Type Inferability and Decidability of the Security Problem Against Inference Attacks on Object-Oriented Databases
- 693 Downloads
Inference attacks mean that a user infers (or tries to infer) the result of an unauthorized query execution using only authorized queries to the user. We say that a query q is secure against inference attacks by a user u if there exists no database instance for which u can infer the result of q. The security problem against inference attacks has been formalized under a model of object-oriented databases called method schemas. It is known that the technique of type inference is useful for deciding the security. However, the relationship of type inferability and decidability of the security has not been examined.
This paper introduces a subclass of method schemas, called linearschemas, and presents the following results. First, type inference of linear queries is possible under linear schemas. Next, the security of type-inferable queries is undecidable under linear schemas. Moreover, type inference is impossible for queries whose security is decidable under linear schemas. These results imply that type inferability and decidability of the security problem are incomparable.
KeywordsSecurity Problem Type Inference Inference Attack Linear Schema Composite Method
Unable to display preview. Download preview PDF.
- 1.Fernandez, E.B., Larronodo-Peritrie, M.M., Gudes, E.: A method-based authorization model for object-oriented databases. In: Proceedings of OOPSLA 1993 Conference Workshop on Security for Object-Oriented Systems, pp. 135–150 (1993)Google Scholar
- 2.Seki, H., Ishihara, Y., Ito, M.: Authorization analysis of queries in object-oriented databases. In: Ling, T.-W., Vieille, L., Mendelzon, A.O. (eds.) DOOD 1995. LNCS, vol. 1013, pp. 521–538. Springer, Heidelberg (1995)Google Scholar
- 3.Bertino, E., Samarati, P.: Research issues in discretionary authorizations for object bases. In: Proceedings of OOPSLA 1993 Conference Workshop on Security for Object-Oriented Systems, pp. 183–199 (1994)Google Scholar
- 4.Ishihara, Y., Morita, T., Ito, M.: The security problem against inference attacks on object-oriented databases. In: Research Advances in Database and Information Systems Security, pp. 303–316. Kluwer, Dordrecht (2000), A full version can be found at http://www-infosec.ist.osaka-u.ac.jp/~ishihara/papers/dbsec99.pdf Google Scholar
- 10.Tajima, K.: Static detection of security flaws in object-oriented databases. In: Proceedings of the, ACM SIGMOD International Conference on Management of Data, pp. 341–352 (1996)Google Scholar
- 11.Chang, L., Moskowitz, I.S.: Bayesian methods applied to the database inference problem. In: Database Security XII, pp. 237–251. Kluwer, Dordrecht (1999)Google Scholar
- 12.Zhang, K.: IRI: A quantitative approach to inference analysis in relational databases. In: Database Security XI, pp. 279–290 (1998)Google Scholar
- 13.Seki, H., Ishihara, Y., Dodo, H.: Testing type consistency of method schemas. IEICE Transactions on Information and Systems E81-D, 278–287 (1998)Google Scholar