MS Olivier, Secure Object-oriented Databases, Ph.D. Thesis, Rand Afrikaans University, Johannesburg, 1991
This work investigates secure object-oriented databases. Firstly, we propose a new model, SECDB, for such databases. SECDB differs substantially from other proposals for such models. Secondly, we propose a taxonomy for secure object-oriented databases. The taxonomy identifies a number of design parameters---aspects that may differ from one such model to the next. It also indicates implications that specific choices for one design parameter have on the choice of other design parameters and on other aspects of the model. Thirdly, we propose an initial model for discretionary security in object-oriented databases, DISCO. DISCO illustrates how results from the taxonomy may be applied when a new security model is developed. A brief description of the work covered in each of these cases follows.
This work focuses on the secrecy aspect of security; integrity remains a major and essentially unsolved problem in secure databases.
SECDB
The first model proposed by us (SECDB) extends object-oriented
databases to enable individual objects to take responsibility for
security---ie to protect themselves. This extension is based on the
concept of `baggage'---baggage is collected from all components
involved in any request; this baggage may then be verified by the
object against its personal security profile before a method is
executed or a variable is accessed. Note that the profile has the
complete access path of such a request available to base its decision
on.
The taxonomy
Models for secure object-oriented databases differ in many respects,
because they focus on different aspects of the security problem,
because they make different assumptions about what constitutes a secure
database or because they make different assumptions about the
object-oriented model. The taxonomy we propose may be used to compare
the various models: Models that focus on specific issues may be
positioned in the broader context with the aid of the taxonomy. The
taxonomy also identifies eight major aspects where security models may
differ and indicates some alternatives available to the system designer
for each such parameter. We also indicate implications of using
specific alternatives.
Since differences between models for secure object-oriented databases are often subtle, a formal notation is necessary for a proper comparison. Such a formal notation also facilitates the formal derivation of restrictions that apply under specific conditions. The formal approach further gives a clear indication about the assumptions made by us - given as axioms - and the consequences of those assumptions (and of design choices made by the model designer) - given as theorems.
DISCO
Lastly, we propose a discretionary security model for object-oriented
databases (DISCO). Entities in the database are protected by
capabilities. A subject that possesses a capability is authorised to
access the corresponding entity. Additionally, under certain
conditions, a subject may pass the capability on to another subject,
authorising this other subject to access the protected entity. Passing
the capability on is done at the first subject's discretion, hence the
term discretionary security.
The object-oriented model has a rich variety of entities with relationships between such entities. A subject that passes a capability on to another subject may (inadvertently) authorise the second subject to access more entities than intended. We describe the restrictions that apply to the transfer of capabilities to safeguard against such an unintended disclosure of information. Similarly, we consider the restrictions that apply when capabilities are revoked.
Database security, security models, object-oriented databases
@PHDTHESIS(phd,
AUTHOR={Martin S Olivier},
TITLE={Secure Object-oriented Databases},
SCHOOL={Rand Afrikaans University},
ADDRESS={Johannesburg},
YEAR={1991} )
The full text may be downloaded from http://mo.co.za/open/phd.pdf.zip (Zipped PDF, 526K).
[Publications]
[Home]
Page maintained by
Martin Olivier
Last update: 17 February 2007