Abstract
A serious problem in computer database and knowledge base security is detecting and eliminating so-called inference channels. The existence of such channels enables a user with access to information classified at a low level to infer information classified at a high level, and through the transformation of low level data to high level data may provide an unacceptable information flow. In order to estimate the presence of inference channels, determine the degree of risk which they present, and find ways to eliminate them, one needs a formal model to describe them. The authors introduce abductive reasoning. Abduction provides both the basis for a formal model for the inference problem and a computational mechanism for detecting inference channels. Abduction additionally provides a framework for reasoning with approximate and uncertain information, which enables them to extend the model for inference channels by taking into account the likelihood that a person might believe some statement of interest.<>