Secure mediated databases

With the evolution of the information superhighway, there is now an immense amount of information available in a wide variety of databases. Furthermore, users often have the ability to access legacy software packages developed by external sources. However, sometimes both the information provided by a data source, as well as one or more of the functions available through a software package may be sensitive-in such cases, organizations require that access by users be controlled. HERMES (HEterogeneous Reasoning and MEdiator System) is a platform that has been developed at the University of Maryland within which mediators may be designed and implemented. HERMES has already been used for a number of applications. In this paper, we provide a formal model of security in mediated systems. We then develop techniques that are sound and complete and respect security constraints of packages/databases participating in the mediated system. The security constraints described an this paper have been implemented, and we describe the existing implementation.

[1]  Gio Wiederhold,et al.  Mediators in the architecture of future information systems , 1992, Computer.

[2]  Sarit Kraus,et al.  Declarative Foundations of Secure Deductive Databases , 1992, ICDT.

[3]  John Grant,et al.  An algebra and calculus for relational multidatabase systems , 1991, [1991] Proceedings. First International Workshop on Interoperability in Multidatabase Systems.

[4]  Rafiul Ahad,et al.  Supporting Access Control in an Object-Oriented Database Language , 1992, EDBT.

[5]  V. S. Subrahmanian,et al.  Using hybrid knowledge bases for missile siting problems , 1994, Proceedings of the Tenth Conference on Artificial Intelligence for Applications.

[6]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[7]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  W. Alex Gray,et al.  Providing Dynamic Security Control in a Federated Database , 1994, VLDB.

[9]  Anil Nerode,et al.  Hybrid Knowledge Bases , 1996, IEEE Trans. Knowl. Data Eng..

[10]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[11]  Guido Moerkotte,et al.  Efficient maintenance of materialized mediated views , 1995, SIGMOD '95.

[12]  V. S. Subrahmanian,et al.  Hybrid knowledge bases for real-time robotic reasoning1 , 1994 .

[13]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[14]  V. S. Subrahmanian Amalgamating knowledge bases , 1994, TODS.

[15]  Ali R. Hurson,et al.  Automated resolution of semantic heterogeneity in multidatabases , 1994, TODS.

[16]  Jonathan K. Millen,et al.  Security for object-oriented database systems , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Craig A. Knoblock,et al.  Retrieving and Integrating Data from Multiple Information Sources , 1993, Int. J. Cooperative Inf. Syst..

[18]  Klaus R. Dittrich,et al.  An Approach for Building Secure Database Federations , 1994, VLDB.

[19]  Timothy W. Finin,et al.  A semantics approach for KQML—a general purpose communication language for software agents , 1994, CIKM '94.

[20]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[21]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[22]  Gio Wiederhold,et al.  Intelligent integration of information , 1993, SIGMOD Conference.

[23]  Ravi Krishnamurthy,et al.  Language features for interoperability of databases with schematic discrepancies , 1991, SIGMOD '91.

[24]  V. S. Subrahmanian,et al.  Amalgamating Knowledge Bases, II: Distributed Mediators , 1994, Int. J. Cooperative Inf. Syst..

[25]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[26]  P ShethAmit,et al.  Federated database systems for managing distributed, heterogeneous, and autonomous databases , 1990 .