Legitimately accessible data is aggregated to derive
unauthorized information. Examples include getting the total departmental
salary figures just before and after a new employee is hired to derive the
salary of the new hire, attending a wide range of unclassified but private
meetings in a particular area in order to gain an overall picture of what
work a group is doing, and tracking movements of many people from a
particular organization and correlating that information with job titles and
other events to derive intelligence indicators.
Complexity: Data
aggregation can be quite complex both to perform and to protect against.
Some work on protecting against these attacks has led to identifying
NP-complete problems, while gathering information through this technique may
involve solving a large number of equations in a large number of unknowns
and is similar to integer programming problems in complexity.
fc@red.a.net