Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Inference Problem - II February 12, 2007
Outline l Security Constraint Processing l Use of Conceptual Structures
Security Constraint Processing l Security Constraints are rules that assign security levels to the data l MLS/DBMS is augmented with an Inference Engine l Inference Engine is the Inference Controller l Integrated Architecture for Security Constraint processing - Query, Update and Database design operations
Inference Engine Approach
Constraint Generation
Query Processor
Update Processor
Database Design Tool
Integrated Architecture
Release Control Management
Use of Conceptual Structures l Use conceptual structures to model the application - E.g., semantic data models, semantic nets, conceptual graphs, etc. l Use the reasoning strategy of the conceptual structure and determine if security violation via inference can occur
Multilevel Semantic Nets
Complex Multilevel Semantic Net REAGAN Passengers Carries SUNExplosive Mediterranean Sea 16 June 2000 India Italy Destination Location Date Smith Captain Battle Management 20 years Skills Type
ISA/AKO Links
Example Rules - II
SHIPS WEAPONS (d) REAGAN SHIP ISA PERSON Has Captain SHIPS WEAPONS (d) REAGAN SHIP ISA PERSON Has Captain SHIPS WEAPONS (e) REAGAN India Destination COUNTRY ISA Destination
Applying Transfer Rules REAGAN SUN Explosive Mediterranean Sea India Destination Location Carries Type (a) REAGAN SUN Explosive Mediterranean Sea India Location Carries Type (b) Smith Battle Management Skills REAGAN SUN Explosive Mediterranean Sea India Destination Location Carries Type (c) Combines (a) and (b) Smith Battle Management Skills
Security Constraints SHIPS WEAPONS Carries (a) REAGAN SUN SHIPS Destination Carries (b) REAGAN SUN COUNTRY Mediterranean SHIPS WEAPONS Carries (a) REAGAN SUN SHIPS Destination Carries (b) REAGAN SUN COUNTRY Mediterranean Location
Security Constraint Violation - I
Security Constraint Violation - II
Universal and Existential Conditionals
Matching Vectors
Matching and Binding Carries FLORIDA MOON Type Capital (c ) Results from (a) and (b) Carries Location (a) SHIP: ALL X Mediterranean WEAPONS: SOME Y India Destination Explosive REAGAN SUNExplosive Mediterranean Sea India Location Smith Captain Battle Management New Delhi Skills Type Carries FLORIDA MOON Type Capital (b) REAGAN SUNExplosive Mediterranean Sea India Location Smith Captain Battle Management New Delhi Skills Type Carries FLORIDA MOON Type Capital (c ) Results from (a) and (b) Destination Carries Type Carries
Negative Statements
Refutation SHIPS WEAPONS DESTINATION REAGAN Pacific Ocean WEAPONS Australia (a) SHIPS WEAPONS DESTINATION REAGAN Australia XX SHIPS WEAPONS FLORIDA REAGAN WEAPONS Australia (c ) DESTINATION (b) SHIPS FLORIDA WEAPONS Australia DESTINATION SHIPS FLORIDA WEAPONS Australia LOCATION WEAPONSREAGAN Pacific Ocean WEAPONSREAGAN Pacific Ocean (d) SHIPS WEAPONS FLORIDA REAGAN WEAPONS Australia DESTINATION LOCATION WEAPONS Pacific Ocean (e) LOCATION
Directions l Inference problem is still being investigated l Census bureau still working on statistical databases l Need to find real world examples in the Military world l Inference problem with respect to medial records l Much of the focus is now on the Privacy problem l Privacy problem can be regarded to be a special case of the inference problem