Database Security Protection Via Inference Detection

Access control mechanisms are commonly used to provide control over who may access sensitive information. However, malicious users can exploit the correlation among the data and infer sensitive information from a series of seemingly innocuous data access. In this paper, we proposed a detection system that utilizes both the user’s current query and past query log to determine if the current query answer can infer sensitive information. A semantic inference model (SIM) is constructed based on the data dependency, database schema and semantic relationship among data. After the SIM is instantiated via specific instances, it can then be mapped to a Bayesian network and used for evaluating the inference probability. The decision of answering the current query is based on if any of the sensitive attributes can be inferred with a probability higher than their pre-specified thresholds. This detection system is being extended to the cases of multiple collaborative users based on the query history of all the users and their collaborative levels for specific sensitive information.