Security and inference in multilevel database and knowledge-base systems
SIGMOD '87 Proceedings of the 1987 ACM SIGMOD international conference on Management of data
Introduction to algorithms
Journal of Computer and System Sciences - Special issue on selected papers presented at the 24th annual ACM symposium on the theory of computing (STOC '92)
Static detection of security flaws in object-oriented databases
SIGMOD '96 Proceedings of the 1996 ACM SIGMOD international conference on Management of data
Term rewriting and all that
Refinments of complexity results on type consistency for object-oriented databases
Journal of Computer and System Sciences
Cryptography and data security
Cryptography and data security
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
Authorization Analysis of Queries in Object-Oriented Databases
DOOD '95 Proceedings of the Fourth International Conference on Deductive and Object-Oriented Databases
IRI: A Quantitative Approach to Inference Analysis in Relational Databases
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Bayesian Methods to the Database Inference Problem
Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
An Entropy-Based Framework for Database Inference
IH '99 Proceedings of the Third International Workshop on Information Hiding
The inference problem and updates in relational databases
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
DNIS'10 Proceedings of the 6th international conference on Databases in Networked Information Systems
Inference-usability confinement by maintaining inference-proof views of an information system
International Journal of Computational Science and Engineering
Hi-index | 0.00 |
A query is said to be secure against inference attacks by a user if there exists no database instance for which the user can infer the result of the query, using only authorized queries to the user. In this paper, first, the security problem against inference attacks on object-oriented databases is formalized. The definition of inference attacks is based on equational logic. Secondly, the security problem is shown to be undecidable, and a decidable sufficient condition for a given query to be secure under a given schema is proposed. The idea of the sufficient condition is to over-estimate inference attacks using over-estimated results of static type inference. The third contribution is to propose subclasses of schemas and queries for which the security problem becomes decidable. Lastly, the decidability of the security problem is shown to be incomparable with the static type inferability, although the tightness of the over-estimation of the inference attacks is affected in a large degree by that of the static type inference.