Manish Gupta Sivakumar Chennuru

  • Published on

  • View

  • Download

Embed Size (px)


Information Theoretic Model for Inference Resistant Knowledge Management in RBAC Based Collaborative Environment. Manish Gupta Sivakumar Chennuru. Overview. Model to reveal inference vulnerabilities Need for the model Description of the model Results Benefits. Introduction. - PowerPoint PPT Presentation


  • Information Theoretic Model for Inference Resistant Knowledge Management in RBAC Based Collaborative EnvironmentManish GuptaSivakumar Chennuru

  • OverviewModel to reveal inference vulnerabilitiesNeed for the modelDescription of the modelResultsBenefits

  • IntroductionInformation key organizational resourceDissemination and SharingCurrent Access Control MethodsSegregation techniquesDirect Access ControlAre these sufficient?

  • Need for the modelIndirect Access MechanismsIndividual knowledgeOn the role knowledge acquisitionInformal communication channels Framework for identifying and analyzing Data (information)RolesRoles direct access to dataAssociation among roles prone to inference

  • Prior workDatabase designUncover secondary paths leading to inferencesFunctional dependenciesConceptual structuresSemantic data modeling

  • Why Information Theory?Mathematical theory to quantify the concept of informationMeasure for the Entropy and InformationMutual informationAmount of information obtained by observing another informationChannelInteraction between employees with different rolesContinuous transfer over a variable length of time

  • Model DescriptionData Units ORG = {D1, D2,......, DN}; where N is total number of data units in the organization.Each data unit Di will have some information content IiEach data unit may or may not be linked with other data units.The information revealed is additive if the data units are statistically independent.

  • Model DescriptionData Units (contd)The mutual information of a data unit l(i;j) is the difference in the uncertainty of Di and the remaining uncertainty of Di after observing Dj .Data InputsFor each data unit Di , all data units in set ORG which are not statistically independentFor each data unit Di , all proper subsets of ORG which are not statistically independent

  • Model DescriptionRolesSet of Roles in the organization, R = { R1, R2,......, RM}; where M is total number of roles in the organizationRelationship between Data units and RolesRelationship between RolesDegree of Proximity of Roles

  • Roles and Data Units Relation between rolesRLINK1 [R1] = { R2 , R3, R4, R5 }RLINK2 [R1] = { R6 , R7 } Role-Data unit direct accessRSET [D1] { R1 , R2 , R3 }RSET [D2] { R1 , R4 , R5 }RSET [D3] { R5 , R6 , R7 } Role-Data unit Indirect AccessR4 D3 (path P2 )R1 D3 (path P1 )Strength of inference depends upon mutual information.

  • Proposed ER Model

  • Inference ExtractionSelect a role (r) from MASTER_ROLESelect all the data units (di) linked to the above role from RSET_DSETSelect all the roles linked to the above role from RLINKSelect the data units (dk) accessed by the linked roles and the mutual information of these data units (dk;di) from data units accessed by the role (r) The results are stored in INFER_TABLE

  • ResultsRole centric viewsRoles and Role associations that can be exploited for inference attacks.

    Scenario 1 Scenario2

  • ResultsData centric views List of data units most vulnerable to design with the given role structure.

  • BenefitsIdentifying possible inference attacksAssignment of individuals to the rolesGreater assurance against insider attacks

  • Questions Thank You

    Segregation of both data and dutiesData is data classification based on sensitivity of contained informationDuties is based on roles and responsibilities like RBAC,


View more >