Abstract
The conventional models of authorization have been designed for database systems supporting the hierarchical, network, and relational models of data. However, these models are not adequate for next-generation database systems that support richer data models that include object-oriented concepts and semantic data modeling concepts. Rabitti, Woelk, and Kim [14] presented a preliminary model of authorization for use as the basis of an authorization mechanism in such database systems. In this paper we present a fuller model of authorization that fills a few major gaps that the conventional models of authorization cannot fill for next-generation database systems. We also further formalize the notion of implicit authorization and refine the application of the notion of implicit authorization to object-oriented and semantic modeling concepts. We also describe a user interface for using the model of authorization and consider key issues in implementing the authorization model.
- 1 BANERJEE, J., CHOU, H. T., GA~Z^, J., KrM, W., WOELK, D., BALLOU, N., AND KIM, H. J. Data model issues for object-oriented applications. ACM Trans. Off. Inf. Sys. 5, 1 (Apr. 1987) 3-26. Google ScholarDigital Library
- 2 CHOU, H. T., AND KIM, W. A framework for versions in a CAD environment. In Proceedings of the 12th International Conference on Very Large Data Bases (Kyoto, Japan, Aug.). 1986. Google ScholarDigital Library
- 3 C~ou, H. T., AND KIM, W. Versions and change notification in an object-oriented database system. In Proceedings of the Design Automation Conference (June). 1988. Google ScholarDigital Library
- 4 DATE, C.J. A Guide to DB2. Addison-Wesley, Reading, Mass., 1985. Google ScholarDigital Library
- 5 FERNANDEZ, E. B., SUMMERS, R. C., AND COLEMAN, C. D. An authorization model for a shared database. In Proceedings of the 1975 ACM-SIGMOD Internatwnal Conference. ACM, New York, 1975. Google ScholarDigital Library
- 6 FERNANDEZ, E. B., SUMMERS, R. C., AND LANG, T. Definition and evaluation of access rules in data management systems. In Proceedings of the 1st International Conference on Very Large Data Bases (Boston, Mass.). 1975.Google ScholarDigital Library
- 7 FERNANDEZ, E. B., SUMMERS, R .C., ANn WOOD, C. Database security and integrity. Addison-Wesley, Reading, Mass., 1981. Google ScholarDigital Library
- 8 GRAHAM, G. S., AND DENNING, P.J. Protection: Principles and practice. In AFIPS Conference Proceedings 40, 1972 SJCC. AFIPS Press, Montvale, N.J., 1972, pp. 417-429.Google Scholar
- 9 GRIFFITHS, P. P., AND WADE, B.W. An authorization mechanism for a relational database system. ACM Trans. Database Syst. 1, 3 (Sept. 1976), 242-255. Google ScholarDigital Library
- 10 KIM, W., BERTINO, E., AND GARZA, J. Composite objects revisited. In Proceedings of the ACM-SIGMOD International Conference (Portland, Oreg., June). ACM, New York, 1989. Google ScholarDigital Library
- 11 KrM, W., BANERJEE, J., CHOU, H. T., GARZA, J., AND WOELK, D. Composite object support in an object-oriented database system. In Proceedings of the 2d International Conference on Object-Ortented Programming Systems, Languages, and Apphcations (Orlando, Fla., Oct.). 1987, 118-125. Google ScholarDigital Library
- 12 KIM, W., BALLOU, N., CHou, H. T., GARZA, J., WOELK, D., AND BANERJEE, J. Integrating an object-oriented programming system with a database system. In Proceedings of the 3rd International Conference on Object-Oriented Programming Systems, Languages, and Applications (San Diego, Calif., Sept.). 1988, 142-152. Google ScholarDigital Library
- 13 LAMPSON, B. W. Protection. In Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems. 1971.Google Scholar
- 14 RABITTI, F., WOELK, D., AND KrM, W. A model of authorization for object-oriented and semantic databases. In Proceedings of the International Conference on Extending Database Technology (Venice, Italy, Mar.). 1988. Google ScholarDigital Library
- 15 T~URAISINGHAM, M. B. Mandatory and discretionary security issues in object-oriented database systems. In Proceedings of the 4th International Conference on Object-Oriented Programming Systems, Languages, and Applications (New Orleans, La., Oct.). 1989, 203-210. Google ScholarDigital Library
Index Terms
- A model of authorization for next-generation database systems
Recommendations
An authorization mechanism for a relational database system
A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...
An object-oriented prototype for a geophysical database
SSST '95: Proceedings of the 27th Southeastern Symposium on System Theory (SSST'95)Database management systems (DBMSs) are being used in a wide variety of domains to handle many types of data. Scientific data pose a special challenge to DBMSs due to their volume and complex nature. The object-oriented model has many additional ...
Progress in Database Search Strategies
Retrieval speed and precision ultimately determine the success of any database system. This article outlines the challenges posed by distributed and heterogeneous database systems, including those that store unstructured data, and surveys recent work. ...
Comments