Ontology Guided XML Security Engine

摘要

In this paper we study the security impact of large-scale, semantically enhanced data processing in distributed databases. We present an ontology-supported security model to detect undesired inferences via replicated XML data. Our model is able to detect inconsistent security classifications of replicated data. We propose the Ontology Guided XML Security Engine (Oxsegin) architecture to identify data items exposed to ontology-based inference attacks. The main technical contribution is the development of the Probabilistic Inference Engine used by Oxsegin. The inference engine operates on DTD files, corresponding to XML documents, and detects tags that are ontologically equivalent, i.e., can be abstracted to the same concept in the ontology, but may be different syntactically. Potential illegal inferences occur when two ontologically equivalient tags have contradictory security classifications. These tags are marked with a security violation pointer (SVP). Confidence level coefficients, attached to every security violation pointer, differentiate among the detected SVPs based on the system's confidence in an indicated inference.