Despite advances in recent years in the area of mandatory access control
in database systems, today's information repositories remain vulnerable to inference
and data association attacks that can result in serious information leakage. Without
support for coping against these attacks, sensitive information can be put at risk
because of release of other (less sensitive) related information. The ability to
protect information disclosure against such improper leakage would be of great
benefit to governmental, public, and private institutions, which are, today more
than ever, required to make portions of their data available for external release.
In accordance with the invention, a solution to the problem of classifying information
by enforcing explicit data classification as well as inference and association
constraints is provided. We formulate the problem of determining a classification
that ensures satisfaction of the constraints, while at the same time guaranteeing
that information will not be unnecessarily overclassified.
