Verification of the Security against Inference Attacks on XML Databases

Kenji HASHIMOTO, Kimihide SAKANO, Fumikazu TAKASUKA, Yasunori ISHIHARA, Toru FUJIWARA
2009 IEICE transactions on information and systems  
This paper discusses verification of the security against inference attacks on XML databases. First, a security definition called ksecrecy against inference attacks on XML databases is proposed. k-secrecy with an integer k > 1 (or k = ∞) means that attackers cannot narrow down the candidates for the value of the sensitive information to k − 1 (or finite), using the results of given authorized queries and schema information. Secondly, an XML query model such that verification can be performed
more » ... aightforwardly according to the security definition is presented. The query model can represent practical queries which extract some nodes according to any of their neighboring nodes such as ancestors, descendants, and siblings. Thirdly, another refinement of the verification method is presented, which produces much smaller intermediate results if a schema contains no arbitrarily recursive element. The correctness of the refinement is proved, and the effect of the refinement in time and space efficiency has been confirmed by experiment.
doi:10.1587/transinf.e92.d.1022 fatcat:tcwlmzo5srdwde2unjgz37ewya