The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
La détection des failles de sécurité est importante afin de garantir la sécurité de la base de données. Une faille de sécurité dans les bases de données orientées objet signifie qu'un utilisateur peut déduire le résultat d'une méthode non autorisée uniquement à partir de méthodes autorisées. Bien qu'un système de gestion de base de données applique le contrôle d'accès par une autorisation, des failles de sécurité peuvent survenir sous l'autorisation. L'objectif principal de cet article est de montrer un algorithme de décision efficace pour détecter une faille de sécurité sous une autorisation donnée. Ce problème peut être résolu en temps polynomial dans des cas pratiques en le réduisant au problème de fermeture de congruence. Cet article mentionne également le problème de trouver un sous-ensemble maximal d'une autorisation donnée sous lequel aucune faille de sécurité n'existe.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Toshiyuki MORITA, Yasunori ISHIHARA, Hiroyuki SEKI, Minoru ITO, "A Formal Approach to Detecting Security Flaws in Object-Oriented Databases" in IEICE TRANSACTIONS on Information,
vol. E82-D, no. 1, pp. 89-98, January 1999, doi: .
Abstract: Detecting security flaws is important in order to keep the database secure. A security flaw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security flaws can occur under the authorization. The main aim of this paper is to show an efficient decision algorithm for detecting a security flaw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of finding a maximal subset of a given authorization under which no security flaw exists.
URL: https://global.ieice.org/en_transactions/information/10.1587/e82-d_1_89/_p
Copier
@ARTICLE{e82-d_1_89,
author={Toshiyuki MORITA, Yasunori ISHIHARA, Hiroyuki SEKI, Minoru ITO, },
journal={IEICE TRANSACTIONS on Information},
title={A Formal Approach to Detecting Security Flaws in Object-Oriented Databases},
year={1999},
volume={E82-D},
number={1},
pages={89-98},
abstract={Detecting security flaws is important in order to keep the database secure. A security flaw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security flaws can occur under the authorization. The main aim of this paper is to show an efficient decision algorithm for detecting a security flaw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of finding a maximal subset of a given authorization under which no security flaw exists.},
keywords={},
doi={},
ISSN={},
month={January},}
Copier
TY - JOUR
TI - A Formal Approach to Detecting Security Flaws in Object-Oriented Databases
T2 - IEICE TRANSACTIONS on Information
SP - 89
EP - 98
AU - Toshiyuki MORITA
AU - Yasunori ISHIHARA
AU - Hiroyuki SEKI
AU - Minoru ITO
PY - 1999
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E82-D
IS - 1
JA - IEICE TRANSACTIONS on Information
Y1 - January 1999
AB - Detecting security flaws is important in order to keep the database secure. A security flaw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security flaws can occur under the authorization. The main aim of this paper is to show an efficient decision algorithm for detecting a security flaw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of finding a maximal subset of a given authorization under which no security flaw exists.
ER -