High assurance discretionary access control for object bases

Discretionary access control, based on checking access requests against users' authorizations, does not provide any way of restricting the usage of information once it has been “legally” accessed. This makes discretionary systems vulnerable to Trojan Horses maliciously leaking information. Therefore the need arises for providing additional controls limiting the indiscriminate flow of information in the system. This paper proposes a message filter complementing discretionary authorization control in object-oriented systems to limit the vulnerability of authorization systems to Trojan Horses. The encapsulation property of the object-oriented data model, which requires that access to objects be possible only through defined methods, makes information flow in such systems have a very concrete and natural embodiment in the form of messages and their replies. As a result, information information flow can be controlled by mediating the transmission of messages exchanged between objects. The message filter intercepts every message exchanged between objects to ensure that information is not leaked to objects accessible by users not allowed for it.

[1]  Ravi S. Sandhu,et al.  Implementing the Message Filter Object-Oriented Security Model without Trusted Subjects , 1992, DBSec.

[2]  Elisa Bertino,et al.  Data hiding and security in object-oriented databases , 1992, [1992] Eighth International Conference on Data Engineering.

[3]  K. G. Walter,et al.  Primitive Models for Computer Security , 1974 .

[4]  Paul A. Karger,et al.  Limiting the Damage Potential of Discretionary Trojan Horses , 1987, 1987 IEEE Symposium on Security and Privacy.

[5]  Klaus R. Dittrich,et al.  Discretionary Access Control in Structurally Object-Oriented Database Systems , 1988, DBSec.

[6]  Luis-Felipe Cabrera,et al.  CACL: efficient fine-grained protection for objects , 1992, OOPSLA 1992.

[7]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[8]  Ehud Gudes,et al.  A security model for object-oriented databases , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[9]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[11]  Elisa Bertino,et al.  An Approach to Authorization Modeling in Object-Oriented Database Systems , 1994, Data Knowl. Eng..

[12]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Rafiul Ahad,et al.  Supporting Access Control in an Object-Oriented Database Language , 1992, EDBT.

[14]  Luis-Felipe Cabrera,et al.  CACL: efficient fine-grained protection for objects , 1992, OOPSLA.

[15]  Alley Stoughton Access Flow: A Protection Model which Integrates Access Control and Information Flow , 1981, 1981 IEEE Symposium on Security and Privacy.

[16]  Sushil Jajodia,et al.  Supporting Timing-Channel Free Computations in Multilevel Secure Object-Oriented Databases , 1991, DBSec.