Database present unique security challenges. The sheer amount of data that may be housed in a database which requires the special security consideration.
As we will see shortly in the “Inference and aggregation” section, the logical connections database users may lead to inference and aggregation attacks, requiring database security precautions such as inference controls and polyinstantiation.
Polyinstantiation allows the two different objects to have the same name. The word polyinstantiation is based on the Latin roots for multiple (poly) and instances (instantiation).
Database polyinstantiation means two rows may have the same primary key, but different data.
Inference and aggregation
Inference and aggregation occur when a user is able to use lower-level access to learn restricted information. These issues occur in multiple realms, including database security.
Inference requires deduction. There is a mystery to be solved, and lower level details provide the clues. Aggregation is a mathematical process;
A user asks every question, receives every answer, and derives restricted information.
Data mining searches large amounts of data to determine patterns that would otherwise get “lost in the noise.”
Credit card issuers have become experts in data mining, searching millions of credit card transactions stored in their databases to discover signs of fraud.
Simple data mining rules, such as “X or more purchases, in Y time, in Z places” are useful in discovering stolen credit cards.