Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information and Communications Security

ICICS 2004: Information and Communications Security pp 145–157Cite as

Type Inferability and Decidability of the Security Problem Against Inference Attacks on Object-Oriented Databases

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3269))

Abstract

Inference attacks mean that a user infers (or tries to infer) the result of an unauthorized query execution using only authorized queries to the user. We say that a query q is secure against inference attacks by a user u if there exists no database instance for which u can infer the result of q. The security problem against inference attacks has been formalized under a model of object-oriented databases called method schemas. It is known that the technique of type inference is useful for deciding the security. However, the relationship of type inferability and decidability of the security has not been examined.

This paper introduces a subclass of method schemas, called linearschemas, and presents the following results. First, type inference of linear queries is possible under linear schemas. Next, the security of type-inferable queries is undecidable under linear schemas. Moreover, type inference is impossible for queries whose security is decidable under linear schemas. These results imply that type inferability and decidability of the security problem are incomparable.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Fernandez, E.B., Larronodo-Peritrie, M.M., Gudes, E.: A method-based authorization model for object-oriented databases. In: Proceedings of OOPSLA 1993 Conference Workshop on Security for Object-Oriented Systems, pp. 135–150 (1993)

    Google Scholar 

  2. Seki, H., Ishihara, Y., Ito, M.: Authorization analysis of queries in object-oriented databases. In: Ling, T.-W., Vieille, L., Mendelzon, A.O. (eds.) DOOD 1995. LNCS, vol. 1013, pp. 521–538. Springer, Heidelberg (1995)

    Google Scholar 

  3. Bertino, E., Samarati, P.: Research issues in discretionary authorizations for object bases. In: Proceedings of OOPSLA 1993 Conference Workshop on Security for Object-Oriented Systems, pp. 183–199 (1994)

    Google Scholar 

  4. Ishihara, Y., Morita, T., Ito, M.: The security problem against inference attacks on object-oriented databases. In: Research Advances in Database and Information Systems Security, pp. 303–316. Kluwer, Dordrecht (2000), A full version can be found at http://www-infosec.ist.osaka-u.ac.jp/~ishihara/papers/dbsec99.pdf

    Google Scholar 

  5. Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)

    MATH  Google Scholar 

  6. Abiteboul, S., Kanellakis, P., Ramaswamy, S., Waller, E.: Method schemas. Journal of Computer and System Sciences 51, 433–455 (1995)

    Article  MathSciNet  Google Scholar 

  7. Ishihara, Y., Ako, S., Fujiwara, T.: Security against inference attacks on negative information in object-oriented databases. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 49–60. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  8. Ishihara, Y., Shimizu, S., Seki, H., Ito, M.: Refinements of complexity results on type consistency for object-oriented databases. Journal of Computer and System Sciences 62, 537–564 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  9. Denning, D.E.R.: Cryptography and Data Security. Addison-Wesley, Reading (1982)

    MATH  Google Scholar 

  10. Tajima, K.: Static detection of security flaws in object-oriented databases. In: Proceedings of the, ACM SIGMOD International Conference on Management of Data, pp. 341–352 (1996)

    Google Scholar 

  11. Chang, L., Moskowitz, I.S.: Bayesian methods applied to the database inference problem. In: Database Security XII, pp. 237–251. Kluwer, Dordrecht (1999)

    Google Scholar 

  12. Zhang, K.: IRI: A quantitative approach to inference analysis in relational databases. In: Database Security XI, pp. 279–290 (1998)

    Google Scholar 

  13. Seki, H., Ishihara, Y., Dodo, H.: Testing type consistency of method schemas. IEICE Transactions on Information and Systems E81-D, 278–287 (1998)

    Google Scholar 

  14. Hopcroft, J.E., Ullman, J.D.: Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, Reading (1979)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Science and Technology, Osaka University, 1–5 Yamadaoka, Suita, Osaka, 565–0871, Japan

    Yasunori Ishihara, Yumi Shimakawa & Toru Fujiwara

Authors
  1. Yasunori Ishihara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yumi Shimakawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Toru Fujiwara
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

  2. Chinese Academy of Sciences, Institute of Softwear, 100080, Beijing, China

    Sihan Qing

  3. Graduate School of Systems and Information Engineering, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, 305-8573, Ibaraki, Japan

    Eiji Okamoto

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ishihara, Y., Shimakawa, Y., Fujiwara, T. (2004). Type Inferability and Decidability of the Security Problem Against Inference Attacks on Object-Oriented Databases. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30191-2_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23563-7

  • Online ISBN: 978-3-540-30191-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation