[attachment=5640]
Database Systems

Inference Detection in Database Systems:
================================
1. A threat to database security is the misuses of these databases by the authorized users, for example selling the personal information to outsiders. Various access control mechanisms have been proposed for protecting individual information in statistical database systems.

2. These mechanisms are specifically designed for statistical databases, making them not applicable to general purpose database systems. In multilevel secure database systems, a type of attacks called inference is identified. An inference occurs when a user uses legitimate data to infer information without directly accessing it. Existing approaches to inference detection focus on analyzing functional dependencies in the database schema. However, it is possible to exploit data level functional dependencies to achieve inferences. For example, although in general the job title does not functionally determine salary (different vice-presidents may earn different salaries), the dependency may hold for lower rank jobs.

3. This research investigates the detection of attempts to access personal information in relational database systems. We identify five types of inferences: unique characteristic, logical implication, complementary, overlapping, and functional dependency. Algorithms for these inferences are developed. These inferences are detected by auditing both user queries and their return tables.

4. In general the inference problem is an NP-complete problem (for example, determining the equivalence between two logical expressions). We have no attempt to completely detect all possible types of inferences. The detection system essentially makes the inference attacks more difficult. This might result in having the user to issue more queries, which then could be detected by anomaly detection techniques.

5. NP is the set of decision problems solvable in polynomial time by a non-deterministic Turing machine.

6. Anomaly Detection refers to detecting patterns in a given data set that do not conform to an established normal behavior Bayesian network: A Bayesian network (or a belief network) is a probabilistic graphical model that represents a set of variables and their probabilistic independencies. For example, a Bayesian network could represent the probabilistic relationships between diseases and symptoms. Given symptoms, the network can be used to compute the probabilities of the presence of various diseases. Formally, Bayesian networks are directed acyclic graphs whose nodes represent variables, and whose missing edges encode conditional independencies between the variables. Nodes can represent any kind of variable, be it a measured parameter, a latent variable or a hypothesis.

[attachment=5642]
Database Management System
Protection Profile

lowing threats are countered by the DBMS.
T.ACCESS Unauthorised Access to the Database. An outsider or system user who is not (currently)
an authorised database user accesses the DBMS. This threat includes: Impersonation -
a person, who may or may not be an authorised database user, accesses the DBMS, by
impersonating an authorised database user (including an authorised user impersonating
a different user who has different - possibly more privileged - access).
T.DATA Unauthorised Access to Information. An authorised database user accesses information
contained within a DBMS without the permission of the database user who owns or
who has responsibility for protecting the data.
32 This threat includes unauthorised access to DBMS information, residual information
held in memory or storage resources managed by the TOE, or DB control data.
T.RESOURCE Excessive Consumption of Resources. An authenticated database user consumes global
database resources, in a way which compromises the ability of other database users to
access the DBMS.
33 This represents a threat to the availability of the information held within a DBMS. For
example, a database user could perform actions which could consume excessive
resources, preventing other database users from legitimately accessing data, resources
and services in a timely manner. Such attacks may be malicious, inconsiderate or
careless, or the database user may simply be unaware of the potential consequences of
his actions. The impact of such attacks on system availability and reliability would be
greatly amplified by multiple users acting concurrently.
T.ATTACK Undetected Attack. An undetected compromise of the DBMS occurs as a result of an
attacker (whether an authorised user of the database or not) attempting to perform
actions that the individual is not authorised to perform.
34 This threat is included because, whatever countermeasures are provided to address the
other threats, there is still a residual threat of a violation of the security policy occurring
by attackers attempting to defeat those countermeasures.
T.ABUSE.USER Abuse of Privileges. An undetected compromise of the DBMS occurs as a result of a
database user (intentionally or otherwise) performing actions the individual is
authorised to perform.
35 This threat is included because, whatever countermeasures are provided to address the
other threats, there is still a residual threat of a violation of the security policy occurring,
or the database being placed at risk, as a result of actions taken by authorised
database users. For example a database user may grant access to a DB object they are
responsible for to another database user who is able to use this information to perform
a fraudulent action.
36 Note that this threat does not extend to highly trusted database users: see the assumption
A.MANAGE below.

[attachment=5844]
Database Systems

Basic Terminology

Data – raw facts
Field – a character or group of characters (alphanumeric or numeric) that has a specific meaning
Record – a set of one or more logically related fields
File – a set of related records