Your company has 400 employees. One-fourth of them are assembly workers; Alice is responsible for calculating their wages and storing them in the relational database table, Payrolls, which contains all the employees’ salaries. Alice learned that she received the lowest salary among all employees by submitting the SQL query, SELECT MIN(Salary) FROM Payrolls. She is complaining about this to her boss. Which of the following is the primary cause of the confidentiality issue?
D. Improper database normalization
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Aggregation.
Partitioning in data or database refers to splitting the data set into parts and storing them separately. It’s a countermeasure to aggregation and inference attacks.
The original purpose of database normalization is to reduce data duplications to save storage space and enforce data integrity.
Confidentiality issues resulting from the aggregation of data are common. Aggregation refers to assembling or combining distinct units of data. This can be a problem in data processing, especially relational databases. The authorization in relational databases is commonly implemented at the level of the table or view. If authorization is granted based on tables, it is infeasible to restrict access to a subset of the table records. To do so, views of subsets of the table records should be employed.
SQL, Excel, and other software provide so-called aggregate functions, such as Sum(), Average(), Count(), Max(), and Min(), etc. These functions are working on “a group of data,” instead of “a single record of data”, so it is subject to a data breach due to “aggregation”.
You need to understand the SQL query to realize what Alice has done, SELECT MIN(Salary) FROM Payrolls. As the “Payrolls” table contains the salaries of all employees, the aggregate function, MIN(Salary), will include all the salaries. The result of the SQL query directly shows the minimum salary among all the employees; Alice doesn’t need to infer or deduct to conclude she has the lowest salary.
Inference: Derivation of new information from known information. The inference problem refers to the fact that the derived information may be classified at a level for which the user is not cleared. The inference problem is that of users deducing unauthorized information from the legitimate information they acquire.
Aggregation: The result of assembling or combining distinct units of data when handling sensitive information. Aggregation of data at one sensitivity level may result in the total data being designated at a higher sensitivity level.
Polyinstantiation: Polyinstantiation allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels.
Referential integrity: A database has referential integrity if all foreign keys reference existing primary keys.
Entity integrity: A tuple in a relation cannot have a null value for any of the primary key attributes.
Granularity: The degree to which access to objects can be restricted. Granularity can be applied to both the actions allowable on objects, as well as to the users allowed to perform those actions on the object.
Source: NIST SP 800-8 (obsoleted)
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
貴公司有400名員工。 其中四分之一是裝配工人，愛麗絲負責為裝配工人計算工資並將其存儲在關聯式資料庫的資料表中，該表包含所有員工的薪水。 通過提交SQL查詢SELECT MIN(Salary) FROM Salaries，愛麗絲得知她的薪水是獲得了所有員工中最低的。 她開始跟老闆抱怨這一點。 以下哪個是導致此機密性問題的主要原因？
A. 推理 (Inference)
B. 分區 (Partitioning)
C. 聚合 (Aggregation)