On solving the equality problem in theories defined by Horn clauses
Theoretical Computer Science
Security and inference in multilevel database and knowledge-base systems
SIGMOD '87 Proceedings of the 1987 ACM SIGMOD international conference on Management of data
Journal of Computer and System Sciences - Special issue on selected papers presented at the 24th annual ACM symposium on the theory of computing (STOC '92)
Static detection of security flaws in object-oriented databases
SIGMOD '96 Proceedings of the 1996 ACM SIGMOD international conference on Management of data
Variations on the Common Subexpression Problem
Journal of the ACM (JACM)
ACM Computing Surveys (CSUR)
Authorization Analysis of Queries in Object-Oriented Databases
DOOD '95 Proceedings of the Fourth International Conference on Deductive and Object-Oriented Databases
IRI: A Quantitative Approach to Inference Analysis in Relational Databases
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Bayesian Methods to the Database Inference Problem
Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
The Security Problem against Inference Attacks on Object-Oriented Databases
Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
The inference problem and updates in relational databases
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Hi-index | 0.00 |
Inference attacks mean that a user derives information on the execution results of unauthorized queries from the execution results of authorized queries. Although many studies so far focus on only inference of positive information (i.e., which object is the execution result of a given unauthorized query), negative information (i.e., which object is never the execution result of a given unauthorized query) is also sensitive. In this paper, we define the following two types of security problems against inference attacks on given negative information: (1) Is the information secure under a given database instance? (2) Is it secure under any database instance of a given database schema? It is shown that the first problem is decidable in polynomial time in the description size of the database instance while the second one is undecidable. A decidable sufficient condition for given negative information to be secure under any database instance of a given database schema is also proposed.