Online Learning Platform

Information SEcurity > Multilevel Security (MLS) > Inference in Database Security

Inference in Database Security

Inference is a security risk in database systems where unauthorized users deduce confidential information from legitimate queries, even without direct access to sensitive data. Attackers analyze query responses, metadata, statistical results, or access patterns to infer restricted information.

How Does an Inference Attack Work?

Inference attacks bypass traditional access controls by collecting and correlating non-sensitive data to extract confidential information.

Example of an Inference Attack

  • A hospital database restricts access to patient disease records. However, an attacker runs multiple indirect queries to infer sensitive details:
  • ❌ Query 1: “How many patients have cancer?” → Result: 100
  • ❌ Query 2: “How many male patients aged 30-35 have cancer?” → Result: 1
  • ➡ Inference: The attacker now knows that the only 30-35-year-old male in the hospital has cancer, violating patient confidentiality.

 

Types of Inference Attacks

Inference Attack Type

Description

Example

Statistical Inference

Uses statistical queries to extract private information

Querying average salaries to deduce individual salaries

Data Correlation

Combines data from multiple sources to reveal hidden details

Cross-referencing voting records with public data to identify voters

Metadata Inference

Analyzes metadata (query logs, access patterns) to infer sensitive data

Monitoring database access logs to identify VIP customer accounts

Aggregation Inference

Uses aggregate functions (SUM, COUNT, AVG) to infer individual data

Finding the total sales of a small company and guessing a competitor’s revenue

Types of countermeasures:

Defense Mechanism

Description

Example

Query Restriction

Blocks queries that return small, unique results

Requiring a minimum number of records per query

Noise Addition

Adds random variations to data to prevent exact inferences

Slightly modifying response values in statistical reports

Data Masking

Hides sensitive attributes in query results

Showing partial credit card numbers instead of full details

Differential Privacy

Ensures results do not reveal data about any individual

Apple and Google use differential privacy for user analytics

Cell Suppression

Hides specific database cells to prevent exposure

Removing unique salary values from small department reports

Access Control & Role-Based Permissions

Restricts access based on user roles to limit data exposure

Medical staff can access only the data relevant to their department

Real-World Applications of Inference Control

Healthcare Systems (HIPAA Compliance): Protects patient data from statistical inference.

  • Financial Institutions (PCI-DSS Compliance): Prevents salary and transaction inference.
  • Government & Census Data (GDPR Compliance): Uses data anonymization to protect identities.
  • Cloud Databases & AI Models: Protects data from adversarial attacks and unauthorized learning.

 Example: If a server crashes during a transaction, the database should be able to recover the state of the data using logs, ensuring no data loss or corruption.

 

Prev
Differences between Bell-LaPadula and Biba Model
Next
Architectures of Database Integrity
Feedback
ABOUT

Statlearner


Statlearner STUDY

Statlearner