The security API of IRO-DB

This paper describes the application programming interface (API) providing authorization and access control in IRO-DB. IRO-DB is an ODMB compliant federated database system supporting interoperable access between relational and object-oriented databases. The developed security API implements a federated, administrative, discretionary access control policy which is role-based but additionally supports ownership of data. Authorization rules can be positive as well as negative and use implied authorization for deriving implicit access from a set of explicit rules. The security API depicts a C++ class library maintaining security information (like authorization subjects, objects, and rules) and providing security mechanisms (like identification, authentication, authorization and access control). As a consequence of providing interoperable access by keeping the autonomy of participating component databases a mapping mechanism between the heterogeneous local security policies and the global IRO-DB policy had to be provided. Corresponding functionality is also included in the IRO-DB security API.

[1]  ZhaoHui Tang,et al.  Calibrating the Query Optimizer Cost Model of IRO-DB, an Object-Oriented Federated Database System , 1996, VLDB.

[2]  David Jordan,et al.  The Object Database Standard: ODMG 2.0 , 1997 .

[3]  William E. Lorensen,et al.  Object-Oriented Modeling and Design , 1991, TOOLS.

[4]  Klaus R. Dittrich,et al.  Argos - A Configurable Access Control System for Interoperable Environments , 1995, DBSec.

[5]  A. M. Tjoa,et al.  Access controls for federated database environments - taxonomy of design choices , 1995 .

[6]  Günther Pernul Canonical Security Modeling for Federated Databases , 1992, DS-5.

[7]  Peter Fankhauser,et al.  IRO-DB An Object-Oriented Approach towards Federated and Interoperable DBMS (Invited Paper) , 1994, ADBIS.

[8]  A Min Tjoa,et al.  The security architecture of IRO-DB , 1996, SEC.

[9]  A Min Tjoa,et al.  Authorization and access control in IRO-DB , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[10]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[11]  Günther Pernul Database Security , 1994, Adv. Comput..

[12]  Erich J. Neuhold,et al.  Federated Schemata in ODMG , 1994, East/West Database Workshop.

[13]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[14]  Jie Wu,et al.  User Group Structures in Object-Oriented Database Authorization , 1994, DBSec.

[15]  Béatrice Finance,et al.  IRO-DB: a distributed system federating object and relational databases , 1995 .

[16]  R. G. G. Cattell,et al.  The Object Database Standard: ODMG-93 (Release 1.1) , 1994 .

[17]  Klaus R. Dittrich,et al.  An Approach for Building Secure Database Federations , 1994, VLDB.

[18]  Tom Atwood,et al.  Object Database Standard: ODMG-93, Release 1.2 , 1995 .