An equational logic based approach to the security problem against inference attacks on object-oriented databases

Authors:
Yasunori Ishihara;Toshiyuki Morita;Hiroyuki Seki;Minoru Ito
Affiliations:
Graduate School of Information Science and Technology, Osaka University, 1-5, Yamadaoka, Suita, Osaka 565-0871, Japan;Graduate School of Information Science, Nara Institute of Science and Technology, 8916-5, Takayama, Ikoma, Nara 630-0192, Japan;Graduate School of Information Science, Nara Institute of Science and Technology, 8916-5, Takayama, Ikoma, Nara 630-0192, Japan;Graduate School of Information Science, Nara Institute of Science and Technology, 8916-5, Takayama, Ikoma, Nara 630-0192, Japan
Venue:
Journal of Computer and System Sciences
Year:
2007

Citing 14
Cited 2

Security and inference in multilevel database and knowledge-base systems

SIGMOD '87 Proceedings of the 1987 ACM SIGMOD international conference on Management of data
Introduction to algorithms

Introduction to algorithms
Method schemas

Journal of Computer and System Sciences - Special issue on selected papers presented at the 24th annual ACM symposium on the theory of computing (STOC '92)
Static detection of security flaws in object-oriented databases

SIGMOD '96 Proceedings of the 1996 ACM SIGMOD international conference on Management of data
Term rewriting and all that

Term rewriting and all that
Refinments of complexity results on type consistency for object-oriented databases

Journal of Computer and System Sciences
Cryptography and data security

Cryptography and data security
Foundations of Databases: The Logical Level

Foundations of Databases: The Logical Level
Introduction To Automata Theory, Languages, And Computation

Introduction To Automata Theory, Languages, And Computation
Authorization Analysis of Queries in Object-Oriented Databases

DOOD '95 Proceedings of the Fourth International Conference on Deductive and Object-Oriented Databases
IRI: A Quantitative Approach to Inference Analysis in Relational Databases

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Bayesian Methods to the Database Inference Problem

Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
An Entropy-Based Framework for Database Inference

IH '99 Proceedings of the Third International Workshop on Information Hiding
The inference problem and updates in relational databases

Das'01 Proceedings of the fifteenth annual working conference on Database and application security

Usability confinement of server reactions: maintaining inference-proof client views by controlled interaction execution

DNIS'10 Proceedings of the 6th international conference on Databases in Networked Information Systems
Inference-usability confinement by maintaining inference-proof views of an information system

International Journal of Computational Science and Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

A query is said to be secure against inference attacks by a user if there exists no database instance for which the user can infer the result of the query, using only authorized queries to the user. In this paper, first, the security problem against inference attacks on object-oriented databases is formalized. The definition of inference attacks is based on equational logic. Secondly, the security problem is shown to be undecidable, and a decidable sufficient condition for a given query to be secure under a given schema is proposed. The idea of the sufficient condition is to over-estimate inference attacks using over-estimated results of static type inference. The third contribution is to propose subclasses of schemas and queries for which the security problem becomes decidable. Lastly, the decidability of the security problem is shown to be incomparable with the static type inferability, although the tightness of the over-estimation of the inference attacks is affected in a large degree by that of the static type inference.