Page 590 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 590

adequately assess the potential information they may reveal to
               unauthorized individuals.



               Inference

               The database security issues posed by inference attacks are similar to
               those posed by the threat of data aggregation. Inference attacks
               involve combining several pieces of nonsensitive information to gain
               access to information that should be classified at a higher level.

               However, inference makes use of the human mind’s deductive capacity
               rather than the raw mathematical ability of modern database
               platforms.

               A commonly cited example of an inference attack is that of the
               accounting clerk at a large corporation who is allowed to retrieve the
               total amount the company spends on salaries for use in a top-level
               report but is not allowed to access the salaries of individual employees.

               The accounting clerk often has to prepare those reports with effective
               dates in the past and so is allowed to access the total salary amounts
               for any day in the past year. Say, for example, that this clerk must also
               know the hiring and termination dates of various employees and has
               access to this information. This opens the door for an inference attack.
               If an employee was the only person hired on a specific date, the
               accounting clerk can now retrieve the total salary amount on that date

               and the day before and deduce the salary of that particular employee—
               sensitive information that the user would not be permitted to access
               directly.

               As with aggregation, the best defense against inference attacks is to
               maintain constant vigilance over the permissions granted to individual
               users. Furthermore, intentional blurring of data may be used to
               prevent the inference of sensitive information. For example, if the

               accounting clerk were able to retrieve only salary information rounded
               to the nearest million, they would probably not be able to gain any
               useful information about individual employees. Finally, you can use
               database partitioning (discussed earlier in this chapter) to help
               subvert these attacks.



               Data Mining and Data Warehousing
   585   586   587   588   589   590   591   592   593   594   595