{"title":"Aggregation and inference: facts and fallacies","authors":"T. Lunt","doi":"10.1109/SECPRI.1989.36284","DOIUrl":null,"url":null,"abstract":"The author examines inference and aggregation problems that can arise in multilevel relational database systems and points out some fallacies in current thinking about these problems that may hinder real progress from being made toward their solution. She distinguishes several different types of aggregation and inference problems and shows that the different types of problems are best addressed by different approaches. In particular, it is shown that sensitive associations among entities of different types are best treated by representing the sensitive association separately and classifying the individual entities low and the relationship high. Sensitive associations among the various properties of an entity are best treated by determining those properties that contribute most to the inference and by storing those separately at a higher classification. Sensitive associations among entities of the same type are best treated by storing the individual data items comprising the aggregate at the aggregate-high classification; they must be sanitized for release to lower-level users. The suggested approaches allow the mandatory reference monitor to protect the sensitive associations, with no additional trusted mechanism needed.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"93","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 1989 IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.1989.36284","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 93
Abstract
The author examines inference and aggregation problems that can arise in multilevel relational database systems and points out some fallacies in current thinking about these problems that may hinder real progress from being made toward their solution. She distinguishes several different types of aggregation and inference problems and shows that the different types of problems are best addressed by different approaches. In particular, it is shown that sensitive associations among entities of different types are best treated by representing the sensitive association separately and classifying the individual entities low and the relationship high. Sensitive associations among the various properties of an entity are best treated by determining those properties that contribute most to the inference and by storing those separately at a higher classification. Sensitive associations among entities of the same type are best treated by storing the individual data items comprising the aggregate at the aggregate-high classification; they must be sanitized for release to lower-level users. The suggested approaches allow the mandatory reference monitor to protect the sensitive associations, with no additional trusted mechanism needed.<>
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
