Abstract
Structurally object-oriented database systems are a new class of dedicated data storage systems which are intended to form the basis of CAD, CASE, and other design environments which are to support large, distributed development teams. Several concepts of discretionary access controls (DAC) for such systems have been proposed; these concepts support nested complex objects and nested working groups. However, they do not support roles in development teams such as designers, reviewers, managers etc., whose access rights are typically given in terms of object types rather than only in terms of objects.
This paper presents a concept of type-level DAC which is intended to complement instance-level DAC and to support roles in development projects. The concept consists of a formal model of the state of the object base with regard to access controls and a formula which derives from this state and the security context of a process the type-rights of this process. Our model has virtually no built-in, enforced policies; it allows users to realize a wide range of application-specific security policies. It supports multiple inheritance; in order to prevent inconsistent rights on types with common subtypes, certain consistency constraints are introduced. The model is group-oriented in that it supports nested working groups and inheritance of rights along group hierarchies. Access to individual types can be explicitly denied. It is implementable in a distributed system; the administration of rights can be fully decentralized.
This work was supported by Bundesministerium für Forschung und Technologie, Bonn, Germany, under grant no. ITS 9104 C.
Chapter PDF
Keywords
References
Brüggemann, H.H.: Rights in an object-oriented environment; internal report, Universität Hildesheim; 1990/10 (also to appear in: Database Security V (Proc. 5th IFIP WG 11.3 Workshop, Shepherdstone, West Virginia, Nov. 1991); 1991/11)
Common Ada Programming Support Environment (APSE) Interface Set (CAIS), Revision A; DoD-STD-1838A; 1988/05
DDM Requirements — Draft Proposal; CAD Framework Initiative, Inc., Austin TX; 1991/05
Dewal, S.; et al.: Evaluation of object management systems for software development environments (in German); p.404–411 in: Proc. BTW 91; Informatik-Fachberichte 270, Springer Verlag; 1991/03
Dittrich, K.R.; Härtig, M.; Pfefferle, H.: Discretionary access control in structurally object-oriented database systems; p. 105–121 in: Landwehr, C.E. (ed.): Database security II: status and prospects (Proc. 2. Workshop IFIP WG 11.3, Kingston, Ontario, 5.–7. Oct. 1988); Elsevier Science Publ.; 1989
Requirements and design criteria for tool support interface (Version 4); IEPG TA 13 (PCTE+/EURAC); 1989/01/13
Fernandez, E.B.; Gudes, E.; Song, H.: A security model for object-oriented databases; p. 110–115 in: Proc. IEEE Symp. on Security and Privacy, Oakland, California; 1988/04
Greif, I.; Sarin, S.: Data sharing in group work; ACM TOIS 5:2, p.187–211; 1987/04
Information Technology Security Evaluation Criteria (ITSEC) Harmonized Criteria of France, Germany, the Nederlands, the United Kingdom (Version 1); Der Bundesminister des Inneren, Bonn; 1990/05/02
Kelter, U.: Group-oriented discretionary access controls for distributed structurally object-oriented database systems; p.23–33 in: Proc. European Symposium on Research in Computer Security, Toulouse, October 24–26; AFCET; 1990/10
Kelter, U.: Group paradigms in discretionary access controls for object management systems; p.219–233 in: Long, F. (ed.): Software Engineering Environments. Proc. Ada Europe International Workshop on Environments, Chinon, September 1989; LNiCS 467, Springer Verlag; 1990
Kelter, U.: Views in H-PCTE; University of Hagen, Dep. Computer Science, Informatik Berichte 113; 1991/06
Kelter, U.: Distribution of Schemata in H-PCTE; International Workshop on Distributed Object Management, August 19–21, 1992, Edmonton, Canada; 1992
Larrondo-Petrie, M.M.; Gudes, E.; Song, H.; Fernandez, E.B.: Security policies in object-oriented databases; p.257–268 in: Spooner, D.L.; Landwehr, C.E. (ed.s): Database security III: status and prospects (Proc. 3. IFIP WG 11.3 Workshop, Monterey, California, 5.–7. Sept. 1989); Elsevier Science Publ. B.V.; 1990
Lunt, T.F.; Fernandez, E.B.: Database security; IEEE Data Engineering Bulletin 13:4, p.53–50; 1990/12 (appears also in: ACM SIGMOD RECORD 19:4, p.90–97; 1990/12)
PCTE+ Functional Specification, Issue 3; IEPG TA-13; 1988/10/28
Portable Common Tool Environment — Abstract Specification (Standard ECMA-149); European Computer Manufacturers Association, Geneva; 1990
Portable Common Tool Environment — C Bindings (Standard ECMA-158); European Computer Manufacturers Association, Geneva; 1991
Rabitti, F.; Bertino, E.; Kim, W.; Woelk, D.: A model of authorization for next-generation database systems; ACM ToDS 16:1, p.88–131; 1991/03
Satyanayaranan, M.: Integrating security in a large distributed system; ACM Trans. Comp. Systems 7:3, p.247–280; 1989
Spooner, D.L.: The impact of inheritance on security in object-oriented database systems; p.141–150 in: Landwehr, C.E. (ed.): Database security II: status and prospects (Proc. 2. Workshop IFIP WG 11.3, Kingston, Ontario, 5.–7. Oct. 1988); Elsevier Science Publ.; 1989
Unland, R., Schlageter, G.: Object-oriented database systems: concepts and perspectives; p.154–197 in: Blaser, A. (ed.): Database systems of the 90s; LNiCS 466, Springer; 1990
Vossen, G.: Bibliography on object-oriented database management; SIGMOD Record 20:1, p.24–46; 1991/03
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Kelter, U. (1992). Type-level access controls for distributed structurally object-oriented database systems. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013890
Download citation
DOI: https://doi.org/10.1007/BFb0013890
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive