The two main database security issues this section addresses are aggregation and inference.
aggregation--集合
inference--推理
Content-dependent access control is based on the sensitivity of the data. The more sensitive the data, the smaller the subset of individuals who can gain access to the data.
Context-dependent access control means that the software “understands” what actions should be allowed based upon the state and sequence of the request. It means the software must keep track of previous access attempts by the user and understand what sequences of access steps are allowed.
Common attempts to prevent inference attacks are cell suppression, partitioning the database, and noise and perturbation.
Cell suppression is a technique used to hide specific cells that contain information that could be used in inference attacks.
Partitioning a database involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together and other information that can be deduced or uncovered.
Noise and perturbation is a technique of inserting bogus information虚假信息 in the hopes of misdirecting
an attacker or confusing the matter enough that the actual attack will not be fruitful.
博文
没有评论:
发表评论