Databases Reference
In-Depth Information
User Queries
(Q)
R
AQ
Access Control
Pre-defined Aggregations
(A)
Inference Control
R
DA
Data Set
(D)
Fig. 2.
A Three-Tier Inference Control Architecture
on-line overhead of inference control can be dramatically reduced if this fact
can be explored.
The methods we shall review are based on a three-tier security architec-
ture. As illustrated in Figure 2, this architecture introduces an intermediate
aggregation tier
between the data tier and the query tier. More specifically,
the architecture has three tiers and three relations, and the aggregation tier
must satisfy three properties. First, inference control is enforced between the
aggregation tier and the data tier such that the former is secure with respect
to the latter. Access control then helps to enforce that only safe aggregations
will be used to compute results to queries. Second, the size of the aggregation
tier must be comparable to the data tier. Third, the problem of inference con-
trol can be partitioned into blocks in the data tier and the aggregation tier
such that security only need to be ensured between each corresponding pair
of blocks in the two tiers.
The three-tier architecture helps to reduce the performance overhead of
inference control in several aspects. The first property of the model implies
that the aggregation tier can be pre-computed such that the computation-
intensive part of inference control can be shifted to off-line processing. The
on-line part is to enforce access control based on whether a query can be
rewritten using the aggregation tier (that is, security through views). Second,
the last two properties both reduce the size of inputs to inference control
algorithms and consequently reduce the complexity. Note that an aggregation
tier can be designed to meet the second property, but the size of the query
tier is inherently exponential in the size of the data tier. The third property
also
localizes
inference control tasks to each block of the data tier so a failure
in one block will not affect other blocks.
