Detecting security flaws is important in order to keep the database secure. A security flaw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security flaws can occur under the authorization. The main aim of this paper is to show an efficient decision algorithm for detecting a security flaw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of finding a maximal subset of a given authorization under which no security flaw exists.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Toshiyuki MORITA, Yasunori ISHIHARA, Hiroyuki SEKI, Minoru ITO, "A Formal Approach to Detecting Security Flaws in Object-Oriented Databases" in IEICE TRANSACTIONS on Information,
vol. E82-D, no. 1, pp. 89-98, January 1999, doi: .
Abstract: Detecting security flaws is important in order to keep the database secure. A security flaw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security flaws can occur under the authorization. The main aim of this paper is to show an efficient decision algorithm for detecting a security flaw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of finding a maximal subset of a given authorization under which no security flaw exists.
URL: https://global.ieice.org/en_transactions/information/10.1587/e82-d_1_89/_p
Copy
@ARTICLE{e82-d_1_89,
author={Toshiyuki MORITA, Yasunori ISHIHARA, Hiroyuki SEKI, Minoru ITO, },
journal={IEICE TRANSACTIONS on Information},
title={A Formal Approach to Detecting Security Flaws in Object-Oriented Databases},
year={1999},
volume={E82-D},
number={1},
pages={89-98},
abstract={Detecting security flaws is important in order to keep the database secure. A security flaw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security flaws can occur under the authorization. The main aim of this paper is to show an efficient decision algorithm for detecting a security flaw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of finding a maximal subset of a given authorization under which no security flaw exists.},
keywords={},
doi={},
ISSN={},
month={January},}
Copy
TY - JOUR
TI - A Formal Approach to Detecting Security Flaws in Object-Oriented Databases
T2 - IEICE TRANSACTIONS on Information
SP - 89
EP - 98
AU - Toshiyuki MORITA
AU - Yasunori ISHIHARA
AU - Hiroyuki SEKI
AU - Minoru ITO
PY - 1999
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E82-D
IS - 1
JA - IEICE TRANSACTIONS on Information
Y1 - January 1999
AB - Detecting security flaws is important in order to keep the database secure. A security flaw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security flaws can occur under the authorization. The main aim of this paper is to show an efficient decision algorithm for detecting a security flaw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of finding a maximal subset of a given authorization under which no security flaw exists.
ER -