A Role-Based Model for Access Control in Database Federations

Data access security in federated information systems with loose coupling among local data sources is hard to achieve mainly for two reasons: local data information source heterogeneity (data models, access security models, semantics...), local autonomy which do not allow to create a global integrated consistent security schema. To solve some of such problems we propose a role-based object model to describe the local data access security schemas (discretionary and non-discretionary models). Interoperability among the various local data sources is achieved by a rich descriptive layer at the federated level. The global security policy allows to define the choices concerning information flow control both for importation (from the federation to a local system) and exportation (from a local system to the federation).

[1]  Jonathan K. Millen,et al.  Security for object-oriented database systems , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[3]  Danielle Boulanger,et al.  Semantic cooperation of legacy information systems: an object-oriented framework , 1997, Database and Expert Systems Applications. 8th International Conference, DEXA '97. Proceedings.

[4]  Günther Pernul Canonical Security Modeling for Federated Databases , 1992, DS-5.

[5]  Ravi S. Sandhu Role Hierarchies and Constraints for Lattice-Based Access Controls , 1996, ESORICS.

[6]  Martin S. Olivier,et al.  A Multilevel Secure Federated Database , 1994, DBSec.

[7]  Sylvia L. Osborn,et al.  Modeling Mandatory Access Control in Role-Based Security Systems , 1995, DBSec.

[8]  G. V. Singh,et al.  Access control in distributed heterogeneous database management systems , 1991, Comput. Secur..

[9]  Zahir Tari,et al.  Security Enforcement in the DOK Federated Database System , 1996, DBSec.

[10]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[11]  Silvana Castano,et al.  Analysis, Comparison and Design of Role-Based Security Specifications , 1996, Data Knowl. Eng..

[12]  Teresa F. Lunt,et al.  Multilevel Security for Object-Oriented Database Systems , 1989, Database Security.

[13]  Ravi S. Sandhu,et al.  How to do discretionary access control using roles , 1998, RBAC '98.

[14]  Klaus R. Dittrich,et al.  An Approach for Building Secure Database Federations , 1994, VLDB.

[15]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Danielle Boulanger,et al.  An Object Approach for Information System Cooperation , 1998, Inf. Syst..