An approach to the inference problem in database security is described. This new approach is based on existing ideas in query containment theory. This theory may be used to generalize query modification, a query answering approach that allows a user to write a query that is beyond his access privileges, but the system will construct a set of similar queries that is within his privileges. This generalization may also be used to approach the inference problem. Examples of formalizing inference problems within the framework of queries are given, along with an algorithm for the detection of inference violations. Finally, suggestions are made for query answering to avoid inferences at several granularities by blocking all answers for a query, component queries, individual tuples, or individual values.
展开▼