Correlated Data Inference in Ontology Guided XML Security Engine

In this paper we examine undesired inference attacks from distributed public XML documents. An undesired inference is a chain of reasoning that leads to protected data of an organization using only publicly available information. We propose a framework, the Ontology guided XML Security Engine (Oxsegin), and algorithms to detect and prevent undesired inference attacks. Oxsegin uses the Correlated Inference Procedure to detect correlated information that may lead to undesired disclosure. The system operates on the DTD’s of XML documents, and uses an ontological class-hierarchy to identify tags that may contribute to security violations. A security violation pointer is assigned to a set of tags that may contribute to a possible security violation. The likelihood of a detected security violation is measured by a confidence level coefficient attached to the security violation pointers