Download DB-inferences - Introduction to Database Security - Lecture Slides and more Slides Network security in PDF only on Docsity!
DB-Inferences
DB-Inferences
- Definition
- Inference problem
- Examples
Definition
- Inference involves indirect access
- Example: User has privilege to view data X but not data Y. Both these data are in table T. If the query SELECT X FROM T WHERE Y = value produces any result, then user has inferred something about Y
- If user attempts an insert and it is denied, then it leads to inference
Definition
- Inference could also result from correlated data, meaning that visible data is related to invisible data
- Knowing the values t and k and able to guess an unknown value z = t * k is inference
- Estimating value of z requires reducing the degree of uncertainty for z. Reducing the uncertainty degree using results of authorized queries is also inference
Inference Problem
- Inference from queries based on sensitive data
- To overcome this problem polyinstantiation is used
- Inference due to dependencies
- Example: Employees are aware that salary is the same for each rank. An employee without the right permission for salary can query the rank which is not sensitive and determine the salary because of dependency on rank
Inference Problem
- Inference could also result from value constraints
- Example: Assume that attribute ‘A’ is Unclassified but attribute ‘B’ is Secret with the constraint A + B ≤ 20. B does not impact A but in a query, because of the constraint, it may only pick up certain values of A, thus creating an inference channel
Inference Problem
H(y) – Hx (y) INFER(x y) = H(y)
- Function INFER takes on values from 0 to 1
- Value 0 corresponds to no inference
- Value 1 corresponds to full inference
Inference Problem
- Another approach to preventing this
problem is to identify relationships between attributes, objects and abstract classes. Any of these relationships can be classified.
- In the previous example, to hide the
relationship between employee and salary, one needs to classify that relationship
Inference Problem
- It is good to keep this problem in mind for developing security policy rather than for classifying data
- Mazumdar, Stemple and Sheard developed in 1988 a theorem prover approach to check for inference channels
- Mazumdar et al use a method to see if a set of predefined secrets can be derived from the database integrity constraints
Inference Problem
- Lock Data Views (LDV) model uses classification constraints to prevent inference problem
- In LDV model, classification constraints are defined on sets of data according to the level of information that can be inferred from the data
- Given a query, the result is upgraded to the appropriate level according to the classification constraints
Inference Problem
- In Sea View system, data is stored high and selectively downgraded according to requester’s past access history
- In LDV system, data is stored low and access to it is selectively restricted based on its access by low users
- Another type of inference problem is “data association.” Two separate pieces of data may not be sensitive, but combined they are sensitive
Inference Problem
- Example: Employee name and salary are
independently not sensitive but when they are associated, then it becomes sensitive
- Inference problem is closely related to
statistical database security
Example
Flight ID Cargo Hold Contents Classification
1254 A Boots Unclassified
1254 B Guns Unclassified
1254 D Butter Unclassified
Unclassified user query results in the following table:
Unclassified user wants to ship an item to use the cargo hold C. Rejecting the use of cargo hold C produces an inference channel.
Example
BSD Table Birth-Year Sex Dept-Code Dept1 Dept2 Dept
1941-1951 M 10 12 0
F 1 0 3
1952-1962 M 12 10 5
F 20 2 8
1962 M 15 0 1
F 20 10 0