• DocumentCode
    3480812
  • Title

    A Framework for Access Control with Inference Constraints

  • Author

    Katos, Vasilios ; Vrakas, D. ; Katsaros, Panagiotis

  • Author_Institution
    Dept. of Electr. & Comput. Eng., Democritus Univ. of Thrace, Xanthi, Greece
  • fYear
    2011
  • fDate
    18-22 July 2011
  • Firstpage
    289
  • Lastpage
    297
  • Abstract
    In this paper we present an approach for investigating the feasibility of reducing inference control to access control, as the latter is a more desirable means of preventing unauthorized access to sensitive data. Access control is preferable over inference control in terms of efficiency, but it fails to offer confidentiality in the presence of inference channels. We argue that during the design phase of a data schema and the definition of user roles, inference channels should be considered. An approach is introduced that can be integrated into a risk assessment exercise to assist in determining the roles and/or attributes that lower the risks associated with information disclosure from inference. The residual risk from the remaining inference channels could be treated by well known inference control mechanisms.
  • Keywords
    authorisation; inference mechanisms; risk management; access control; data confidentiality; inference channel; inference constraints; inference control; risk assessment; unauthorized access prevention; user role; Access control; Business; Context; Databases; Hamming weight; Sparse matrices; access control; inference control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Software and Applications Conference (COMPSAC), 2011 IEEE 35th Annual
  • Conference_Location
    Munich
  • ISSN
    0730-3157
  • Print_ISBN
    978-1-4577-0544-1
  • Electronic_ISBN
    0730-3157
  • Type

    conf

  • DOI
    10.1109/COMPSAC.2011.45
  • Filename
    6032355
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3480812