Summary
Fine-grained access control policies define what data is sensitive or non-sensitive in a database. While these policies guard against direct access to sensitive data, attackers can still make guesses (or inferences) about sensitive data using non-sensitive data and data dependencies. Data dependencies, or simply dependencies, specify relationships between items within a database. For example, in an employee database, a data dependency could say that two employees with the same role and years of experience make the same salary. Such a dependency could be used to infer sensitive data, in this ex
