Ncsc Technical Report - 005 Volume 1/5 Library No. S-243,039

By Brewster, Keith F.

Book Id: WPLBN0000697933
Format Type: PDF eBook:
File Size: 0.3 MB
Reproduction Date: 2005

Title:	Ncsc Technical Report - 005 Volume 1/5 Library No. S-243,039
Author:	Brewster, Keith F.
Volume:
Language:	English
Subject:	Technology., Reference materials, Technology and literature
Collections:	Techonology eBook Collection
Historic Publication Date:
Publisher:


Citation APA MLA Chicago F. Brewste, B. K. (n.d.). Ncsc Technical Report - 005 Volume 1/5 Library No. S-243,039. Retrieved from http://www.self.gutenberg.org/

Description
Technical Reference Publication

Excerpt
Introduction: This document is the first volume in the series of companion documents to the Trusted Database Management System Interpretation of the Trusted Computer System Evaluation Criteria [TDI 91;DoD 85]. This document examines inference and aggregation issues in secure database management systems and summarizes the research to date in these areas.

Table of Contents
TABLE OF CONTENTS SECTION PAGE 1.0 INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . l 1.1 BACKGROUND AND PURPOSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 SCOPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.3 INTRODUCTION TO INFERENCE AND AGGREGATION . . . . . . . . . . . . . . . . . . . . . . 2 1.4 AUDIENCES OF THIS DOCUMENT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.5 ORGANIZATION OF THIS DOCUMENT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.0 BACKGROUND. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1 INFERENCE AND AGGREGATION - DEFINED AND EXPLAINED . . . . . . . . . . . . . . 5 2.1.1 Inference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.1.1 Inference Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.1.2 Inference Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.1.3 Related Disciplines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.2 Aggregation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.2.1 Data Association Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1.2.2 Cardinal Aggregation Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2 SECURITY TERMINOLOGY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.3 THE TRADITIONAL SECURITY ANALYSIS PARADIGM . . . . . . . . . . . . . . . . . . . . . 12 2.4 THE DATABASE SECURITY ENGINEERING PROCESS . . . . . . . . . . . . . . . . . . . . . . 14 2.5 THE REQUIREMENTS FOR PROTECTING AGAINST INFERENCE AND AGGREGATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.5.1 The Operational Requirement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.5.2 The TCSEC Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.0 AN INFERENCE AND AGGREGATION FRAMEWORK . . . . . . . . . . . . . . . . . . . . . . . 18 3.1 DETAILED EXAMPLE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2 THE FRAMEWORK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.2.1 Information Protection Requirements and Resulting Vulnerabilities. . . . . . . . . . 20 3.2.2 Classification Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.2.3 Vulnerabilities from Classification Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.2.4 Database Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26