Designing a Trusted Application Using an Object-Oriented Data Model

Key problems in developing trusted application systems are defining the security requirements in a way that is comprehensible to the users and implementing the system in a way that makes it clear that these requirements are met. An object-oriented approach can help solve both of these problems because it permits describing the requirements in terms familiar to the users—objects can be mapped directly to real-world entities—and it permits identifying the parts of the system that enforce security requirements. In this paper we illustrate the usefulness of the object-oriented approach by considering from these two points of view the modeling of the NRL Secure Military Message System (SMMS) [Hei86,LHM84] as an object-oriented database system. Future work will address the problem of building such an application on top of a general-purpose trusted relational DBMS in much the same way that an object-oriented DBMS such as POSTGRES [Row87,SR87] is built on top of a relational database.