Author(s): Csilla Farkas, Tyrone S Toland, Caroline M Eastman
In this paper, we extend the Disclosure Monitor (DiMon) security mechanism (Brodsky et al. ) to prevent illegal inferences via database constraints in dynamic databases. We study updates from two perspectives: 1) updates on tuples that were previously released to a user may cause that tuple to be “outdated”, thus providing greater freedom for releasing new tuples; 2) observation of changes in released tuples may create cardinality based inferences, which are not indicated by database dependencies. We present a mechanism, called Update Consolidator (UpCon) that propagates updates to the user’s history file to ensure that no query is rejected based on outdated data. We also propose a Cardinality Inference Detection (CID) module, that generates all data that can be disclosed via cardinality based attacks. We show that UpCon and CID, when integrated into the DiMon architecture, guarantee confidentiality (completeness property of the data-dependent disclosure inference algorithm) and maximal availability (soundness property of the data-dependent disclosure inference algorithm) even in the presence of updates.