For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Sufficient Conditions for Update Operations on Object-Oriented Databases to Preserve the Security against Inference Attacks
Yasunori ISHIHARA Kengo MORI Toru FUJIWARA
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2003/10/01
Print ISSN: 0916-8532
Type of Manuscript: PAPER
object-oriented database, authorization, inference attack, security, incremental checking,
Full Text: PDF(337.6KB)>>
Detecting the possibility of inference attacks is necessary in order to keep a database secure. Inference attacks mean that a user tries to infer the result of an unauthorized queries to the user. For method schemas, which are a formal model of object-oriented databases, it is known that the security problem against inference attacks is decidable in polynomial time in the size of a given database instance. However, when the database instance or authorization has slightly been updated, it is not desirable to check the entire database again for efficiency. In this paper, we propose several sufficient conditions for update operations to preserve the security. Furthermore, we show that some of the proposed sufficient conditions can be decided much more efficiently than the entire security check. Thus, the sufficient conditions are useful for incremental security checking.