Control for Database Federations a discussion of the state-ofthe-art

This paper considers a particular aspect of interoperability: the secure operation of database federations. A database system joining a federation aims to sacrifice neither its security nor its functionality. Existing applications should remain unaffected by the federation's processing, confidentiality and integrity have to be preserved, etc. In this paper we focus on a particular aspect of security, namely confidentiality enforced by discretionary access control. We discuss some approaches, their main contributions and limitations and elucidate important problems to be solved in the future. These considerations form a basis for the CHASSIS1 project that has been started recently and aims at providing a securityand reliabilityoriented integration framework to support the secure construction and operation of interoperable information systems.

[1]  Vijay Varadharajan,et al.  An analysis of the proxy problem in distributed systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Klaus R. Dittrich,et al.  An Object-Oriented Integration Framework for Building Heterogeneous Database Systems , 1992, DS-5.

[3]  G. V. Singh,et al.  Access control in distributed heterogeneous database management systems , 1991, Comput. Secur..

[4]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[5]  Klaus R. Dittrich,et al.  Objektidentifikation in Heterogenen Datenbanksystemen oder: Was tun, wenn die globale Schnittstelle "zu mächtig" wird? , 1993 .

[6]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[7]  Elisa Bertino,et al.  Views and Security in Distributed Database Management Systems , 1988, EDBT.

[8]  Ching-Yi Wang,et al.  Access Control in a Heterogeneous Distributed Database Management System , 1987, IEEE International Symposium on Reliable Distributed Systems.

[9]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[10]  Eduardo B. Fernandez,et al.  Database Security and Integrity , 1981 .

[11]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Simon S. Lam,et al.  Authorization in distributed systems: a formal approach , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Elisa Bertino,et al.  Composite objects revisited , 1989, SIGMOD '89.

[14]  David J. DeWitt,et al.  The Object-Oriented Database System Manifesto , 1994, Building an Object-Oriented Database System, The Story of O2.

[15]  Oscar Nierstrasz,et al.  CHASSIS - A Platform for Constructing Open Information Systems , 1993 .

[16]  Michael K. Reiter,et al.  Integrating security in a group oriented distributed system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Bhavani M. Thuraisingham,et al.  Security Issues in Federated Database Systems: Panel Contributions , 1991, Database Security.

[18]  Klaus R. Dittrich,et al.  Complex Subjects, or: The Striving for Complexity is Ruling our World , 1993, DBSec.

[19]  Michael Stonebraker,et al.  Implementation of integrity constraints and views by query modification , 1975, SIGMOD '75.