Abstract
The so-called “aggregation problem” is addressed, where the issue is how to release only a limited part of an information resource, and foil any attacks by users trying to aggregate information beyond the preset limits. The framework is that of relational databases, where sensitive information can be defined flexibly using view definitions. For each such view, the tuples that have already been disclosed are recorded intensionally rather than extensionally, that is, at each point, sub-view definitions are maintained that describe all the sensitive tuples that have been released to each individual. While our previous work foiled sequences of single-query attacks attempted by individual users, it did not consider multi-query attacks, where a combination of queries is used to invade the sensitive information. In this study we enhance our previous solutions to guard the sensitive information against two kinds of multi-query attacks: join attacks, and complement attacks. We then argue that the enhanced algorithm renders the sensitive information immune to attacks.
The work of Motro was supported in part by ARPA grant, administered by the Office of Naval Research under Grant No. N0014-92-J-4038. The work of Jajodia was supported in part by NSF Grant No. IRI-9303416.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. R. Adam and J. C. Wortmann. Security-control methods for statistical databases: a comparative study. ACM Computing Surveys, 21(4):515–556, December 1989.
J. R. Campbell. A brief database security tutorial. In Proceedings of 18th National Information System Security Conference (Baltimore, Maryland, October 10–13), pages 740–757, 1995.
D. E. Denning, S. G. Akl, M. Morgenstern, P. G. Neumann, R. R. Schell, and M. Heckman. Views for multilevel database security. In Proceedings of IEEE Symposium on Security and Privacy, (Oakland, California), 1986.
S. Jajodia. Aggregation and inference problems in multilevel secure systems. In Proceedings of the 5th Rome Laboratory Data Security Workshop, 1992.
T.Y. Lin. Database, aggregation and security algebra. In Proceedings of the 4th IFIP Working Conference on Database Security, September 1990.
T.F. Lunt. Aggregation and inference: Facts and fallacies. In Proceedings of IEEE Symposium on Security and Privacy, pages 102–109, May 1989.
T.F. Lunt and R.A. Whitehurst. The Sea View formal top level specifications. Technical report, Computer Science Laboratory, SRI International, February 1988.
D. G. Marks. Inference in MLS databases. IEEE Transactions on Knowledge and Data Engineering, 8(1):46–55, February 1996.
Z. Michalewicz. Security of a statistical database. In Z. Michalewicz, editor, Staistical and Scientific Databases. Ellis Horwood, Chichester, England, 1991.
A. Motro, D. G. Marks, and S. Jajodia. Aggregation in relational databases: Controlled disclosure of sensitive information. In Proceedings of ESORICS-94, Third European Symposium on Research in Computer Security, (Brighton, UK, November 7–9), Lecture Notes in Computer Science No. 875, pages 431–445. Springer-Verlag, Berlin, Germany, 1994.
B. Thuraisingham, editor. Proceeding of the 3rd RADC Database Security Workshop, Report MTP 385. Mitre Corp., Bedford, Massachusetts, 1991.
J. D. Ullman. Database and Knowledge-Base Systems, Volume II. Computer Science Press, Rockville, Maryland, 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Marks, D.G., Motro, A., Jajodia, S. (1996). Enhancing the controlled disclosure of sensitive information. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds) Computer Security — ESORICS 96. ESORICS 1996. Lecture Notes in Computer Science, vol 1146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-61770-1_42
Download citation
DOI: https://doi.org/10.1007/3-540-61770-1_42
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61770-9
Online ISBN: 978-3-540-70675-5
eBook Packages: Springer Book Archive