Security Management Methods in Object-Oriented Database
Abstract
Security for object-oriented databases follows the traditional lines of discretionary access control, mandatory access control, and multilevel secure database systems. Security and integrity can be implemented in the object-oriented database model. We propose extensions to the basic data model to incorporate security and integrity. Our secrecy/integrity mechanism is based on the idea access control in function granularity is one of the features of many object-oriented databases. In those systems, the users are granted rights to invoke composed functions instead of rights to invoke primitive operations. Although primitive operations are invoked inside composed functions, the users can invoke them only through the granted functions. This achieves access control in abstract operation level. Access control utilizing encapsulated functions, however, easily causes many “security flaws” through which malicious users can bypass the encapsulation and can abuse the primitive operations inside the functions. In this paper, we develop a technique to statically detect such security flaws. First, we design a framework to describe security requirements that should be satisfied. Then, we develop an algorithm that syntactically analyzes program code of the functions and determines whether given security requirements are satisfied or not. This algorithm is sound, that is, whenever there is a security flaw, it detects it.
References
Full Text: PDF
Refbacks
- There are currently no refbacks.