Abstract
Several models of authorization for object-oriented databases, supporting different levels of granularity, have been proposed. However, these models do not support authorization based on database content and context. A way of handling context and content-dependent authorization is by using views. In this paper, we present a model of authorization that supports content-based access control on instances of a class.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
A. Baraani-Dastjerdi and J. R. Getta and J. Pieprzyk and R. Safavi-Naini. A Cryptographic Solution to Discretionary Access Control in Structurally Object-Oriented Databases. In Proceedings of the 6th Australian Database Conference (ADC'95), volume 17(2), pages 36–45. Australian Computer Science Communications, Ron Sacks and Justin Zobel (Eds), January 1995.
D. B. Faatz and D. L. Spooner. Discretionary Access Control in Object-Oriented Engineering Database Systems. In Database Security IV, S. Jajodia, and C.E. Lanwehr (Eds), pages 73–83. Elsevier Science Publishers B. V. (North-Holland) IFIP, 1991.
E. Bertino and H. Weigand. An Approach to Authorization Modelling in Object-Oriented Database Systems. In Data & Knowledge Engineering, P. P. Chen and R. P. Van de Riet (Eds), pages 1–29. Elsevier Science Publishers B. V. (North-Holland), 1994.
Elisa Bertino. A View Mechanism for Object-Oriented Databases. In Proceedings 3rd International Conference on Extending Data Base Technology (EDBT), Vienna, Austria, volume 580, pages 136–151. Springer-Verlag, Lecture Note in Computer Science, March 1992.
Elisa Bertino. Data Hiding and Security in Object-Oriented Databases. In Proceedings of the Eight International Conference on Data Engineering Edited by F. Golshani, pages 338–347. IEEE Computer Society Press, 1992.
F. Rabitti and E. Bertino and W. Kim and D. Woelk. A Model of Authorization for Next-Generation Database Systems. ACM Transactions on Database Systems, 16(1):88–131, March 1991.
J. K. Millen and T. F. Lunt. Security for Object-Oriented Database Systems. In Proceedings of IEEE computer Society Symposium on Research in Security and Privacy, Oakland, CA., pages 260–272. IEEE, May 1992.
K. R. Dittrich and M. Hartig and H. Pfefferle. Discretionary Access Control In Structurally Object-Oriented Database Systems. In Database Security II: Status and Prospects, C. E. Landwehr (Ed), pages 105–121. Elsevier Science Publishers B. V. (North-Holland), IFIP, 1989.
M. B. Thuraisingham. Mandatory Security in object-oriented database Systems. In Proceedings International Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), pages 203–210. New Orleans, October 1989.
M. M. Larrondo-Petrie and E. Guides and H. Song and E. B. Fernandez. Security Policies In Object-Oriented Databases. In Database Security III, D. L. Spooner and Landwehr (Eds), pages 257–269. Elsevier Science Publishers B. V. (North-Holland) IFIP, 1990.
M. S. Olivier and S. H. Von Solms. A Taxonomy for Secure Object-Oriented Databases. ACM Transactions on Database Systems, 19(1):3–46, March 1993.
R. Ahad and J. Davis and S. Gower and P. Lyngbaek and A. Marynowski and E. Onuegbe. Supporting Access Control in an Object-Oriented Database Language. In Proceedings of the 3rd International Conference on Extyending Database Technology, EDBT'92, Vienna, volume 580, pages 184–200. Springer-Verlag LCN in Computer Science, March 1992.
R. W. Baldwin. Naming and Grouping Privileges to Simplify Security Management Databases. In Proceedings of the 1990 IEEE Symposium on Security and Privacy, pages 116–132. IEEE Computer Society, 1990.
S. Abiteboul and A. Bonner. Objects and Views. In Proceedings of the 1991 ACM SIGMOD International Conference on Management of Data, J. Clifford and R. King (Eds), pages 238–247. ACM SIGMOD, 1991.
S. Heiler and S. Zdonik. Object Views: Extending the Vision. Proceedings 6th Data Engineering Confrence, IEEE Computer Society Press, pages 86–93, 1990.
S. Jajodia and B. Kogan. Integrating an Object-Oriented Data Model with Multilevel Security. IEEE, pages 76–85, 1990.
T. F. Keefe and W. T. Tsai and M. B. Thuraisingham. A Multilevel Security Model For Object-Oriented Systems. In Proceeding of the 11th National Computer Security Conference, pages 1–9. Baltimore, Maryland, October 1988.
T. F. Lunt and E. B. Fernandez. Database Security. SIGMOD RECORD, 19(4):90–97, December 1990.
U. Dayal. Queries and views in an Object-Oriented Data Model. International Workshop on Data Base Programming Languages, 2, 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Baraani-Dastjerdi, A., Safavi-Naini, R., Pieprzyk, J., Getta, J.R. (1995). A model of authorization for object-oriented databases based on object views. In: Ling, T.W., Mendelzon, A.O., Vieille, L. (eds) Deductive and Object-Oriented Databases. DOOD 1995. Lecture Notes in Computer Science, vol 1013. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60608-4_58
Download citation
DOI: https://doi.org/10.1007/3-540-60608-4_58
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60608-6
Online ISBN: 978-3-540-48460-8
eBook Packages: Springer Book Archive