Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Inference Problem - II February 12, 2007
Outline Security Constraint Processing Use of Conceptual Structures
Security Constraint Processing Security Constraints are rules that assign security levels to the data MLS/DBMS is augmented with an Inference Engine Inference Engine is the Inference Controller Integrated Architecture for Security Constraint processing Query, Update and Database design operations
Inference Engine Approach
Constraint Generation
Query Processor
Update Processor
Database Design Tool
Integrated Architecture
Release Control Management
Use of Conceptual Structures Use conceptual structures to model the application E.g., semantic data models, semantic nets, conceptual graphs, etc. Use the reasoning strategy of the conceptual structure and determine if security violation via inference can occur
Multilevel Semantic Nets
Complex Multilevel Semantic Net Italy Destination 20 years India Mediterranean Sea Skills Location REAGAN Smith Captain Date 16 June 2000 Skills Carries SUN Explosive Battle Passengers Management Type
ISA/AKO Links
Example Rules - II SHIPS WEAPONS (a) SHIP WATER VEHICLE AKO (c) REAGAN ISA (b) PERSON Has Captain
Example Rules - II SHIPS WEAPONS (d) REAGAN SHIP ISA PERSON Has Captain (e) India Destination COUNTRY
Applying Transfer Rules India Destination Mediterranean India Sea Mediterranean Sea (b) Location Location REAGAN REAGAN Smith (a) Carries Carries Skills Type SUN Type Explosive SUN Explosive Battle Management Destination India Mediterranean Sea Location Smith REAGAN (c) Combines (a) and (b) Skills Carries Battle Type SUN Management Explosive
Security Constraints Carries Carries REAGAN REAGAN SHIPS SHIPS WEAPONS SUN SUN WEAPONS (a) (a) Mediterranean Mediterranean Location Carries Carries REAGAN REAGAN SHIPS SHIPS SUN SUN (b) (b) Destination Destination COUNTRY COUNTRY
Security Constraint Violation - I
Security Constraint Violation - II Carries EXPLOSIVE REAGAN SHIPS WEAPONS WEAPONS (a) CAPTAIN Has Carries EXPLOSIVE SHIP SHIPS WEAPONS (b) ISA REAGAN
Universal and Existential Conditionals
Matching Vectors
Matching and Binding India Destination Destination Location Location Mediterranean Mediterranean SHIP: ALL X SHIP: ALL X (a) (a) Destination Carries Carries New Delhi New Delhi India India Mediterranean Mediterranean Sea Sea WEAPONS: SOME Y WEAPONS: SOME Y Explosive Explosive Capital Capital Capital Destination Type Location Location REAGAN REAGAN Smith Smith Captain Captain New Delhi New Delhi India India (b) (b) FLORIDA FLORIDA FLORIDA Mediterranean Mediterranean Skills Skills Sea Sea Capital Capital Destination Carries Carries Carries Carries Location Battle Battle REAGAN REAGAN Management Management SUN SUN Explosive Explosive MOON MOON MOON Smith Smith Captain Captain Type Type Type FLORIDA FLORIDA Type Type Skills Skills Carries Carries (c ) Results from (a) and (b) (c ) Results from (a) and (b) (c ) Results from (a) and (b) Carries Battle Battle Management Management SUN SUN Explosive Explosive MOON MOON Type Type Type Type
Negative Statements
Refutation to determine Consistency LOCATION REAGAN SHIPS FLORIDA SHIPS WEAPONS Pacific Ocean WEAPONS REAGAN DESTINATION (a) DESTINATION (b) Australia Australia WEAPONS WEAPONS FLORIDA FLORIDA DESTINATION SHIPS SHIPS WEAPONS REAGAN WEAPONS REAGAN REAGAN SHIPS Australia WEAPONS LOCATION DESTINATION X X (c ) Pacific Ocean Pacific Ocean Australia Australia WEAPONS WEAPONS (d) FLORIDA SHIPS REAGAN WEAPONS DESTINATION LOCATION Australia Pacific Ocean WEAPONS (e) WEAPONS
Directions Inference problem is still being investigated Census bureau still working on statistical databases Need to find real world examples in the Military world Inference problem with respect to medial records Much of the focus is now on the Privacy problem Privacy problem can be regarded to be a special case of the inference problem