Advertisement

Type Inferability and Decidability of the Security Problem Against Inference Attacks on Object-Oriented Databases

  • Yasunori Ishihara
  • Yumi Shimakawa
  • Toru Fujiwara
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)

Abstract

Inference attacks mean that a user infers (or tries to infer) the result of an unauthorized query execution using only authorized queries to the user. We say that a query q is secure against inference attacks by a user u if there exists no database instance for which u can infer the result of q. The security problem against inference attacks has been formalized under a model of object-oriented databases called method schemas. It is known that the technique of type inference is useful for deciding the security. However, the relationship of type inferability and decidability of the security has not been examined.

This paper introduces a subclass of method schemas, called linearschemas, and presents the following results. First, type inference of linear queries is possible under linear schemas. Next, the security of type-inferable queries is undecidable under linear schemas. Moreover, type inference is impossible for queries whose security is decidable under linear schemas. These results imply that type inferability and decidability of the security problem are incomparable.

Keywords

Security Problem Type Inference Inference Attack Linear Schema Composite Method 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Fernandez, E.B., Larronodo-Peritrie, M.M., Gudes, E.: A method-based authorization model for object-oriented databases. In: Proceedings of OOPSLA 1993 Conference Workshop on Security for Object-Oriented Systems, pp. 135–150 (1993)Google Scholar
  2. 2.
    Seki, H., Ishihara, Y., Ito, M.: Authorization analysis of queries in object-oriented databases. In: Ling, T.-W., Vieille, L., Mendelzon, A.O. (eds.) DOOD 1995. LNCS, vol. 1013, pp. 521–538. Springer, Heidelberg (1995)Google Scholar
  3. 3.
    Bertino, E., Samarati, P.: Research issues in discretionary authorizations for object bases. In: Proceedings of OOPSLA 1993 Conference Workshop on Security for Object-Oriented Systems, pp. 183–199 (1994)Google Scholar
  4. 4.
    Ishihara, Y., Morita, T., Ito, M.: The security problem against inference attacks on object-oriented databases. In: Research Advances in Database and Information Systems Security, pp. 303–316. Kluwer, Dordrecht (2000), A full version can be found at http://www-infosec.ist.osaka-u.ac.jp/~ishihara/papers/dbsec99.pdf Google Scholar
  5. 5.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)zbMATHGoogle Scholar
  6. 6.
    Abiteboul, S., Kanellakis, P., Ramaswamy, S., Waller, E.: Method schemas. Journal of Computer and System Sciences 51, 433–455 (1995)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Ishihara, Y., Ako, S., Fujiwara, T.: Security against inference attacks on negative information in object-oriented databases. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 49–60. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Ishihara, Y., Shimizu, S., Seki, H., Ito, M.: Refinements of complexity results on type consistency for object-oriented databases. Journal of Computer and System Sciences 62, 537–564 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Denning, D.E.R.: Cryptography and Data Security. Addison-Wesley, Reading (1982)zbMATHGoogle Scholar
  10. 10.
    Tajima, K.: Static detection of security flaws in object-oriented databases. In: Proceedings of the, ACM SIGMOD International Conference on Management of Data, pp. 341–352 (1996)Google Scholar
  11. 11.
    Chang, L., Moskowitz, I.S.: Bayesian methods applied to the database inference problem. In: Database Security XII, pp. 237–251. Kluwer, Dordrecht (1999)Google Scholar
  12. 12.
    Zhang, K.: IRI: A quantitative approach to inference analysis in relational databases. In: Database Security XI, pp. 279–290 (1998)Google Scholar
  13. 13.
    Seki, H., Ishihara, Y., Dodo, H.: Testing type consistency of method schemas. IEICE Transactions on Information and Systems E81-D, 278–287 (1998)Google Scholar
  14. 14.
    Hopcroft, J.E., Ullman, J.D.: Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, Reading (1979)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Yasunori Ishihara
    • 1
  • Yumi Shimakawa
    • 1
  • Toru Fujiwara
    • 1
  1. 1.Graduate School of Information Science and TechnologyOsaka UniversityOsakaJapan

Personalised recommendations