Authors: Philip Woodall, Pearl Brereton
Addresses: Institute for Manufacturing, Department of Engineering, University of Cambridge, Cambridge, CB3 0FS, UK. ' School of Computing and Mathematics, Keele University, Keele, Staffordshire, ST5 5BG, UK
Abstract: Access controls are not sufficient to prevent the release of secret information from an information system unless they address the problem of inference. An inference strategy is a method by which a user can infer secret information using the information which they are allowed to access through the access control mechanism. The aim of this paper is to collate and categorise the set of inference strategies in the existing literature. The systematic literature review (SLR) methodology is used to identify and categorise known inference strategies. The SLR search found 63 sources, and 127 inference strategies were extracted from these sources, which have been categorised into 11 different categories. Recording the inference strategy processes has abstracted the detail which ties inference strategies to an information system. Using this abstraction, it should be feasible to determine the level of inference protection offered by information systems in general.
Keywords: inference strategies; inferring information; aggregation; data security; information security; access control; systematic literature review; systematic review; secret information; information systems; inference protection.
International Journal of Information and Computer Security, 2010 Vol.4 No.2, pp.99 - 117
Published online: 23 Aug 2010 *Full-text access for editors Access for subscribers Purchase this article Comment on this article