Abstract
Inference attacks mean that a user infers (or tries to infer) the result of an unauthorized query execution using only authorized queries to the user. We say that a query q is secure against inference attacks by a user u if there exists no database instance for which u can infer the result of q. The security problem against inference attacks has been formalized under a model of object-oriented databases called method schemas. It is known that the technique of type inference is useful for deciding the security. However, the relationship of type inferability and decidability of the security has not been examined.
This paper introduces a subclass of method schemas, called linearschemas, and presents the following results. First, type inference of linear queries is possible under linear schemas. Next, the security of type-inferable queries is undecidable under linear schemas. Moreover, type inference is impossible for queries whose security is decidable under linear schemas. These results imply that type inferability and decidability of the security problem are incomparable.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Fernandez, E.B., Larronodo-Peritrie, M.M., Gudes, E.: A method-based authorization model for object-oriented databases. In: Proceedings of OOPSLA 1993 Conference Workshop on Security for Object-Oriented Systems, pp. 135–150 (1993)
Seki, H., Ishihara, Y., Ito, M.: Authorization analysis of queries in object-oriented databases. In: Ling, T.-W., Vieille, L., Mendelzon, A.O. (eds.) DOOD 1995. LNCS, vol. 1013, pp. 521–538. Springer, Heidelberg (1995)
Bertino, E., Samarati, P.: Research issues in discretionary authorizations for object bases. In: Proceedings of OOPSLA 1993 Conference Workshop on Security for Object-Oriented Systems, pp. 183–199 (1994)
Ishihara, Y., Morita, T., Ito, M.: The security problem against inference attacks on object-oriented databases. In: Research Advances in Database and Information Systems Security, pp. 303–316. Kluwer, Dordrecht (2000), A full version can be found at http://www-infosec.ist.osaka-u.ac.jp/~ishihara/papers/dbsec99.pdf
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)
Abiteboul, S., Kanellakis, P., Ramaswamy, S., Waller, E.: Method schemas. Journal of Computer and System Sciences 51, 433–455 (1995)
Ishihara, Y., Ako, S., Fujiwara, T.: Security against inference attacks on negative information in object-oriented databases. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 49–60. Springer, Heidelberg (2002)
Ishihara, Y., Shimizu, S., Seki, H., Ito, M.: Refinements of complexity results on type consistency for object-oriented databases. Journal of Computer and System Sciences 62, 537–564 (2001)
Denning, D.E.R.: Cryptography and Data Security. Addison-Wesley, Reading (1982)
Tajima, K.: Static detection of security flaws in object-oriented databases. In: Proceedings of the, ACM SIGMOD International Conference on Management of Data, pp. 341–352 (1996)
Chang, L., Moskowitz, I.S.: Bayesian methods applied to the database inference problem. In: Database Security XII, pp. 237–251. Kluwer, Dordrecht (1999)
Zhang, K.: IRI: A quantitative approach to inference analysis in relational databases. In: Database Security XI, pp. 279–290 (1998)
Seki, H., Ishihara, Y., Dodo, H.: Testing type consistency of method schemas. IEICE Transactions on Information and Systems E81-D, 278–287 (1998)
Hopcroft, J.E., Ullman, J.D.: Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, Reading (1979)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ishihara, Y., Shimakawa, Y., Fujiwara, T. (2004). Type Inferability and Decidability of the Security Problem Against Inference Attacks on Object-Oriented Databases. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive