Year

2003

Degree Name

Master of Computer Science by Research

Department

School of Information Technology and Computer Science - Faculty of Informatics

Abstract

With the rapid development of information technology, data availability is improved greatly. Data may be accessed at anytime by people from any location. However,threats to data security and privacy arise as one of the major problems of the development of information systems, especially those information systems which contain personal information. An association database is a personal information system which contains associations between persons. In this thesis, we identify the security and privacy problems of association databases. In order to solve these problems, we propose a new security and privacy model for association databases equipped with both direct access control and inference control mechanisms. In this model, there are multiple criteria including, not only confidentiality, but also privacy and other aspects of security to classify the association. The methods used in the system are: The direct access control method is based on the mandatory model; The inference control method is based on both logic reasoning and probabilistic reasoning (Belief Networks). My contributions to security and privacy model for association databases and to inference control in the model include: Identification of security and privacy problems in association databases; Formal definition of association database model; Representation association databases as directed multiple graphs; Development of axioms for direct access control; Specification of the unauthorized inference problem; A method for unauthorized inference detection and control that includes: Development of logic inference rules and probabilistic inference rule; Application of belief networks as a tool for unauthorized inference detection and control.

Share

COinS