A compile-time model for safe information flow in object-oriented databases

Security is an important topic for Object-oriented databases (OODB). Discretionary authorization models do not provide the high assurance provided by Mandatory models, the latter ones, however, are too rigid for commercial applications. Therefore discretionary, information-flow control models are needed, especially when transactions containing general methods invocations are considered.

[1]  Ehud Gudes,et al.  A Model of Methods Access Authorization in Object-oriented Databases , 1993, VLDB.

[2]  Elisa Bertino,et al.  A Temporal Access Control Mechanism for Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[3]  Ehud Gudes,et al.  Compile-Time Flow Analysis of Transactions and Methods in Object-Oriented Databases , 1997, DBSec.

[4]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[5]  Michael Stonebraker,et al.  The design and implementation of INGRES , 1976, TODS.

[6]  Elisa Bertino,et al.  Information Flow Control in Object-Oriented Systems , 1997, IEEE Trans. Knowl. Data Eng..

[7]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[8]  Won Kim,et al.  Introduction to Object-Oriented Databases , 1991, Computer systems.

[9]  C. V. Ramamoorthy,et al.  Knowledge and Data Engineering , 1989, IEEE Trans. Knowl. Data Eng..

[10]  Frank Yellin,et al.  Low Level Security in Java , 1995, WWW.

[11]  Ehud Gudes,et al.  A Model for Evaluation and Administration of Security in Object-Oriented Databases , 1994, IEEE Trans. Knowl. Data Eng..