Xu Baowen,Jiang Jixiang,Lu Jianjiang,Wang Peng,Kang Dazhou

2005-01-01

Abstract:The widely use of eXtensible Markup Language (XML) raises the importance of security and access control for XML documents. Besides access control for XML document on node-level, it is also important to control users for accessing association between the nodes. Inference detection plays a central role in association-level access control. In this paper we propose a logic-based approach for inference detection in querying XML document. At first, Basic information is obtained from user query logs and "information-trees" are used to represent all the information a user gets. Then Logic-based method is used to find overlapping parts between "information-trees". Finally, inference detection is achieved by merging the "information-trees". This approach can be used to detect much common inference channels, and can serve as a basic model for future extension.

Joachim Biskup,Lan Li

DOI: https://doi.org/10.1109/tdsc.2012.86

2013-01-01

Abstract:This work aims at treating the inference problem in XML documents that are assumed to represent potentially incomplete information. The inference problem consists in providing a control mechanism for enforcing inference-usability confinement of XML documents. More formally, an inference-proof view of an XML document is required to be both indistinguishable from the actual XML document to the clients under their inference capabilities, and to neither contain nor imply any confidential information. We present an algorithm for generating an inference-proof view by weakening the actual XML document, i.e., eliminating confidential information and other information that could be used to infer confidential information. In order to avoid inferences based on the schema of the XML documents, the DTD of the actual XML document is modified according to the weakening operations as well, such that the modified DTD conforms with the generated inference-proof view.

YAN He-Ping,WANG Wei,SHI Bai-Le

DOI: https://doi.org/10.1360/jos170750

2006-01-01

Abstract:This paper investigates the inference problems due to functional dependencies (FD) and multi-valued dependencies (MVD) in a multilevel relational database with element classification schemes. The algorithms presented can greatly improve the data availability. To further deal with the indirect privacy violation, the view-based inference control method is proposed which can eliminate the secure problem brought by multi-view collusions. The theories of splitting views into the view dependency basis are the foundation of future work on the view-based inference control.

Dongxiao Jiang,Chenggang Li,Lixin Ma,Xiaoyu Ji,Yanjiao Chen,Bo Li

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00015

2020-01-01

Abstract:With the development of network, more and more unkown protocols appear. Network protocols define the rules between network entities and firewall uses network protocol for deep packet detection to prevent intrusions. For detecting these unkown protocols, firewall can’t analyze these protocols, which makes many systems vulnerable. To solve this problem, protocol reverse engineering is getting more and more attention. Protocol reverse engineering is a process that reverses the syntax and grammar of a protocol from its traces of execution codes. It focuses on three protocol features: field boundaries, protocol grammar and state machine. Field boundaries inference is the basis of the protocol reverse engineering, the precision of this process has a big influence on reversing the grammar and state machine. In this paper, we propose a method called ABinfer, which leverage the Field Adjacent information to identify the field boundaries. We evaluate the method on three protocols and the results show that it has a good ability to identify field boundaries of protocols.

Yuan Wang

2006-01-01

Abstract:Database inference control problem is a well-known problem in database security research. By describing sensitive information in a uniform detail with attributes, inference process can be depicted with the relevancies among the attributes. The method of inference channel detection and two phases control strategy were studied. A sound and complete inference control method based on those relevancies was presented, and correlative algorithms were proved.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11599517_64

2005-01-01

Abstract:As large corporations and organizations increasingly exploit the Internet as a means of improving business-transaction efficiency and productivity, it is increasingly common to find operational data and other business information in XML format. Access control for XML database is non-trivial subjects. A number of recent research efforts have considered access control models for XML data[1−5]. Our first contribution is a novel model for specifying XML security access control. Given an XML document accompanied by a document DTD, we allow a two-stage access control policies to pledge to security access XML document at file-level and element-level respectively. On the element-level access control, our approach for these access control policies is based on the novel notion of hide-node views. While the hide-node view DTD is exposed to authorized users, neither the internal XPath annotations nor the full document DTD is visible. Authorized users can only operate data over the hide-node view, making use of the exposed view DTD to access data. Our hide-node view mechanism guarantees that unauthorized user cannot access sensitive data and protects the schema information from access by unauthorized users. We think that the schema information also is sensitive data and should be protected from gain through the data accessing.

Adel Jebali,Salma Sassi,Abderrazak Jemai

DOI: https://doi.org/10.1007/978-3-030-41568-6_5

2020-01-01

Abstract:Traditional access control models aim to prevent data leakage via direct accesses. A direct access occurs when a requester performs his query directly into the desired object, however these models fail to protect sensitive data from being accessed with inference channels. An inference channel is produced by the combination of a legitimate response which the user receives from the system and metadata. Detecting and removing inference in database systems guarantee a high quality design in terms of data secrecy and privacy. Parting from the fact that data distribution exacerbates inference problem, we give in this paper a survey of the current and emerging research on the inference problem in both centralized and distributed database systems and highlighting research directions in this field.

Zhu Qin

DOI: https://doi.org/10.3969/j.issn.1673-2340.2006.03.015

2006-01-01

Abstract:Privacy protection technique of database based on inference control is studied.Common inference channels are analyzed and several mechanisms of inference control are induced.An example is given to explain the application of inference control to privacy protection.The future development of researches on database inference control and privacy protection technique is also discussed in the paper.The studies show that it is effective to protect privacy via inference control and that it is critical to weigh the security and the availability to build a privacy protection database.

Yixiang Ding,Tao Peng,Minghua Jiang

2008-01-01

International Journal of Security and Its Applications

Abstract:The Prevalent use of XML highlights an increasing need that publishing XML documents should meet precise security requirements, without revealing sensitive information to unauthorized users. We consider data-publishing applications where the publisher specifies what information is sensitive and should be protected. Hiding the sensitive information is no enough and the users can use common knowledge (e.g. "all patients in the same ward have the same disease") to infer more data, which can cause leakage of sensitive information. We formulate the process how users can infer data using three types of common XML constraints and several functional dependencies. We develop a novel paradigm for finding a max partial document without causing information leakage when we publish several related XML documents, while allowing publishing as much data as possible. The experiments on real data sets show that effect of inference on data security, and how the paradigm can prevent leaking the sensitive information.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11610496_109

2006-01-01

Abstract:XML becomes a standard format for data interchanges on Internet, especially in E-commerce. Although XML technology has been widely used, the research and development on XML security is still at the early stage. The control of XML access is important for protecting XML documents from being illegally modified or accessed. Most of available models utilize a single level check point. In this paper, we proposed an access control model with dual level access control: file-level and element-level (or attribute-level). The model allows adopt the XBLP policy with file-level security, while employs Hide-Node View for element-level security. The architecture framework of the access control model and implementation are briefly described.

Baowen Xu,Yanhui Li,Jianjiang Lu,Dazhou Kang

DOI: https://doi.org/10.1007/11758549_13

2006-01-01

Abstract:With the development of the Semantic Web. the issue on Semantic Web security has received a considerable attention. OWL security is a burgeoning and challengeable sub-area of Semantic Web security. We propose a novel approach about OWL security, especially about inference control in OWL retrieval. We define OWL inference control rules (ICRs) to present the aim of inference control. To achieve ICRs. our approach introduces a novel concept "semantic related view" (SRView) w.r.t an OWL knowledge base. which describes semantic relations in it. We present a construction process of SRViews from OWL knowledge bases and define pruning operations to rewrite them. Based on pruned SRViews. a query framework to achieve inference control is proposed. followed by analysis of correctness and complexity.

Jianping He,Yushan Li,Lin Cai,Xinping Guan

DOI: https://doi.org/10.48550/arXiv.2205.03556

2022-05-07

Systems and Control

Abstract:Recent years have witnessed the fast advance of security research for networked dynamical system (NDS). Considering the latest inference attacks that enable stealthy and precise attacks into NDSs with observation-based learning, this article focuses on a new security aspect, i.e., how to protect control mechanism secrets from inference attacks, including state information, interaction structure and control laws. We call this security property as control mechanism secrecy, which provides protection of the vulnerabilities in the control process and fills the defense gap that traditional cyber security cannot handle. Since the knowledge of control mechanism defines the capabilities to implement attacks, ensuring control mechanism secrecy needs to go beyond the conventional data privacy to cover both transmissible data and intrinsic models in NDSs. The prime goal of this article is to summarize recent results of both inference attacks on control mechanism secrets and countermeasures. We first introduce the basic inference attack methods on the state and structure of NDSs, respectively, along with their inference performance bounds. Then, the corresponding countermeasures and performance metrics are given to illustrate how to preserve the control mechanism secrecy. Necessary conditions are derived to guide the secrecy design. Finally, thorough discussions on the control laws and open issues are presented, beckoning future investigation on reliable countermeasure design and tradeoffs between the secrecy and control performance.

Chen Guohai,Chen Jixi,Gu Xinjian,Zhan Hongfei

2006-01-01

Abstract:Historically, data analysis and data analysis system is the research hotspot of the manufacturing industry, and also the key issue of the informatization of modern enterprises. However, most of the data analysis systems used recently can't resolve the transformation and integration of the data sources efficiently, especially the isomerous data sources. The data expressing also seems lack of diversity. In the view of data transformation, integration and data expressing combining with the characteristic of the XML, a new data analysis system based on XML is proposed. Then the framework, hierarchical structure and the crisis problems of the system are analyzed in detail and that it has a promise future is revealed.

李晓东,朱皓,杨卫东

DOI: https://doi.org/10.3778/j.issn.1673-9418.2010.01.008

2010-01-01

Abstract:XML(extensive makeup language)keyword search is easy to use,and users do not have to understand the schema,recently is widespreadly concerned by the people.Current researches about the keyword search are mainly focused on the algorithms and the sort of the results,but ignore the security issues.Combining with XML keyword search and XML security control,for the first time,this paper researches the XML keyword search method based on secure access control,including identifying the XML keyword search results based on the secure access control rules,establishing keyword index using security view as well as keyword search algorithm based on the above two aspects,and the three aspects above are on the basis of the XML keyword's smallest lowest common ancestors(SLCA) and view-based secure access control rules.The experimental result shows that in order to satisfy the secure access control rules,this algorithm although needs extra time to get the correct results but is generally efficient.

DeQiang Wang,Feng Xu,Bing Mao,Li Xie

2004-01-01

Abstract:Proposed in this paper is a new algorithm of access control labeling on an XML document based on the authorization-tree. The algorithm improves the performance effectively through avoiding matching authorizations, solving the authorization conflict and labeling at every node of the XML-tree. Meanwhile, a flexible and user-configurable mode of solving the authorization conflict is proposed. And the mode is integrated into the authorization-tree algorithm seamlessly.

Xinmin Zhang,Xuerui Zhang,Zhihuan Song,Qinyuan Ren,Chihang Wei

DOI: https://doi.org/10.1109/DDCLS58216.2023.10165830

2023-01-01

Abstract:In modern industry, data-driven process monitoring systems (PMS), as the initial defense line of industrial control system security, have been widely used in all walks of life. However, the privacy security of the data-driven PMS itself has rarely or never received serious attention. Once the data-driven PMS suffers from intrusion and malicious attacks, it will not only interfere with the normal operation of the industrial control system, but also lead to the disclosure of industrial confidential and privacy information and major economic losses. To handle this issue, this work proposes a novel pioneering study on the inference attack and privacy security problem in the data-driven PMS. Firstly, the potential attack and privacy violation risks of data-driven PMS are investigated. Second, a novel industrial inference attack and privacy security benchmark on data-driven PMS is presented, in which a series of membership inference attack and defense experiments are designed and conducted. Third, we provided a detailed discussion about which member reasoning attacks are the most potential threats to the data-driven PMS and which defense technologies are most suitable for mitigating the attack. The experimental results will provide researchers and practitioners with a new perspective when designing a novel data-driven PMS with more robust and privacy protection performance.

Jihane El Mokhtari,Anas Abou El Kalam,Siham Benhaddou,Jean-Philippe Leroy

DOI: https://doi.org/10.18280/ijsse.110504

2021-10-31

International Journal of Safety and Security Engineering

Abstract:This article is devoted to the topic of coupling access and inference controls into security policies. The coupling of these two mechanisms is necessary to strengthen the protection of the privacy of complex systems users. Although the PrivOrBAC access control model covers several privacy protection requirements, the risk of inferring sensitive data may exist. Indeed, the accumulation of several pieces of data to which access is authorized can create an inference. This work proposes an inference control mechanism implemented through multidimensional analysis. This analysis will take into account several elements such as the history of access to the data that may create an inference, as well as their influence on the inference. The idea is that this mechanism delivers metrics that reflect the level of risk. These measures will be considered in the access control rules and will participate in the refusal or authorization decision with or without obligation. This is how the coupling of access and inference controls will be applied. The implementation of this coupling will be done via the multidimensional OLAP databases which will be requested by the Policy Information Point, the gateway brick of XACML to the various external data sources, which will route the inference measurements to the decision-making point.

饶元,陆淑敏,李尊朝,冯博琴

DOI: https://doi.org/10.3969/j.issn.1000-7180.2004.12.023

2004-01-01

Abstract:After formulated the definition of information security, an XML-based logistic security hierarchical structure and a protocols stack were presented in the paper. Moreover, a XKMS Trust Architecture Model, XKMS-TA, was built on some XML-based security technology, such as XML-Encryption, XML-Signature, XML-Access Control and XKML. This model decreased effectually the degree of complexity about the client collocated, PKI deployed and the cost of operating maintained, as well as increased the interoperation between the PKI sites. Furthermore, mixed the XKMS-TA model and XML-Access Control technology, XBSIA (XML-Based Security Integrated Architecture), a new XML-based Security integrated solution, was designed and applied in the programming of OPEN-CLASS system. The results of practice proved that XBSIA solution has great security and dynamic maintenance.

Tao Peng,Jiang Minghua,Hu Ming

2008-01-01

Abstract:Nowaday, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in network environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

Shi Lichen,He Zhenying,Wang Wei,Shi Baile

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.04.001

2009-01-01

Abstract:Path-Expression-Query processing,which is one of the core problems in XML data management studies,has received lots of attentions recently.Much works have focused on path expression matching in XML database.These works,however,neglect the containment operator.We studied the implements of the containment operator on XML database in this paper and proposed two methods.The first one uses jump table for carrying out the dynamic search of node data and matching in twig pattern matching query of XML,while the second one sets up inverted indices for terms in XML documents to implement keywords matching.We compared and analyzed two methods with the length of the path of twig pattern,the amount of keywords queried and the type of the judgement nodes with containment operator in XLM tree.