{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T23:11:40Z","timestamp":1654125100062},"reference-count":24,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010,10,1]]},"abstract":"<p>Traditional access control models protect sensitive data from unauthorised direct accesses; however, they fail to prevent indirect inferences. Information disclosure via inference channels occurs when secret information is derived from unclassified (non-secure) information and other sources like metadata and public observations. Previously, techniques using precise and fuzzy functional dependencies were proposed to detect inference channels. However, such methods are inappropriate when probabilistic relationships exist among data items that may be used to infer information with a predictable likelihood of accuracy. In this paper, the authors present definitions and algorithms for detecting inference channels in a probabilistic knowledge base and maximising an attacker\u2019s uncertainty by restricting selected inference channels to comply with data confidentiality and privacy requirements. As an illustration, a healthcare scenario is used to show how inference control can be performed on probabilistic relations to address patients\u2019 privacy concerns over Electronic Medical Records. To limit an attacker\u2019s ability to know secret data selected inference channels are restricted by using a Bayesian network that incorporates the information stored within a medical knowledge base to decide which facts must be hidden to limit undesired inferences.<\/p>","DOI":"10.4018\/jisp.2010100103","type":"journal-article","created":{"date-parts":[[2011,2,15]],"date-time":"2011-02-15T21:03:28Z","timestamp":1297803808000},"page":"35-59","source":"Crossref","is-referenced-by-count":2,"title":["Probabilistic Inference Channel Detection and Restriction Applied to Patients\u2019 Privacy Assurance"],"prefix":"10.4018","volume":"4","author":[{"given":"Bandar","family":"Alhaqbani","sequence":"first","affiliation":[{"name":"Queensland University of Technology, Australia"}]},{"given":"Colin","family":"Fidge","sequence":"additional","affiliation":[{"name":"Queensland University of Technology, Australia"}]}],"member":"2432","reference":[{"key":"jisp.2010100103-0","doi-asserted-by":"crossref","unstructured":"An, X., Jutla, D., & Cercone, N. (2006). Auditing and Inference Control for Privacy Preservation in Uncertain Environments. In Smart Sensing and Context (LNCS 4272, pp. 159-173).","DOI":"10.1007\/11907503_12"},{"key":"jisp.2010100103-1","first-page":"299","article-title":"Bayesian Networks","author":"E. A.Bender","year":"1996","journal-title":"Mathematical Methods in Artificial Intelligence"},{"key":"jisp.2010100103-2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2005.9"},{"key":"jisp.2010100103-3","doi-asserted-by":"publisher","DOI":"10.1016\/S0169-023X(01)00024-6"},{"key":"jisp.2010100103-4","doi-asserted-by":"publisher","DOI":"10.1023\/A:1026106029043"},{"key":"jisp.2010100103-5","doi-asserted-by":"crossref","unstructured":"Biskup, J., & Bonatti, P. A. (2002). Confidentiality Policies and Their Enforcement for Controlled Query Evaluation, In Proceedings of the 7th European Symposium on Research in Computer Security (LNCS 2502, pp. 39-54).","DOI":"10.1007\/3-540-45853-0_3"},{"key":"jisp.2010100103-6","doi-asserted-by":"publisher","DOI":"10.1007\/s10472-007-9070-5"},{"key":"jisp.2010100103-7","doi-asserted-by":"publisher","DOI":"10.1109\/69.895801"},{"key":"jisp.2010100103-8","first-page":"311","article-title":"Database Inference Controller","author":"L. J.Buczkowski","year":"1990","journal-title":"Database Security, III: Status and Prospects"},{"key":"jisp.2010100103-9","doi-asserted-by":"crossref","unstructured":"Chaing, L. W., & Ira, S. M. (2001). An Integrated Framework for Database Privacy Protection. In Proceedings of the IFIP TC11\/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions (pp. 161-172). Deventer, The Netherlands: Kluwer, B.V.","DOI":"10.1007\/0-306-47008-X_15"},{"key":"jisp.2010100103-10","unstructured":"Chhanabhai, P., & Holt, A. (2007). Consumers are ready to accept the transition to online and electronic records if the they can be assured of the security measures. Medscape General Medicine, 9(1)."},{"key":"jisp.2010100103-11","doi-asserted-by":"publisher","DOI":"10.1145\/772862.772864"},{"key":"jisp.2010100103-12","author":"D.Garets","year":"2006","journal-title":"Electronic Medical Record vs. Electronic Health Record: Yes, There is a Difference"},{"key":"jisp.2010100103-13","doi-asserted-by":"publisher","DOI":"10.1016\/j.otohns.2007.01.028"},{"key":"jisp.2010100103-14","unstructured":"Griffiths, T. L., & Yuille, A. L. (2006). Technical Introduction: A Primer on Probabilistic Inference. Los Angeles: Department of Statistics, UCLA."},{"key":"jisp.2010100103-15","doi-asserted-by":"crossref","unstructured":"Hale, J., & Shenoi, S. (1997). Catalytic Inference Analysis: Detecting Inference Threats due to Knowledge Discovery. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 188-199).","DOI":"10.1109\/SECPRI.1997.601333"},{"key":"jisp.2010100103-16","doi-asserted-by":"crossref","unstructured":"Heckerman, D. (1990). A Tractable Inference Algorithm for Diagnosing Multiple Diseases. In Proceedings of the Fifth annual Conference on Uncertainty in Artificial Intelligence (pp. 163-172).","DOI":"10.1016\/B978-0-444-88738-2.50020-8"},{"key":"jisp.2010100103-17","doi-asserted-by":"publisher","DOI":"10.1007\/BF02595718"},{"key":"jisp.2010100103-18","unstructured":"Pearl, J. (2006). Two journeys into human reasoning. Los Angeles: UCLA Cognitive systems Laboratory."},{"key":"jisp.2010100103-19","first-page":"157","article-title":"Bayesian Networks","author":"J.Pearl","year":"2003","journal-title":"Handbook of Brain Theory and Neural Networks"},{"key":"jisp.2010100103-20","doi-asserted-by":"publisher","DOI":"10.1145\/319830.319833"},{"key":"jisp.2010100103-21","author":"T. A.Stephenson","year":"2000","journal-title":"An Introduction to Bayesian Networks Theory and Usage"},{"key":"jisp.2010100103-22","doi-asserted-by":"publisher","DOI":"10.1109\/69.109108"},{"key":"jisp.2010100103-23","doi-asserted-by":"publisher","DOI":"10.1142\/S021848850200165X"}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=50496","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T22:57:13Z","timestamp":1654124233000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jisp.2010100103"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2010,10,1]]},"references-count":24,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2010,10]]}},"URL":"https:\/\/doi.org\/10.4018\/jisp.2010100103","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"value":"1930-1650","type":"print"},{"value":"1930-1669","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,10,1]]}}}