Enforcing Mandatory Access Control in Object Bases

Enforcement of mandatory policies in object-oriented systems generally requires objects to be single level; i.e., all attributes of an object must have the same security level. However, entities in real world are often multilevel and, therefore, support must be provided for representing these entities. In this paper, we show how multilevel entities can be represented using single level objects. The approach, which extends an earlier proposal by Bertino and Jajodia [4], is based on the notions of composite objects and delegations. We also discuss how our approach can be implemented by extending the message filter proposed by Jajodia and Kogan in [15].

[1]  Elisa Bertino,et al.  Object-Oriented Database Systems: Concepts and Architectures , 1993 .

[2]  Jay Banerjee,et al.  Composite object support in an object-oriented database system , 1987, OOPSLA 1987.

[3]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[4]  Kevin Wilkinson,et al.  Overview of the Iris DBMS , 1989, Research Foundations in Object-Oriented and Semantic Database Systems.

[5]  Stanley B. Zdonik Object-oriented data model , 1990 .

[6]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[7]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  M. B. Thuraisingham Mandatory security in object-oriented database systems , 1989, OOPSLA 1989.

[9]  C. V. Ramamoorthy,et al.  Knowledge and Data Engineering , 1989, IEEE Trans. Knowl. Data Eng..

[10]  Jonathan K. Millen,et al.  Security for object-oriented database systems , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  David Maier,et al.  The GemStone Data Management System , 1989, Object-Oriented Concepts, Databases, and Applications.

[12]  Elisa Bertino,et al.  Composite objects revisited , 1989, SIGMOD '89.

[13]  Won Kim,et al.  Object-Oriented Databases: Definition and Research Directions , 1990, IEEE Trans. Knowl. Data Eng..

[14]  Sushil Jajodia,et al.  Supporting Timing-Channel Free Computations in Multilevel Secure Object-Oriented Databases , 1991, DBSec.

[15]  Stanley B. Zdonik,et al.  Object-Oriented Type Evolution. , 1987 .

[16]  Sushil Jajodia,et al.  Referential Integrity in Multilevel Secure Database Management Systems , 1992, SEC.

[17]  Elisa Bertino,et al.  Modeling Multilevel Entities Using Single Level Objects , 1993, DOOD.

[18]  Elisa Bertino,et al.  Object-Oriented Query Languages: The Notion and the Issues , 1992, IEEE Trans. Knowl. Data Eng..

[19]  O. Deux,et al.  The Story of O2 , 1990, IEEE Trans. Knowl. Data Eng..

[20]  Won Kim,et al.  Features of the ORION Object-Oriented Database System , 1989, Object-Oriented Concepts, Databases, and Applications.