A probabilistic approach to assurance of database design

Abstract

A probabilistic framework for decision-making is developed. It is based on the recognition that if it is impossible to consider every case in which security might be comprised, at the least a rational method of controlling estimated risk is desirable. Multilevel secure databases are considered. The author describes several principle aggregation and inference problems, and shows how the solutions are externalized to the database designer. These externalized problems are reformulated in a context of approximate reasoning or probability. An overview of probability issues is provided and classified into two orthogonal approaches. These concepts are applied to the database design problem, and policies are provided that can be used to control decision-making for controlling in turn the probability of database inference.<>