DISCO: A Discretionary Security Model for Object-oriented Databases

Martin S Olivier and Sebastiaan H von Solms

1992

[Citation information] [Abstract] [Keywords] [BibTeX entry] [Full text]
[Return to publications]

Citation information

MS Olivier and SH von Solms, "DISCO: A Discretionary Security Model for Object-oriented Databases" in GG Gable and WJ Caelli (eds), IT Security: The Need for International Cooperation, 345-357, Elsevier, 1992

Abstract

This paper proposes a discretionary security model for object-oriented databases. Entities in the database are protected by capabilities. A subject that possesses a capability is authorised to access the corresponding entity. Additionally, under certain conditions, a subject may pass the capability on to another subject, authorising this other subject to access the protected entity. Passing the capability on to another subject is done at the first subject's discretion, hence the term discretionary security.

The object-oriented model has a rich variety of entities with relationships between such entities. A subject that passes a capability on to another subject may (inadvertently) authorise the second subject to access more entities than intended. We describe the restrictions that apply to the transfer of capabilities to safeguard against such an unintended disclosure of information.

Revoking of capabilities also have major implications: if a capability is revoked, it is possible that the user may still make inferences about the protected information. We consider the restrictions that should apply to revocation of capabilities.

The model also indicates how the transfer of capabilities (and transfer of ownership) may be included in methods of a protected object. If such transfers are included in methods, the freedom of a subject to transfer capabilities to other subjects are limited to the extent determined by the method. This corresponds to the general object-oriented philosophy that the manipulation of data encapsulated in the object is restricted to such manipulation permitted by the (encapsulated) methods.

Keywords

Information Security; Databases; Object-orientation

BibTeX entry

@INPROCEEDINGS(disco,
  AUTHOR={Martin S Olivier and Sebastiaan H von Solms},
  TITLE={DISCO: A Discretionary Security Model for Object-oriented
      Databases},
  EDITOR={G G Gable and W J Caelli},
  BOOKTITLE={IT Security: The Need for International Cooperation},
  PAGES={345--357},
  PUBLISHER={Elsevier},
  YEAR={1992} )

Full text

The full text may be downloaded from http://mo.co.za/ask/disco.pdf (PDF, 64K) (©IFIP).

Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

[Publications] [Home]
Page maintained by Martin Olivier
Last update: February 5, 2002