Vincent Bindschaedler,Paul Grubbs,David Cash,Thomas Ristenpart,Vitaly Shmatikov

DOI: https://doi.org/10.14778/3236187.3236217

IF: 2.5

2018-07-01

Proceedings of the VLDB Endowment

Abstract:To protect database confidentiality even in the face of full compromise while supporting standard functionality, recent academic proposals and commercial products rely on a mix of encryption schemes. The recommendation is to apply strong, semantically secure encryption to the "sensitive" columns and protect other columns with property-revealing encryption (PRE) that supports operations such as sorting. We design, implement, and evaluate a new methodology for inferring data stored in such encrypted databases. The cornerstone is the multinomial attack , a new inference technique that is analytically optimal and empirically outperforms prior heuristic attacks against PRE-encrypted data. We also extend the multinomial attack to take advantage of correlations across multiple columns. This recovers PRE-encrypted data with sufficient accuracy to then apply machine learning and record linkage methods to infer columns protected by semantically secure encryption or redaction. We evaluate our methodology on medical, census, and union-membership datasets, showing for the first time how to infer full database records. For PRE-encrypted attributes such as demographics and ZIP codes, our attack outperforms the best prior heuristic by a factor of 16. Unlike any prior technique, we also infer attributes, such as incomes and medical diagnoses, protected by strong encryption. For example, when we infer that a patient in a hospital-discharge dataset has a mental health or substance abuse condition, this prediction is 97% accurate.

computer science, information systems, theory & methods

Yingjiu Li,Sushil Jajodia,X. Sean Wang

2003-01-01

Abstract:This thesis reports a systematic study of data protection in three different, yet related, scenarios. The first scenario is to guard relational data against unauthorized redistribution or data piracy. In this scenario, the data is released to users who have full control over the use of data but are restricted from any redistribution. A novel technique is presented for embedding fingerprints in database relations so that the original recipient of the data can be identified. In our scheme, one secret key (with or without primary key attributes in database relations) is used to decide the way how a fingerprint is embedded. Rigorous analysis shows that, with high probability, a detected fingerprint is indeed the fingerprint originally embedded, and embedded fingerprints cannot be modified or erased by a variety of attacks, including bits flipping, tuple addition and deletion; secret key guessing, and collusion among multiple recipients of the same relation. In addition, as a special case of fingerprinting, a robust watermarking scheme is also presented for relational databases. The second scenario is to protect the privacy of individual data value against interval-based inference from aggregation queries. Different from the first scenario in which the data is released to users, this scenario is about data that are controlled by its owner. Users are allowed to access the data through aggregation queries. An individual data value is said to be compromised if an accurate enough interval, called inference interval, is obtained from aggregation results such that the actual data value must fall into the interval. Our study shows that it is intractable to audit interval-based inference for bounded integer values; while for bounded real values, the auditing problem has a polynomial time complexity involving mathematical programming with a large number of constraints and/or variables. The last scenario is to detect anomaly from usage log data. Different from the first scenario in which the data are released to users as well as the second scenario in which the data are allowed to be queried by users, this scenario is about using log data to build profiles for user normal behaviors and detect suspicious anomalies that deviate from the profiles. Experiments show that our proposed method is more flexible and precise than previous methods that do not use time information or simply use fixed partition of time intervals in profiling. (Abstract shortened by UMI.)

Adel Jebali,Salma Sassi,Abderrazak Jemai

DOI: https://doi.org/10.1007/978-3-030-41568-6_5

2020-01-01

Abstract:Traditional access control models aim to prevent data leakage via direct accesses. A direct access occurs when a requester performs his query directly into the desired object, however these models fail to protect sensitive data from being accessed with inference channels. An inference channel is produced by the combination of a legitimate response which the user receives from the system and metadata. Detecting and removing inference in database systems guarantee a high quality design in terms of data secrecy and privacy. Parting from the fact that data distribution exacerbates inference problem, we give in this paper a survey of the current and emerging research on the inference problem in both centralized and distributed database systems and highlighting research directions in this field.

Marco Guarnieri,Srdjan Marinovic,David Basin

DOI: https://doi.org/10.48550/arXiv.1706.02473

2017-06-08

Abstract:Databases can leak confidential information when users combine query results with probabilistic data dependencies and prior knowledge. Current research offers mechanisms that either handle a limited class of dependencies or lack tractable enforcement algorithms. We propose a foundation for Database Inference Control based on ProbLog, a probabilistic logic programming language. We leverage this foundation to develop Angerona, a provably secure enforcement mechanism that prevents information leakage in the presence of probabilistic dependencies. We then provide a tractable inference algorithm for a practically relevant fragment of ProbLog. We empirically evaluate Angerona's performance showing that it scales to relevant security-critical problems.

Cryptography and Security,Databases

Zhu Qin

DOI: https://doi.org/10.3969/j.issn.1673-2340.2006.03.015

2006-01-01

Abstract:Privacy protection technique of database based on inference control is studied.Common inference channels are analyzed and several mechanisms of inference control are induced.An example is given to explain the application of inference control to privacy protection.The future development of researches on database inference control and privacy protection technique is also discussed in the paper.The studies show that it is effective to protect privacy via inference control and that it is critical to weigh the security and the availability to build a privacy protection database.

Ashish Kamra,Evimaria Terzi,Elisa Bertino

DOI: https://doi.org/10.1007/s00778-007-0051-4

2007-05-17

The VLDB Journal

Abstract:A considerable effort has been recently devoted to the development of Database Management Systems (DBMS) which guarantee high assurance and security. An important component of any strong security solution is represented by Intrusion Detection (ID) techniques, able to detect anomalous behavior of applications and users. To date, however, there have been few ID mechanisms proposed which are specifically tailored to function within the DBMS. In this paper, we propose such a mechanism. Our approach is based on mining SQL queries stored in database audit log files. The result of the mining process is used to form profiles that can model normal database access behavior and identify intruders. We consider two different scenarios while addressing the problem. In the first case, we assume that the database has a Role Based Access Control (RBAC) model in place. Under a RBAC system permissions are associated with roles, grouping several users, rather than with single users. Our ID system is able to determine role intruders, that is, individuals while holding a specific role, behave differently than expected. An important advantage of providing an ID technique specifically tailored to RBAC databases is that it can help in protecting against insider threats. Furthermore, the existence of roles makes our approach usable even for databases with large user population. In the second scenario, we assume that there are no roles associated with users of the database. In this case, we look directly at the behavior of the users. We employ clustering algorithms to form concise profiles representing normal user behavior. For detection, we either use these clustered profiles as the roles or employ outlier detection techniques to identify behavior that deviates from the profiles. Our preliminary experimental evaluation on both real and synthetic database traces shows that our methods work well in practical situations.

computer science, information systems, hardware & architecture

Xinmin Zhang,Xuerui Zhang,Zhihuan Song,Qinyuan Ren,Chihang Wei

DOI: https://doi.org/10.1109/DDCLS58216.2023.10165830

2023-01-01

Abstract:In modern industry, data-driven process monitoring systems (PMS), as the initial defense line of industrial control system security, have been widely used in all walks of life. However, the privacy security of the data-driven PMS itself has rarely or never received serious attention. Once the data-driven PMS suffers from intrusion and malicious attacks, it will not only interfere with the normal operation of the industrial control system, but also lead to the disclosure of industrial confidential and privacy information and major economic losses. To handle this issue, this work proposes a novel pioneering study on the inference attack and privacy security problem in the data-driven PMS. Firstly, the potential attack and privacy violation risks of data-driven PMS are investigated. Second, a novel industrial inference attack and privacy security benchmark on data-driven PMS is presented, in which a series of membership inference attack and defense experiments are designed and conducted. Third, we provided a detailed discussion about which member reasoning attacks are the most potential threats to the data-driven PMS and which defense technologies are most suitable for mitigating the attack. The experimental results will provide researchers and practitioners with a new perspective when designing a novel data-driven PMS with more robust and privacy protection performance.

Jianping He,Yushan Li,Lin Cai,Xinping Guan

DOI: https://doi.org/10.48550/arXiv.2205.03556

2022-05-07

Systems and Control

Abstract:Recent years have witnessed the fast advance of security research for networked dynamical system (NDS). Considering the latest inference attacks that enable stealthy and precise attacks into NDSs with observation-based learning, this article focuses on a new security aspect, i.e., how to protect control mechanism secrets from inference attacks, including state information, interaction structure and control laws. We call this security property as control mechanism secrecy, which provides protection of the vulnerabilities in the control process and fills the defense gap that traditional cyber security cannot handle. Since the knowledge of control mechanism defines the capabilities to implement attacks, ensuring control mechanism secrecy needs to go beyond the conventional data privacy to cover both transmissible data and intrinsic models in NDSs. The prime goal of this article is to summarize recent results of both inference attacks on control mechanism secrets and countermeasures. We first introduce the basic inference attack methods on the state and structure of NDSs, respectively, along with their inference performance bounds. Then, the corresponding countermeasures and performance metrics are given to illustrate how to preserve the control mechanism secrecy. Necessary conditions are derived to guide the secrecy design. Finally, thorough discussions on the control laws and open issues are presented, beckoning future investigation on reliable countermeasure design and tradeoffs between the secrecy and control performance.

Liang Cai,Xiaohu Yang,Jinxiang Dong

2001-01-01

Abstract:We briefly introduce the special characteristics of database security in information warfare and related researches, then emphasis the importance of antagonizing, malicious DBMS in information warfare. This paper suggests a threat model for malicious DBMS by carefully analyzing the possible security threats by malicious DBMS, then a database security architecture capable of antagonizing the malicious DBMS is proposed based on this threat model and the special requirements of critical applications in China. It can greatly improve the critical application's capability to antagonize malicious DBMS by incorporating, self-controlled authentication, principal / object mapping, transparent attribute encryption / decryption, attribute / tuple level mandatory access control, and parallel structure of multiple DBMSs.

Alex Zhu,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2017100106

2017-01-01

International Journal of Digital Crime and Forensics

Abstract:SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack DDoS. The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.

Jihane El Mokhtari,Anas Abou El Kalam,Siham Benhaddou,Jean-Philippe Leroy

DOI: https://doi.org/10.18280/ijsse.110504

2021-10-31

International Journal of Safety and Security Engineering

Abstract:This article is devoted to the topic of coupling access and inference controls into security policies. The coupling of these two mechanisms is necessary to strengthen the protection of the privacy of complex systems users. Although the PrivOrBAC access control model covers several privacy protection requirements, the risk of inferring sensitive data may exist. Indeed, the accumulation of several pieces of data to which access is authorized can create an inference. This work proposes an inference control mechanism implemented through multidimensional analysis. This analysis will take into account several elements such as the history of access to the data that may create an inference, as well as their influence on the inference. The idea is that this mechanism delivers metrics that reflect the level of risk. These measures will be considered in the access control rules and will participate in the refusal or authorization decision with or without obligation. This is how the coupling of access and inference controls will be applied. The implementation of this coupling will be done via the multidimensional OLAP databases which will be requested by the Policy Information Point, the gateway brick of XACML to the various external data sources, which will route the inference measurements to the decision-making point.

YAN He-Ping,WANG Wei,SHI Bai-Le

DOI: https://doi.org/10.1360/jos170750

2006-01-01

Abstract:This paper investigates the inference problems due to functional dependencies (FD) and multi-valued dependencies (MVD) in a multilevel relational database with element classification schemes. The algorithms presented can greatly improve the data availability. To further deal with the indirect privacy violation, the view-based inference control method is proposed which can eliminate the secure problem brought by multi-view collusions. The theories of splitting views into the view dependency basis are the foundation of future work on the view-based inference control.

Salman Salamatian,Amy Zhang,Flavio du Pin Calmon,Sandilya Bhamidipati,Nadia Fawaz,Branislav Kveton,Pedro Oliveira,Nina Taft

DOI: https://doi.org/10.1109/jstsp.2015.2442227

IF: 7.695

2015-10-01

IEEE Journal of Selected Topics in Signal Processing

Abstract:We propose a practical methodology to protect a user's private data, when he wishes to publicly release data that is correlated with his private data, to get some utility. Our approach relies on a general statistical inference framework that captures the privacy threat under inference attacks, given utility constraints. Under this framework, data is distorted before it is released, according to a probabilistic privacy mapping. This mapping is obtained by solving a convex optimization problem, which minimizes information leakage under a distortion constraint. We address practical challenges encountered when applying this theoretical framework to real world data. On one hand, the design of optimal privacy mappings requires knowledge of the prior distribution linking private data and data to be released, which is often unavailable in practice. On the other hand, the optimization may become untractable when data assumes values in large size alphabets, or is high dimensional. Our work makes three major contributions. First, we provide bounds on the impact of a mismatched prior on the privacy-utility tradeoff. Second, we show how to reduce the optimization size by introducing a quantization step, and how to generate privacy mappings under quantization. Third, we evaluate our method on two datasets, including a new dataset that we collected, showing correlations between political convictions and TV viewing habits. We demonstrate that good privacy properties can be achieved with limited distortion so as not to undermine the original purpose of the publicly released data, e.g., recommendations.

engineering, electrical & electronic

Ramyar Abdulrahman Teimoor

DOI: https://doi.org/10.21928/uhdjst.v5n2y2021.pp38-46

2021-10-10

UHD Journal of Science and Technology

Abstract:Currently, data production is as quick as possible; however, databases are collections of well-organized data that can be accessed, maintained, and updated quickly. Database systems are critical to your company because they convey data about sales transactions, product inventories, customer profiles, and marketing activities. To accomplish data manipulation and maintenance activities the Database Management System considered. Databases differ because their conclusions based on countless rules about what an invulnerable database constitutes. As a result, database protection seekers encounter difficulties in terms of a fantastic figure selection to maintain their database security. The main goal of this study is to identify the risk and how we can secure databases, encrypt sensitive data, modify system databases, and update database systems, as well as to evaluate some of the methods to handle these problems in security databases. However, because information plays such an important role in any organization, understanding the security risk and preventing it from occurring in any database system require a high level of knowledge. As a result, through this paper, all necessary information for any organization has been explained; in addition, also a new technological tool that plays an essential role in database security was discussed.

Elisa Bertino

DOI: https://doi.org/10.1561/1900000014

2010-01-01

Foundations and Trends in Databases

Abstract:<div>As organizations depend on, possibly distributed, information systems for operational, decisional and strategic activities, they are vulnerable to security breaches leading to data theft and unauthorized disclosures even as they gain productivity and efficiency advantages. Though several techniques, such as encryption and digital signatures, are available to protect data when transmitted across sites, a truly comprehensive approach for data protection must include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the semantics of data must be taken into account in order to specify effective access control policies. To address such requirements, over the years the database security research community has developed a number of access control techniques and mechanisms that are specific to database systems. In this monograph, we present a comprehensive state of the art about models, systems and approaches proposed for specifying and enforcing access control policies in database management systems. In addition to surveying the foundational work in the area of access control for database systems, we present extensive case studies covering advanced features of current database management systems, such as the support for fine-grained and context-based access control, the support for mandatory access control, and approaches for protecting the data from insider threats. The monograph also covers novel approaches, based on cryptographic techniques, to enforce access control and surveys access control models for objectdatabases and XML data. For the reader not familiar with basic notions concerning access control and cryptography, we include a tutorial presentation on these notions. Finally, the monograph concludes with a discussion on current challenges for database access control and security, and preliminary approaches addressing some of these challenges.<h3>Suggested Citation</h3>Elisa Bertino, Gabriel Ghinita and Ashish Kamra (2011), "Access Control for Databases: Concepts and Systems", Foundations and Trends® in Databases: Vol. 3: No. 1–2, pp 1-148. http://dx.doi.org/10.1561/1900000014</div>

P.K. Paul,P. S. Aithal

DOI: https://doi.org/10.47992/ijmts.2581.6012.0070

2019-10-18

Abstract:Information is the core and most vital asset these days. The subject which deals with Information is called Information Science. Information Science is responsible for different information related affairs from collection, selection, organization, processing, management and dissemination of information and contents. And for this information related purpose Information Technology plays a leading role. Information Technology has different components viz. Database Technology, Web Technology, Networking Technology, Multimedia Technology and traditional Software Technology. All these technologies are responsible for creating and advancing society. Database Technology is concerned with the Database. It is worthy to note that, Database is concerned with the repository of related data in a container or base. The data, in Database normally stored in different forms and Database Technology play a lead role for dealing with the affairs related to database. The Database is very important in the recent past due to wider applications in different organizations and institutions; not only profit making but also non-profit making. Today most organizations and sectors which deal with sensitive and important data keep them into the database and thus its security becomes an important concern. Large scale database and its security truly depend on different defensive methods. This paper talks about the basics of database including its meaning, characteristics, role etc. with special focus on different security challenges in the database. Moreover, this paper highlights the basics of security management, tools in this regard. Hence different areas of database security have mentioned in this paper in a simple sense.

Yuanyi BAO

DOI: https://doi.org/10.1360/ssi-2022-0362

2023-01-01

Scientia Sinica Informationis

Abstract:With the high integration of computing units and physical objects,cyber and physical systems are gradually coupled into cyber-physical systems(CPSs).According to the laws of physical systems and operation flow in CPSs,unknown CPS data can be inferred from other known data.The inferred data leakage threat is triggered when an accurate inference path connects between low-and high-security domain data.In this paper,by analyzing CPS data leakage accidents caused by data inference,paradigms of data leakage threats are proposed from two dimensions:data theft and data inference.Data inference is classified into three problem types:state estimation,parameter identification,and blind source separation.The algorithms for data inference are categorized as model-driven,data-driven,and data-model-driven methods.In the case of an electricity market,the process of inferring key parameters of a power system from public electricity price data is demonstrated,verifying that data inference can cause severe CPS data leakage threats.Meanwhile,the challenges of existing data protection methods are investigated.Additionally,the future research of CPS data inference defense and data security governance is discussed.

Meenatchi Sundaram Muthu Selva Annamalai,Andrea Gadotti,Luc Rocher

DOI: https://doi.org/10.48550/arXiv.2301.10053

2024-05-09

Abstract:Recent advances in synthetic data generation (SDG) have been hailed as a solution to the difficult problem of sharing sensitive data while protecting privacy. SDG aims to learn statistical properties of real data in order to generate "artificial" data that are structurally and statistically similar to sensitive data. However, prior research suggests that inference attacks on synthetic data can undermine privacy, but only for specific outlier records. In this work, we introduce a new attribute inference attack against synthetic data. The attack is based on linear reconstruction methods for aggregate statistics, which target all records in the dataset, not only outliers. We evaluate our attack on state-of-the-art SDG algorithms, including Probabilistic Graphical Models, Generative Adversarial Networks, and recent differentially private SDG mechanisms. By defining a formal privacy game, we show that our attack can be highly accurate even on arbitrary records, and that this is the result of individual information leakage (as opposed to population-level inference). We then systematically evaluate the tradeoff between protecting privacy and preserving statistical utility. Our findings suggest that current SDG methods cannot consistently provide sufficient privacy protection against inference attacks while retaining reasonable utility. The best method evaluated, a differentially private SDG mechanism, can provide both protection against inference attacks and reasonable utility, but only in very specific settings. Lastly, we show that releasing a larger number of synthetic records can improve utility but at the cost of making attacks far more effective.

Machine Learning,Cryptography and Security

Yuan Wang

2006-01-01

Abstract:Database inference control problem is a well-known problem in database security research. By describing sensitive information in a uniform detail with attributes, inference process can be depicted with the relevancies among the attributes. The method of inference channel detection and two phases control strategy were studied. A sound and complete inference control method based on those relevancies was presented, and correlative algorithms were proved.

Anup Patel,Niveeta Sharma,Magdalini Eirinaki

DOI: https://doi.org/10.48550/arXiv.1105.0049

2011-04-30

Abstract:Data Security is a major issue in any web-based application. There have been approaches to handle intruders in any system, however, these approaches are not fully trustable; evidently data is not totally protected. Real world databases have information that needs to be securely stored. The approach of generating negative database could help solve such problem. A Negative Database can be defined as a database that contains huge amount of data consisting of counterfeit data along with the real data. Intruders may be able to get access to such databases, but, as they try to extract information, they will retrieve data sets that would include both the actual and the negative data. In this paper we present our approach towards implementing the concept of negative database to help prevent data theft from malicious users and provide efficient data retrieval for all valid users.

Databases