dc.description.abstract | Conventional access control models, such as role-based access control, protect sensitive
data from unauthorized disclosure via direct accesses, however, they fail to prevent
unauthorized disclosure happening through indirect accesses. Indirect data disclosure
via inference channels occurs when sensitive information can be inferred from nonsensitive
data and metadata, which is also known as “the inference problem”. This
problem has draw n much attention from researcher in the database community due to
its great compromise of data security. It has been studied under four settings according
to where it occurs. They are statistical databases, multilevel secure databases,
data mining, and web-based applications.
This thesis investigates previous efforts dedicated to inference problems in multilevel
secure databases, and presents the latest findings of our research on this problem.
Our contribution includes two methods. One is a dynamic control over this problem,
which designs a set of accessing key distribution schemes to remove inference after
all inference channels in the database has been identified. The other combines rough
sets and entropies to form a computational solution to detect and remove inferences,
which for the first time provides an integrated solution to the inference problem.
Comparison with previous work has also been done, and we have proved both of
them are effective and easy to implement.
Since the inference problem is described as a problem of detecting and removing
inference channels, this thesis contains two main parts: inference detecting techniques
and inference removing techniques. In both two aspects, some techniques are selectively
but extensively examined. | |