Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information and Communications Security

ICICS 2002: Information and Communications Security pp 49–60Cite as

Security against Inference Attacks on Negative Information in Object-Oriented Databases

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2513))

Abstract

Inference attacks mean that a user derives information on the execution results of unauthorized queries from the execution results of authorized queries. Although many studies so far focus on only inference of positive information (i.e., which object is the execution result of a given unauthorized query), negative information (i.e., which object is never the execution result of a given unauthorized query) is also sensitive. In this paper, we define the following two types of security problems against inference attacks on given negative information: (1) Is the information secure under a given database instance? (2) Is it secure under any database instance of a given database schema? It is shown that the first problem is decidable in polynomial time in the description size of the database instance while the second one is undecidable. A decidable sufficient condition for given negative information to be secure under any database instance of a given database schema is also proposed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. Abiteboul, P. Kanellakis, S. Ramaswamy, and E. Waller, “Method schemas,” Journal of Computer and System Sciences, Vol. 51, No. 3, pp. 433–455, 1995.

    Article  MathSciNet  Google Scholar 

  2. E. Bertino and P. Samarati, “Research issues in discretionary authorizations for object bases,” Proceedings of OOPSLA-93 Conference Workshop on Security for Object-Oriented Systems, pp. 183–199, 1994.

    Google Scholar 

  3. L. Chang and I.S. Moskowitz, “Bayesian methods applied to the database inference problem,” Database Security XII, pp. 237–251, Kluwer, 1999.

    Google Scholar 

  4. D.E. Denning and P.J. Denning, “Data security,” ACM Computing Surveys, Vol. 11, No. 3, pp. 227–249, 1979.

    Article  Google Scholar 

  5. P.J. Downey, R. Sethi, and R.E. Tarjan, “Variations on the common subexpression problem,” Journal of the ACM, Vol. 27, No. 4, pp. 758–771, 1980.

    Article  MATH  MathSciNet  Google Scholar 

  6. C. Farkas, T.S. Toland, and C.M. Eastman, “The inference problem and updates in relational databases,” Databases and Application Security XV, pp. 181–194, Kluwer, 2002.

    Google Scholar 

  7. E.B. Fernandez, M.M. Larronodo-Peritrie, and E. Gudes, “A method-based authorization model for object-oriented databases,” Proceedings of OOPSLA-93 Conference Workshop on Security for Object-Oriented Systems, pp. 135–150, 1993.

    Google Scholar 

  8. Y. Ishihara, T. Morita, and M. Ito, “The security problem against inference attacks on object-oriented databases,” Research Advances in Database and Information Systems Security, pp. 303–316, Kluwer, 2000; A full version can be found at http://www-infosec.ist.osaka-u.ac.jp/~ishihara/papers/dbsec99.pdf.

  9. T Morita, Y. Ishihara, H. Seki, and M. Ito, “A formal approach to detecting security flaws in object-oriented databases,” IEICE Transactions on Information and Systems, Vol. E82-D, No. 1, pp. 89–98, 1999.

    Google Scholar 

  10. M. Morgenstern, “Security and inference in multilevel database and knowledge-base systems,” Proceedings of the 1987 ACM SIGMOD International Conference on Management of Data, pp. 357–373, 1987.

    Google Scholar 

  11. E. Paul, “On solving the equality problem in theories defined by Horn clauses,” Theoretical Computer Science, Vol. 44, pp. 127–153, 1986.

    Article  MATH  MathSciNet  Google Scholar 

  12. H. Seki, Y. Ishihara and H. Dodo, “Testing type consistency of method schemas,” IEICE Transactions on Information and Systems, Vol. E81-D, No. 3, 1998.

    Google Scholar 

  13. H. Seki, Y. Ishihara, and M. Ito, “Authorization analysis of queries in object-oriented databases,” Proceedings of the Fourth International Conference on Deductive and Object-Oriented Databases, LNCS 1013, pp. 521–538, 1995.

    Google Scholar 

  14. K. Tajima, “Static detection of security flaws in object-oriented databases,” Proceedings of the 1996 ACM SIGMOD International Conference on Management of Data, pp. 341–352, 1996.

    Google Scholar 

  15. K. Zhang, “IRI: A quantitative approach to inference analysis in relational databases,” Database Security XI, pp. 279–290, 1997.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Science and Technology, Osaka University, Toyonaka, Osaka, 560-8531, Japan

    Yasunori Ishihara, Shuichiro Ako & Toru Fujiwara

Authors
  1. Yasunori Ishihara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shuichiro Ako
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Toru Fujiwara
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Labs for Information Technology, 21 Heng Mui Keng Terrace, Singapore, 119613

    Robert Deng , Feng Bao  & Jianying Zhou ,  & 

  2. Engineering Research Center for Information Security Technology, Chinese Academy of Sciences, P.O. Box 8718, Beijing, 100080, China

    Sihan Qing

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ishihara, Y., Ako, S., Fujiwara, T. (2002). Security against Inference Attacks on Negative Information in Object-Oriented Databases. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_5

Download citation

  • DOI: https://doi.org/10.1007/3-540-36159-6_5

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00164-5

  • Online ISBN: 978-3-540-36159-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation