Specification and enforcement of classification and inference constraints

S. Dawson, S. Vimercati, P. Samarati
{"title":"Specification and enforcement of classification and inference constraints","authors":"S. Dawson, S. Vimercati, P. Samarati","doi":"10.1109/SECPRI.1999.766913","DOIUrl":null,"url":null,"abstract":"Although mandatory access control in database systems has been extensively studied in recent years, and several models and systems have been proposed, capabilities for enforcement of mandatory constraints remain limited. Lack of support for expressing and combating inference channels that improperly leak protected information remains a major limitation in today's multilevel systems. Moreover the working assumption that data are classified at insertion time makes previous approaches inapplicable to the classification of existing, possibly historical, data repositories that need to be classified for release. Such a capability would be of great benefit to, and appears to be in demand by, governmental, public and private institutions. We address the problem of classifying existing data repositories by taking into consideration explicit data classification as well as association and inference constraints. Constraints are expressed in a unified, DBMS- and model-independent framework, making the approach largely applicable. We introduce the concept of minimal classification as a labeling of data elements that while satisfying the constraints, ensures that no data element is classified at a level higher than necessary. We also describe a technique and present an algorithm for generating data classifications that are both minimal and preferred according to certain criteria. Our approach is based on preprocessing, or compiling, constraints to produce a set of simple classification assignments that can then be efficiently applied to classify any database instance.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.1999.766913","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 33

Abstract

Although mandatory access control in database systems has been extensively studied in recent years, and several models and systems have been proposed, capabilities for enforcement of mandatory constraints remain limited. Lack of support for expressing and combating inference channels that improperly leak protected information remains a major limitation in today's multilevel systems. Moreover the working assumption that data are classified at insertion time makes previous approaches inapplicable to the classification of existing, possibly historical, data repositories that need to be classified for release. Such a capability would be of great benefit to, and appears to be in demand by, governmental, public and private institutions. We address the problem of classifying existing data repositories by taking into consideration explicit data classification as well as association and inference constraints. Constraints are expressed in a unified, DBMS- and model-independent framework, making the approach largely applicable. We introduce the concept of minimal classification as a labeling of data elements that while satisfying the constraints, ensures that no data element is classified at a level higher than necessary. We also describe a technique and present an algorithm for generating data classifications that are both minimal and preferred according to certain criteria. Our approach is based on preprocessing, or compiling, constraints to produce a set of simple classification assignments that can then be efficiently applied to classify any database instance.
分类和推理约束的规范和实施
尽管近年来对数据库系统中的强制访问控制进行了广泛的研究,并提出了一些模型和系统,但强制约束的执行能力仍然有限。缺乏对表达和打击不恰当地泄漏受保护信息的推理通道的支持仍然是当今多层系统的主要限制。此外,在插入时对数据进行分类的工作假设使得以前的方法不适用于需要对发布进行分类的现有(可能是历史的)数据存储库进行分类。这种能力将对政府、公共和私人机构大有裨益,而且似乎也是它们所需要的。我们通过考虑显式数据分类以及关联和推理约束来解决对现有数据存储库进行分类的问题。约束在一个统一的、与DBMS和模型无关的框架中表示,这使得该方法在很大程度上适用。我们引入了最小分类的概念,作为数据元素的标记,它在满足约束条件的同时,确保没有数据元素在高于必要的级别上进行分类。我们还描述了一种技术,并提出了一种算法,用于根据某些标准生成最小和首选的数据分类。我们的方法基于预处理或编译约束,生成一组简单的分类分配,然后可以有效地应用于对任何数据库实例进行分类。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信