This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Authorization and Revocation in Object-Oriented Databases
July-August 1997 (vol. 9 no. 4)
pp. 668-672

Abstract—Few studies of object-oriented databases deal with their security, a fundamental aspect of systems with complex data structures. Most authorization systems give users who own resources only some basic control over them; here, we provide users with more direct control over their resources by associating with each grant propagation numbers. Propagation numbers govern the grantability and exercisability of the privileges. Of particular interest in our study of authorization in an o-o environment is the combination of inheritance and granting of privileges. Diverse policies are discussed and implemented in a test-bed system.

[1] B.J. Cox, Object Oriented Programming: An Evolutionary Approach.Reading, Mass.: Addison-Wesley, 1986.
[2] R. Fagin, "On an Authorization Mechanism," ACM ToDS, vol. 3, no. 3, Sept. 1978.
[3] E.B. Fernandez, R.C. Summers, and C. Wood, "Databases Security and Integrity," System Programming Series.Reading, Mass.: Addison-Wesley, 1981.
[4] E.B. Fernandez, E. Gudes, and H. Song, "A Security Model for Object-Oriented Databases," Proc. IEEE Symp. Research in Security and Privacy,Oakland, Calif., pp. 110-115, 1989.
[5] E.B. Fernandez, E. Gudes, and H. Song, "A Model of Evaluation and Administration of Security in Object-Oriented Databases," IEEE Trans. Knowledge and Data Eng., vol. 6, no. 2, pp. 275-292, Apr. 1994.
[6] E. Gudes, H. Song, and E.B. Fernandez, Evaluation of Authorization in Object-Oriented and Semantic Database, IFIP, Helsinki, 1990.
[7] E. Gudes, H. Song, and E.B. Fernandez, "Evaluation of Negative, Predicate, and Instance-Based Authorization in Object-Oriented Database," Database Security, IV: Status and Prospects, IFIP, 1991.
[8] J. Hughes, Object-Oriented Databases, Prentice Hall, Englewood Cliffs, N.J., 1991.
[9] A.R. Hurson and S.H. Pakzad, "Object-Oriented Database Management Systems: Evolution and Performance Issues," Computer, vol. 26, no. 2, pp. 48-60, Feb. 1993.
[10] M.M. Larrondo-Petrie, E. Gudes, H. Song, and E.B. Fernandez, "Security Policies in Object-Oriented Databases," Database Security, III: Status and Prospects, IFIP, pp. 257-268, 1990.
[11] E.L. Leiss, "Classes of Authorization Systems with Bounded Propagation," Second Int'l Conf. Computer Science,Santiago, Chile, Aug. 1982.
[12] E.L. Leiss, "Grantor-Controlled Administration of Privileges in Database System," Dept. of Computer Science, Univ. of Houston, 1982.
[13] E.L. Leiss, Principles of Data Security.New York: Plenum, 1982.
[14] E.L. Leiss, "On Authorization Systems with Grantor-Controlled Propagation of Privileges," Proc. 26th IEEE Computer Society Int'l Conf.,San Francisco, Mar. 1983.
[15] E.L. Leiss and C. Jitmedha, "Horizontally and Vertically Bounded Propagation of Privileges," Information Processing Letters, vol. 22, pp. 319-327, 1986.
[16] I. Majetic, "Authorization and Revocation in Object-Oriented Databases," MS thesis, Dept. of Computer Science, Univ. of Houston, 1994.
[17] C.L. Chang, R.A. Stachowitz, and J.B. Combs, “Validation of Nonmonotonic Knowledge-Based Systems,” Proc. IEEE Int'l Conf. Tools for Artificial Intelligence, Nov. 1990.
[18] R. Winder, Developing C++ Software.Chichester, U.K.: John Wiley&Sons, 1991.

Index Terms:
Object-oriented systems, inheritance, granting, revoking, bounded propagation of privileges.
Citation:
Ivo Majetic, Ernst L. Leiss, "Authorization and Revocation in Object-Oriented Databases," IEEE Transactions on Knowledge and Data Engineering, vol. 9, no. 4, pp. 668-672, July-Aug. 1997, doi:10.1109/69.617060
Usage of this product signifies your acceptance of the Terms of Use.