A Model for Evaluation and Administration of Security in Object-Oriented Databases

The integration of object-oriented programming concepts with databases is one of the most significant advances in the evolution of database systems. Many aspects of such a combination have been studied, but there are few models to provide security for this richly structured information. We develop an authorization model for object-oriented databases. This model consists of a set of policies, a structure for authorization rules, and algorithms to evaluate access requests against the authorization rules. User access policies are based on the concept of inherited authorization applied along the class structure hierarchy. We propose also a set of administrative policies that allow the control of user access and its decentralization. Finally, we study the effect of class structuring changes on authorization. >

[1]  Teresa F. Lunt,et al.  Access Control Policies for Database Systems , 1988, DBSec.

[2]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[3]  Stanley Y. W. Su Modeling Integrated Manufacturing Data with SAM* , 1986, Computer.

[4]  Herman Lam,et al.  An Object-oriented Semantic Association Model, AI in Industrial Engineering and Manufacturing: Theoretical Issues and Applications(OSAM*) , 1988 .

[5]  Jay Banerjee,et al.  Semantics and implementation of schema evolution in object-oriented databases , 1987, SIGMOD '87.

[6]  Eduardo B. Fernandez,et al.  Database Security and Integrity , 1981 .

[7]  Udo Kelter Group-Oriented Discretionary Access Controls for Distributed Structurally Object-Oriented Database Systems , 1990, ESORICS.

[8]  Michael Stonebraker,et al.  The INGRES protection system , 1976, ACM '76.

[9]  David L. Spooner,et al.  The ROSE Data Manager: Using Object Technology to Support Interactive Engineering Applications , 1989, IEEE Trans. Knowl. Data Eng..

[10]  Ehud Gudes,et al.  Security Policies in Object-Oriented Databases , 1989, DBSec.

[11]  David L. Spooner,et al.  The Impact of Inheritance on Security in Object-Oriented Database Systems , 1988, DBSec.

[12]  Stanley Modeling lntegrated Manufacturing Data with SAM , 1986, Computer.

[13]  William E. Lorensen,et al.  Object-Oriented Modeling and Design , 1991, TOOLS.

[14]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[15]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[16]  Haiyan Song An authorization model for object-oriented and semantic databases , 1990 .

[17]  Eduardo B. Fernández,et al.  Decentralized Authorization In A Database System , 1979, Fifth International Conference on Very Large Data Bases, 1979..

[18]  Benjamin W. Wah,et al.  Editorial: Two Named to Editorial Board of IEEE Transactions on Knowledge and Data Engineering , 1996 .

[19]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[20]  Tomás Lang,et al.  Definition and evaluation of access rules in data management systems , 1975, VLDB '75.

[21]  Ravi S. Sandhu,et al.  The NTree: a two dimension partial order for protection groups , 1988, TOCS.

[22]  Won Kim,et al.  A Model of Authorization for Object-Oriented and Semantic Databases , 1988, EDBT.

[23]  Won Kim,et al.  Introduction to Object-Oriented Databases , 1991, Computer systems.

[24]  Ehud Gudes,et al.  A security model for object-oriented databases , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[25]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[26]  Elisa Bertino,et al.  Object-oriented database management systems: concepts and issues , 1991, Computer.

[27]  Udo Kelter Discretionary access controls in a high-performance object management system , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[28]  Morris Sloman,et al.  The source of authority for commercial access control , 1988, Computer.

[29]  Won Kim,et al.  Object-Oriented Databases: Definition and Research Directions , 1990, IEEE Trans. Knowl. Data Eng..