ACM SIGMOD Anthology ACM SIGMOD dblp.uni-trier.de

Static Detection of Security Flaws in Object-Oriented Databases.

Keishi Tajima: Static Detection of Security Flaws in Object-Oriented Databases. SIGMOD Conference 1996: 341-352
@inproceedings{DBLP:conf/sigmod/Tajima96,
  author    = {Keishi Tajima},
  editor    = {H. V. Jagadish and
               Inderpal Singh Mumick},
  title     = {Static Detection of Security Flaws in Object-Oriented Databases},
  booktitle = {Proceedings of the 1996 ACM SIGMOD International Conference on
               Management of Data, Montreal, Quebec, Canada, June 4-6, 1996},
  publisher = {ACM Press},
  year      = {1996},
  pages     = {341-352},
  ee        = {http://doi.acm.org/10.1145/233269.233349, db/conf/sigmod/Tajima96.html},
  crossref  = {DBLP:conf/sigmod/96},
  bibsource = {DBLP, http://dblp.uni-trier.de}
}
BibTeX

Abstract

Access control in function granularity is one of the features of many object-oriented databases. In those systems, the users are granted rights to invoke composed functions instead of rights to invoke primitive operations. Although primitive operations are invoked inside composed functions, the users can invoke them only through the granted functions. This achieves access control in abstract operation level. Access control utilizing encapsulated functions, however, easily causes many "security flaws" through which malicious users can bypass the encapsulation and can abuse the primitive operations inside the functions. In this paper, we develop a technique to statically detect such security flaws. First, we design a framework to describe security requirements that should be satisfied. Then, we develop an algorithm that syntactically analyzes program code of the functions and determines whether given security requirements are satisfied or not. This algorithm is sound, that is, whenever there is a security flaw, it detects it.

Copyright © 1996 by the ACM, Inc., used by permission. Permission to make digital or hard copies is granted provided that copies are not made or distributed for profit or direct commercial advantage, and that copies show this notice on the first page or initial screen of a display along with the full citation.


ACM SIGMOD Anthology

Online Version (ACM WWW Account required): Full Text in PDF Format

CDROM Version: Load the CDROM "Volume 1 Issue 1, SIGMOD '93-'97" and ...

DVD Version: Load ACM SIGMOD Anthology DVD 1" and ... BibTeX

Printed Edition

H. V. Jagadish, Inderpal Singh Mumick (Eds.): Proceedings of the 1996 ACM SIGMOD International Conference on Management of Data, Montreal, Quebec, Canada, June 4-6, 1996. ACM Press 1996 BibTeX , SIGMOD Record 25(2), June 1996
Contents

Online Edition: ACM Digital Library

[Index Terms]
[Full Text in PDF Format, 1319 KB]

References

[AB91]
Serge Abiteboul, Anthony J. Bonner: Objects and Views. SIGMOD Conference 1991: 238-247 BibTeX
[ADG92]
Rafiul Ahad, James Davis, Stefan Gower, Peter Lyngbæk, Andra Marynowski, Emmanuel Onuegbe: Supporting Access Control in an Object-Oriented Database Language. EDBT 1992: 184-200 BibTeX
[Bec80]
Leland L. Beck: A Security Mechanism for Statistical Databases. ACM Trans. Database Syst. 5(3): 316-338(1980) BibTeX
[Ber92]
Elisa Bertino: Data Hiding and Security in Object-Oriented Databases. ICDE 1992: 338-347 BibTeX
[Bur90]
...
[Chi78]
Francis Y. L. Chin: Security in Statistical Databases for Queries with Small Counts. ACM Trans. Database Syst. 3(1): 92-104(1978) BibTeX
[CO82]
Francis Y. L. Chin, Gultekin Özsoyoglu: Auditing and Inference Control in Statistical Databases. IEEE Trans. Software Eng. 8(6): 574-582(1982) BibTeX
[DAH+87]
Dorothy E. Denning, Selim G. Akl, Mark Heckman, Teresa F. Lunt, Matthew Morgenstern, Peter G. Neumann, Roger R. Schell: Views for Multilevel Database Security. IEEE Trans. Software Eng. 13(2): 129-140(1987) BibTeX
[DD77]
Dorothy E. Denning, Peter J. Denning: Certification of Programs for Secure Information Flow. Commun. ACM 20(7): 504-513(1977) BibTeX
[DDS79]
Dorothy E. Denning, Peter J. Denning, Mayer D. Schwartz: The Tracker: A Threat to Statistical Database Security. ACM Trans. Database Syst. 4(1): 76-96(1979) BibTeX
[Den76]
Dorothy E. Denning: A Lattice Model of Secure Information Flow. Commun. ACM 19(5): 236-243(1976) BibTeX
[DJL79]
David P. Dobkin, Anita K. Jones, Richard J. Lipton: Secure Databases: Protection Against User Influence. ACM Trans. Database Syst. 4(1): 97-106(1979) BibTeX
[FSW81]
...
[GGF93]
Nurith Gal-Oz, Ehud Gudes, Eduardo B. Fernández: A Model of Methods Access Authorization in Object-oriented Databases. VLDB 1993: 52-61 BibTeX
[HD92]
Thomas H. Hinke, Harry S. Delugach: Aerie: An Inference Modeling and Detection Approach for Databases. DBSec 1992: 179-194 BibTeX
[HZ90]
Sandra Heiler, Stanley B. Zdonik: Object Views: Extending the Vision. ICDE 1990: 86-93 BibTeX
[JS91]
Sushil Jajodia, Ravi S. Sandhu: Towards a Multilevel Secure Relational Data Model. SIGMOD Conference 1991: 50-59 BibTeX
[KU77]
John B. Kam, Jeffrey D. Ullman: A Model of Statistical Databases and Their Security. ACM Trans. Database Syst. 2(1): 1-10(1977) BibTeX
[LDS+90]
Teresa F. Lunt, Dorothy E. Denning, Roger R. Schell, Mark Heckman, William R. Shockley: The SeaView Security Model. IEEE Trans. Software Eng. 16(6): 593-607(1990) BibTeX
[MJ88]
Catherine Meadows, Sushil Jajodia: Integrity Versus Security in Multi-Level Secure Databases. DBSec 1987: 89-101 BibTeX
[Mor87]
Matthew Morgenstern: Security and Inference in Multilevel Database and Knowledge-Base Systems. SIGMOD Conference 1987: 357-373 BibTeX
[MSS88]
Subhasish Mazumdar, David W. Stemple, Tim Sheard: Resolving the Tension between Integrity and Security Using a Theorem Prover. SIGMOD Conference 1988: 233-242 BibTeX
[OT94]
Atsushi Ohori, Keishi Tajima: A Polymorphic Calculus for Views and Object Sharing. PODS 1994: 255-266 BibTeX
[Qia94]
...
[QSK+93]
...
[RBKW91]
Fausto Rabitti, Elisa Bertino, Won Kim, Darrell Woelk: A Model of Authorization for Next-Generation Database Systems. ACM Trans. Database Syst. 16(1): 88-131(1991) BibTeX
[Row89]
Neil C. Rowe: Inference-Security Analysis Using Resolution Theorem-Proving. ICDE 1989: 410-416 BibTeX
[Run92]
Elke A. Rundensteiner: Multiview: A Methodology for Supporting Multiple Views in Object-Oriented Databases. VLDB 1992: 187-198 BibTeX
[SLT91]
Marc H. Scholl, Christian Laasch, Markus Tresch: Updatable Views in Object-Oriented Databases. DOOD 1991: 189-207 BibTeX
[SO91]
Tzong-An Su, Gultekin Özsoyoglu: Controlling FD and MVD Inferences in Multilevel Relational Database Systems. IEEE Trans. Knowl. Data Eng. 3(4): 474-485(1991) BibTeX
[Spo89]
David L. Spooner: The Impact of Inheritance on Security in Object-Oriented Database Systems. DBSec 1988: 141-150 BibTeX
[TYI88]
Katsumi Tanaka, Masatoshi Yoshikawa, Kozo Ishihara: Schema Virtualization in Object-Oriented Databases. ICDE 1988: 23-30 BibTeX
BibTeX
ACM SIGMOD Anthology - DBLP: [Home | Search: Author, Title | Conferences | Journals]
ACM SIGMOD Anthology: Copyright © by ACM (info@acm.org), Corrections: anthology@acm.org
DBLP: Copyright © by Michael Ley (ley@uni-trier.de), last change: Sat May 16 23:40:33 2009