Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Dissertation |
| Scope | Discipline-based scholarship |
| Title | Access Control in Object-Oriented Federated Database Systems |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Economics, Business Administration and Information Technology |
| Number of Pages | 247 |
| Date | 1998 |
| Abstract Text | The subject of this thesis is rooted in two research areas, data security and database technology. Data security is concerned with the confidentiality, integrity and availability of data. It is related to database technology, because database management systems (DBMS) were developed in order to manage large amounts of data (which are shared by various users and application programs) in a secure and reliable way. Access control is a particular security measure which ensures that data are only accessed by authorised users. It was already provided by early DBMS like IBM's IMS or System R. However, new database technologies cause new security problems, which must be countered with appropriate access control mechanisms. In this thesis, two new dimensions of database technology are considered, the extension of data models (object-oriented DBMS) and the federation of existing, autonomous database systems. Access control problems that additionally arise in such environments (compared with classical, record-based DBMS) are presented, requirements on access control models are identified, and existing solutions are evaluated against these requirements. This evaluation motivates the model presented in this thesis. The subsequently suggested access control model is based on a formal object-oriented data model that includes all features which are usually found in commercial object-oriented systems. This data model is used to identify the protection objects and actions of the access control model. The global part of the model (to be applied at the federation layer) supports various concepts in the area of identity-based access control. It includes an elaborate role concept and a powerful authorisation paradigm. The global model is integrated with heterogeneous local (identity-based) access control models, such that authorisation autonomy of component systems is preserved. In particular, the coupling layer is able to propagate global authorisations to the involved component systems. Note that not access rights but authorisations are propagated. Since propagated authorisations can be rejected by a component system (due to local autonomy), the coupling layer provides for appropriate failure handling protocols. The access control model leads to a reference architecture to implement access control in a federated DBMS. This architecture is based upon a configurable global reference monitor (which implements the global access control model and supports different access control policies), a distribution monitor (which coordinates the propagation of global authorisations to component systems), a set of coupling modules for each kind of component system (which encapsulate the heterogeneous local models under a well-defined interface), and an application programming interface in order to integrate the access control system with a DBMS. The feasibility of the proposed solutions was demonstrated by implementing a prototypical system, called Argos'. The coupling approach is exemplified for Oracle (version 7.1) and the UNIX file protection system (SunOS 4.1.3). |
| PDF File |
Download
|
| Export |
BibTeX
EP3 XML (ZORA)
|