilevel security database inference eliminate model;researched and designed the base application.Construct the grid multilevel security database. Researched the static and dynamic inference elimination. 2.Summarized the current situation of inference control in database.Based on this, we proposed the inference control model under grid environment.3.Develop the multilevel security database in Oracle l0g,build the multilevel security database under grid environment and Establish the visualize GUI.Input is the data which maybe has inference channel,then we utilize our static and dynamic inference rules,the output is the data which eliminate the inference channel.4.We apply the semantic relation graph to express the instance in multilevel security database.Utilize the static design ways and the detection way used in semantic relational graph to eliminate inference channel.Based on this,achieve the existed inference detection and elimination algorithm to eliminate the inference channel.5.Build the dynamic detection system,it’s quiet difficult to realize all inference rules which not only so many but also complicated in the system,so we should think about the benefit balance,this is the most difficult and important part in inference detection and elimination system.The experiments proved that the dynamic detection system comprehensively considered the stability,integrity, accessibility and effectiveness.The system can detect and eliminate the inference problem in grid multi-level security database effectively. |
PDF Full Text Request