This Article 
 Bibliographic References 
 Add to: 
A Model for Evaluation and Administration of Security in Object-Oriented Databases
April 1994 (vol. 6 no. 2)
pp. 275-292

The integration of object-oriented programming concepts with databases is one of the most significant advances in the evolution of database systems. Many aspects of such a combination have been studied, but there are few models to provide security for this richly structured information. We develop an authorization model for object-oriented databases. This model consists of a set of policies, a structure for authorization rules, and algorithms to evaluate access requests against the authorization rules. User access policies are based on the concept of inherited authorization applied along the class structure hierarchy. We propose also a set of administrative policies that allow the control of user access and its decentralization. Finally, we study the effect of class structuring changes on authorization.

[1] A. M. Alashqur, S. Y. W. Su, H. Lam, M. S. Guo, and E. Barkmeyer, "OQL-An object-oriented query language," Database Systs. Res. and Dev. Center, Univ. of Florida, Gainesville, FL, Report, 1988.
[2] J. Banerjeeet al., "Semantics and implementation of schema evolution in object-oriented databases," inProc. 1987 ACM-SIGMOD Conf. Management Data, San Francisco, CA, May 1987.
[3] E. Bertino and L. Martino, "Object-oriented database management systems: Concepts and issues,"Comput., vol. 24, pp. 33-47, Apr. 1991.
[4] K. R. Dittrich, M. Hartig, and H. Pfefferle, "Discretionary access control in structurally object-oriented databases," inDatabase Security, II: Status and Prospectus, C. E. Landwehr, Ed. Amsterdam: Elsevier, 1989.
[5] Dept. of Defense Computer Security Center,Trusted Computer System Evaluation Criteria, DoD 5200.28.STD. Dec. 1985.
[6] E. B. Fernandez, R. C. Summers, and T. Lang, "Definition and evaluation of access rules in data management systems," inProc. 1st Inc. Conf. on Very Large Databases, Boston, 1975, pp. 268-285.
[7] E.B. Fernandez, R.C. Summers, and C. Wood,Data-base Security and Integrity, Addison-Wesley Publishing Co., Reading, Mass., 1981.
[8] E. B. Fernandez, E. Gudes, and H. Song, "A security model for object-oriented databases," inProc. 1989 IEEE Symp. on Security and Privacy, Oakland, CA, 1989, pp. 110-115.
[9] P. P. Griffiths and B. W. Wade, "An authorization mechanism for a relational database system,"ACM TODS, vol. 1, no. 3, pp. 242-253, Sept. 1976.
[10] E. Gudes, H. Song, and E. B. Fernandez, "Evaluation of negative and predicate-based authorization in object-oriented databases," inProc. 4th IFIP WG 11.3 Workshop on Database Security, Halifax, UK, Sept. 1990.
[11] M. Hardwick and D. L. Spooner, "The ROSE data manager: Using object technology to support interactive engineering applications,"IEEE Trans. Knowledge Data Eng., vol. 1, no. 2, pp. 285-289, June 1989.
[12] U. Kelter, "Group-oriented discretionary access controls for distributed structurally object-oriented database systems," inProc. European Symp. Research in Comp. Security, 1990, pp. 23-33.
[13] U. Kelter, "Discretionary access controls in a high-performance object management system," inProc. 1991 IEEE Symp. Res. on Security and Privacy, 1991, pp. 288-299.
[14] W. Kim,Introduction to Object-Oriented Databases. Cambridge, MA: MIT, 1990.
[15] W. Kim, "Object-oriented databases: Definition and research directions,"IEEE Trans. on Knowledge Data Eng., vol. 2, no. 3, pp. 327-341, Sept. 1990.
[16] M. M. Larrondo-Petrie, E. Gudes, H. Song, and E. B. Fernandez, "Security policies in object-oriented databases," inDatabase Security III: Status and Prospects, D. L. Spooner and C. Landwehr, Eds. Amsterdam: Elsevier, 1990, pp. 257-268.
[17] T. Lunt, "Access control policies for database systems," inDatabase Security II: Status and Prospectus, C. E. Landwehr, Ed. Amsterdam: Elsevier, 1989, pp. 41-52.
[18] T. Lunt and E. B. Fernandez, "Database Security,"IEEE Data Eng., vol. 13, no. 4, pp. 43-50, Dec. 1990. Also inACM SIGMOD Bulletin, Dec. 1990.
[19] J. D. Moffett and M. S. Sloman, "The source of authority for commercial access control,"Comput., vol. 21, no. 2, pp. 59-69, Feb. 1988.
[20] F. Rabitti, D. Woelk, and W. Kim, "A model of authorization for object-oriented and semantic databases," MCC Tech. Rept., ACA-ST-327-87, Oct. 1987.
[21] F. Rabitti, D. Woelk, and W. Kim, "A model of authorization for object-oriented and semantic databases," inProc. Int. Conf. Extending Database Technol., Venice, Italy, Mar. 1988.
[22] F. Rabitti, E. Bertino, W. Kim, and D. Woelk, "A model of authorization for next-generation database systems,"ACM Trans. Database Syst., vol. 16, no. 1, pp. 88-131, Mar. 1991.
[23] J. Rumbaugh, M. Blaha, W. Premerlani, F. Eddy, and W. Lorensen,Object-Oriented Modeling and Design. Englewood Cliffs, NJ: Prentice-Hall, 1991.
[24] R. S. Sandhu, "The NTree: A two dimension partial order for protection groups,"ACM Trans. Comput. Syst., vol. 6, no. 2, pp. 196-220, May 1988.
[25] H. Song, "An authorization model for object-oriented and semantic databases," MS. thesis, Florida Atlantic Univ., 1990.
[26] D. L. Spooner, "The impact of inheritance on security in object-oriented database systems," inDatabase Security II: Status and Prospectus, C. E. Landwehr, Ed. Amsterdam: Elsevier, 1989, pp. 141-156.
[27] M. Stonebraker and P. Rubinstein, "The INGRES protection system," inProc. 1976 ACM Annual Conf., pp. 80-84.
[28] S. Y. W. Su, "Modeling integrated manufacturing data with SAM*,"Comput., pp. 34-49, Jan. 1986.
[29] S. Y. W. Su, V. Krishnamurthy, and H. Lam, "An object-oriented semantic association model (OSAM*)," inA.I. in Industrial Engineering and Manufacturing: Theoretical Issues and Applications, S. Kumara, R. Kashyap, and A. L. Soyster, Eds. AIIE, 1988.
[30] C. Wood and E. B. Fernandez, "Authorization in a decentralized database system, "inProc. 5th Int. Conf. Very Large Databases, Rio de Janeiro, 1979, pp. 352-359.

Index Terms:
object-oriented databases; authorisation; database theory; object-oriented databases; object-oriented programming concepts; security evaluation; security administration; authorization model; inherited authorization; authorization rule structure; access requests; user access policies; class structure hierarchy; administrative policies; decentralization; class structuring changes; database security
E.B. Fernandez, E. Gudes, H. Song, "A Model for Evaluation and Administration of Security in Object-Oriented Databases," IEEE Transactions on Knowledge and Data Engineering, vol. 6, no. 2, pp. 275-292, April 1994, doi:10.1109/69.277771
Usage of this product signifies your acceptance of the Terms of Use.