Inference in MLS database systems

Database systems that contain information of varying degrees of sensitivity pose the threat that some of the low data may infer high data. This study derives conditions sufficient to identify such inference threats. First, it is reasoned that a database can only control material implications, as specified in formal logic systems. These material implications are found using knowledge discovery techniques. Material implications allow reasoning about outside knowledge, and provide the first assurance that outside knowledge does not assist in circumventing the inference controls. Database queries specify the properties of sets of data and are compared to help determine inferences. These queries are grouped into equivalence classes based upon their inference characteristics. A unique graph based model is developed for the equivalence classes that (1) makes such comparisons easy, and (2) allows implementation of an algorithm capable of finding those material implication rules where high data is inferred from low data. This is the first method that offers assurance and sufficiency arguments that the mechanism is at least strong enough to protect the high data in the database from inference attacks that require low data