Dittrich, K.R., Hartig, M., Pfefferle, H.: Discretionary Access Control in Structurally Object -oriented Satabase Systems. In C.E Landwehr (Ed.): Database Security II: Status and Prospects, Elsevier Science Publishers B.V. (North-Holland), 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....authorized persons and operations. Besides integrity and confidentiality, database security concerns itself with the efficient application of security relevant operations and avoidance of unnecessary denial of service. There has been a flurry of activity in OODBS security [Thu89, KTT89b, RWK88, DHP89, NO91] a trend that is likely to continue as OODBS establish their presence in the marketplace. Rabitti et al. [RWK88] introduce the notion of implicit authorizations that can be deduced from explicitly stored specifications. Considering subjects, objects and access types, we can have implicit ....

....and implicit authorizations on access types. Such an approach enables the specification of a few rules which can then be used to deduce authorization based on some ordering. Several such schemes are defined in [RWK88] Our protection retinue is in agreement with these schemes. Dittrich et al. [DHP89] introduce the notions of structural and behavioural approaches to protection. Thus, in terms of structure, we need to worry about how authorizations to aggregates (sets, or sequences) are managed with respect to those of the components (or members) of the aggregates (sets, or sequences) In ....

K.R. Dittrich, M. Hartig, and H. Pfefferle. Discretionary Access Control in Structurally Object Oriented Database Systems. In C.E. Landwehr, editor, Database Security II: Status and Prospects. IFIP, North-Holland, 1989.

....Behaviorally OODBSystems provide an interface to deal with objects and methods on different levels of the inheritance hierarchy. Fully OODBSystems combine the properties of structurally and behaviorally OODBSystems. Access control models for these classes of OODBSystems were discussed in [3, 12, 13, 14, 43, 45, 60, 85, 109, 110]. The models promise to offer some solutions to the forthcoming issues. However, each of them addresses only some of the issues, therefore many problems remain open. 6.1 DAC in Structurally OODBS In structurally OODBS, the privileges are typically generic system defined operations such as read, ....

....some of the issues, therefore many problems remain open. 6.1 DAC in Structurally OODBS In structurally OODBS, the privileges are typically generic system defined operations such as read, write, delete, and read definition. 6.1. 1 DAMOKLES Access Control Model Dittrich, Hartig, and Pfefferle [43] developed a DAC model for the DAMOKLES system [41] DAMOKLES is a structurally OODBSystem for CASE and similar applications and its data model called DODM (design object data model) 42] Two type of objects are supported by the model: DODM objects, and DODM relationships. The access control ....

K. R. Dittrich, M. Hartig, and H. Pfefferle. Discretionary Access Control in Structurally Object-Oriented Database Systems. In C. E. Landwehr, editor, Database Security II: Status and Prospects, pages 105--121. Elsevier Science Publishers B. V. (North-Holland) IFIP, 1989.

....of a class. In this way we obtain the class composition hierarchy. It shows how classes are defined in terms of other classes. This is a horizontal hierarchy describing the structure of an object. It is the main view of the structurally object oriented databases, according to Dittrich s taxonomy [4]. The inheritance feature allows one to declare a class as a specialization of another class. The former is named the subclass of the latter, also known as the superclass. The user may specify additional attributes and methods for the subclass or may even override old attributes and methods. A ....

K.R. Dittrich, M. Hartrig and H. Pfeferlee, "Discretionary Access Control in Structurally Object-Oriented Database Systems," Database Security, Status and Prospects, C.E. Landwehr (Ed.), pp. 105-122, Elsevier Science Publisher B.V. (North-Holland).

....available to all users without control. Thus, security offered in object oriented approaches cannot differentiate between user needs based on their individual responsibilities. Research and development for access control in databases has traditionally taken an approach based on security clearance [12, 13, 18, 19, 22, 29, 35, 36] using the Bell and Lapadula security model [3] These multi level secure approaches support mandatory access control (MAC) to classify and tag data with relevant security levels. To complement MAC, discretionary access 1 INTRODUCTION 3 control (DAC) has been proposed [21, 30, 34] to allow ....

K. Dittrich, et al., "Discretionary Access Control in Structurally Object-Oriented Systems", in Database Security, II: Status and Prospects, C. Landwehr (ed.), North-Holland, 1989.

....has become a touchstone for developing modern distributed systems, the full potential of access control mechanisms for objects has yet to be realized. Most of the advances and successful applications of object access control have been confined to the area of database security (see, e.g. Dittrich et al. 1989; Keefe et al. 1989; Jajodia and Kogan, 1990; Bruggemann, 1992; Thomas and Sandhu, 1993; Bertino et al. 1993,1994; Herndon, 1994; Rosenthal et al. 1994; Fernandez et al. 1994, 1995; Jonscher and Dittrich, 1995; Schaefer et al. 1995; Cuppens and Gabillon, 1997) Several factors have limited ....

....filters and method based access control. Integrating these features in a meta object model results in a rich framework for expressing a variety of authorization models for object oriented systems. Research efforts in object oriented systems and database security have also influenced this work (Dittrich et al. 1989; Thuraisingham, 1989; Thomas and Sandhu, 1993; Bertino et al. 1993; Herndon, 1994; Fernandez et al. 1994, 1995; Demurjian et al. 1995; Cuppens and Gabillon, 1997) The ORION ITASCA system adopts a model of discretionary access control for objects that embraces notions of explicit implicit, ....

Dittrich, K., Hartig, M. and Pfefferle, H. (1989) Discretionary access control in structurally objectoriented database systems, in Database Security, II: Status and Prospects (ed. C. Landwehr), Elsevier, Amsterdam, 105--121.

....desired level of granularity if a powerful enough query language is used for their definition. They also provide an object content dependent authorization. So far, several authorization models for object oriented databases, which support discretionary or mandatory access control, have been defined [6, 8, 1, 2, 7, 9, 10, 11, 12, 17, 18, 19]. However, none of them support content based access control on instances of a class. Recently, several authorization models based on methods, which support content based authorization, have been proposed [13, 5] This approach has the drawback that method specification would be dependent on ....

K. R. Dittrich and M. Hartig and H. Pfefferle. Discretionary Access Control In Structurally Object-Oriented Database Systems. In Database Security II: Status and Prospects, C. E. Landwehr (Editor), pages 105--121. Elsevier Science Publishers B. V. (North-Holland), IFIP, 1989.

....of flexible and arbitrarily specific discretionary policies. Discretionary access control (DAC) models for objectoriented databases are more complex than their relational counterparts. Hence, developing authorization models for object oriented databases have been the subject of intensive research [7, 4, 6, 18, 2]. In this paper, we propose a cryptographic solution to discretionary access control for structurally object oriented database system based on the application of Sibling Intractable Function Families (SIFFs) introduced by Zheng, Hardjono, and Pieprzyk [21] The approach is based on creating an ....

K. R. Dittrich, M. Hartig, and H. Pfefferle. Discretionary access control in structurally object-oriented database systems. In Database Security II: Status and Prospects, C. E. Landweter (Editor), pages 105--121. Elsevier Science Publishs B. V. (North-Holland), IFIP, 1989.

....have a security policy capable of dealing with data stored as arbitrary collections of objects. It is this last approach that is addressed in this paper. Prior work addressing security in general purpose object oriented database systems has focused primarily on structurally object oriented systems [7,8]. This paper addresses behaviorally and fully object oriented systems, and, in particular, the impact that inheritance has on defining security in such systems. No solutions are offered. Rather, this paper identifies problems that need to be addressed when developing a security model for a ....

....the notion of implicit authorization allowing the system to deduce new authorizations from prior authorizations explicitly stored in the system. Second, in conjunction with implicit authorizations, they extend the authorization model to cover composite objects. Dittrich, Hartig, and Pfefferle [8] discuss a discretionary access control system for the DAMOKLES object oriented database system. Their model is similar to the first in that it attempts to deal with propagation of access privileges from one object to another to handle authorization for composite objects. However, the approach is ....

K. Dittrich, M. Hartig and H. Pfefferle, "Discretionary Access Control in Structurally Object-Oriented Database Systems", Proc. of the 1988 Workshop on Database Security, Kingston, Ontario, Canada, sponsored by IFIP WG 11.3 and Queen's University, October, 1988.

....the burden of providing such privileges individually to every member of the group. The harmonious marriage of data model dependent and general access control mechanisms is the key to building a flexible and yet general purpose access control facility for object oriented databases. Dittrich [4] has provided a useful taxonomy of object oriented databases. Structurally objectoriented database systems provide support for the modeling and manipulation of complex (nested) object structures. Behaviorally object oriented database systems model the behavior of real world entities by allowing ....

....poses the basic question: Is subject A allowed to read write delete object O Let us see the details on how this question is answered. 2.2. 1 Subject to object access control Existing approaches in the literature for subject to object structure based access control are rather straightforward [4, 14]. The basic idea is to group subjects into access control groups and to grant authorizations in terms of access types such as read, write, and delete. These access types are usually ordered such that the authorization for one right may include others. Thus an authorization for a delete may imply ....

[Article contains additional citation context not shown here]

K.R. Dittrich, M. Hartig, and H. Pfefferle. Discretionary access control in structurally objectoriented database systems. Database Security II, Status and Prospects, C.E Landwehr (Editor), Elsevier Science Publishers B.V. (North-Holland)

No context found.

Dittrich, K.R., Hartig, M., Pfefferle, H.: Discretionary Access Control in Structurally Object -oriented Satabase Systems. In C.E Landwehr (Ed.): Database Security II: Status and Prospects, Elsevier Science Publishers B.V. (North-Holland), 1989.

No context found.

K. R. Dittrich, M. Hartig, and H. Pfefferle. Discretionary Access Control in Structurally Object-Oriented Database Systems. In Database Security II: Status and Prospects,IFIP, pages 105--121. Elsevier Science, North Holland, 1989.

No context found.

Dittrich, K., Hartig, M. and Pfefferle, H. (1989) Discretionary access control in structurally object-oriented database systems, in Database Security, II: Status and Prospects (ed. C. Landwehr), Elsevier, Amsterdam, 105--121.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC