Security Enforcement in the DOK Federated Database System

The Distributed Object Kernel (DOK) is a federated database system currently under development at the Royal Melbourne Institute of Technology. One of the issues currently under study is the development of a federated access control, as well a secure logical architecture allowing the DOK system to enforce federated security policies in the context of autonomous, distributed and heterogeneous databases. In this paper, we propose a Unified Security Model aiming for the integration of existing access control models, such as Mandatory Access Control and Discretionary Access Control, which could have been imposed on local components of a DOK application. Also, we extend the initial DOK multi-layered architecture proposed in (Tari et al. 1996) to include different types of security agents allowing the enforcement of different security functions within a federated environment. Coordination agents are responsible for maintaining a federation in a secure state by delegating the different functions to specific agents, called Task agents. By delegating the access of information within local databases to Database agents, the Task agents enforce the federated security policies using specific security procedures.

[1]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[2]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[3]  Zahir Tari,et al.  Interoperability between Database Models , 1992, DS-5.

[4]  Jennifer Widom,et al.  Active Database Systems: Triggers and Rules For Advanced Database Processing , 1994 .

[5]  Leonard J. Binns Inference Through Secondary Path Analysis , 1993, DBSec.

[6]  Ehud Gudes,et al.  A security model for object-oriented databases , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[7]  Tsau Young Lin Multilevel Database and Aggregated Security Algebra , 1990, DBSec.

[8]  Bhavani M. Thuraisingham,et al.  Design of LDV: a multilevel secure relational database management system , 1990 .

[9]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[10]  Eduardo B. Fernández,et al.  Database security , 1990, SGMD.

[11]  Zahir Tari,et al.  Querying conceptual schemata of object-oriented databases , 1996, Proceedings of 7th International Conference and Workshop on Database and Expert Systems Applications: DEXA 96.

[12]  Zahir Tari ERC++: A Conceptual Data Model Based on Object and Logic Paradigms. , 1993, CIKM 1993.

[13]  G. V. Singh,et al.  Access control in distributed heterogeneous database management systems , 1991, Comput. Secur..

[14]  Zahir Tari,et al.  Object-oriented technology for interschema and language mappings , 1995 .

[15]  Martin S. Olivier,et al.  A Multilevel Secure Federated Database , 1994, DBSec.

[16]  Günther Pernul Canonical Security Modeling for Federated Databases , 1992, DS-5.

[17]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[18]  Zahir Tari Interoperability between new Database Languages , 1992 .

[19]  Zahir Tari,et al.  Towards Cooperative Databases : The Distributed Object Kernel ( DOK ) Approach , 1996 .

[20]  Zahir Tari,et al.  R-OK: a reflective model for distributed object management , 1995, Proceedings RIDE-DOM'95. Fifth International Workshop on Research Issues in Data Engineering-Distributed Object Management.

[21]  Bhavani M. Thuraisingham,et al.  Security Issues in Federated Database Systems: Panel Contributions , 1991, Database Security.

[22]  Klaus R. Dittrich,et al.  An Approach for Building Secure Database Federations , 1994, VLDB.

[23]  Bhavani M. Thuraisingham,et al.  Security checking in relational database management systems augmented with inference engines , 1987, Comput. Secur..

[24]  Bhavani M. Thuraisingham Security issues for federated database systems , 1994, Comput. Secur..