Capability-Based Primitives for Access Control in Object-Oriented Systems

Access control is the cornerstone of information security and integrity, but the semantic diversity of object models makes it difficult to provide a common foundation for access control in object-oriented systems. This paper presents a primitive capability-based access control architecture that can model a variety of authorization policies. The architecture described is integrated at the meta-object level of the Meta-Object Operating System Environment, providing a common foundation for access control in heterogeneous object models.

[1]  Frédéric Cuppens,et al.  A Logical Approach to Model a Multilevel Object-Oriented Database , 1996, DBSec.

[2]  Bhavani M. Thuraisingham,et al.  SODA: A secure object-oriented database system , 1989, Comput. Secur..

[3]  Bhavani M. Thuraisingham,et al.  A Fine-grained Access Control Model for Object-Oriented DBMSs , 1994, DBSec.

[4]  Ward Rosenberry,et al.  Understanding DCE , 1992 .

[5]  Jie Wu,et al.  User Group Structures in Object-Oriented Database Authorization , 1994, DBSec.

[6]  Klaus R. Dittrich,et al.  Argos - A Configurable Access Control System for Interoperable Environments , 1995, DBSec.

[7]  M. B. Thuraisingham Mandatory security in object-oriented database systems , 1989, OOPSLA 1989.

[8]  Sujeet Shenoi,et al.  A Framework for High Assurance Security of Distributed Objects , 1996, DBSec.

[9]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[10]  Hans Hermann Brüggemann,et al.  Rights in an Object-Oriented Environment , 1991, DBSec.

[11]  Elisa Bertino,et al.  Supporting multiple access control policies in database systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  David Elliott Bell,et al.  Modeling the "Multipolicy Machine" , 1994, Proceedings New Security Paradigms Workshop.

[13]  Ehud Gudes,et al.  A Model of Methods Access Authorization in Object-oriented Databases , 1993, VLDB.

[14]  Bhavani M. Thuraisingham,et al.  Mandatory security in object-oriented database systems , 1989, OOPSLA '89.

[15]  Gul A. Agha,et al.  ACTORS - a model of concurrent computation in distributed systems , 1985, MIT Press series in artificial intelligence.

[16]  Robert S. Fabry,et al.  Capability-based addressing , 1974, CACM.

[17]  R. Sandhu,et al.  Discretionary Access Control In Object-Oriented Databases: Issues And Research Directions , 1993 .

[18]  Daniel G. Bobrow,et al.  Object-Oriented Programming: Themes and Variations , 1989, AI Mag..

[19]  Gio Wiederhold,et al.  Mediators in the architecture of future information systems , 1992, Computer.

[20]  T. C. Ting,et al.  URBS Enforcement Mechanisms for Object-Oriented Systems , 1995, DBSec.

[21]  Elisa Bertino,et al.  A new Authorization Model for Object-Oriented Databases , 1994, DBSec.

[22]  Klaus R. Dittrich,et al.  Discretionary Access Control in Structurally Object-Oriented Database Systems , 1988, DBSec.

[23]  Paul A. Karger,et al.  Implementing commercial data integrity with secure capabilities , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[24]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  Elisa Bertino,et al.  Access Control in Object-Oriented Database Systems - Some Approaches and Issues , 1993, Advanced Database Systems.

[26]  Paul A. Karger,et al.  An Augmented Capability Architecture to Support Lattice Security and Traceability of Access , 1984, 1984 IEEE Symposium on Security and Privacy.

[27]  Marvin Schaefer,et al.  Multilevel Data Model for the Trusted ONTOS Prototype , 1995, DBSec.