Providing Dynamic Security Control in a Federated Database

When data is being used in a federated database, the aim is to give a loose coupling of the data in the component databases so that a very dynamic and therefore flexible pattern of data sharing can be established. When security integration is performed this flexibility is curtailed by the resultant security level established at integration time which by default is the least upper bound between candidate security levels. Such overclassification of data implies that. there willbe author&d users who are debarred at the federation level to access the data. To circumvent this problem there is a need for a dynamic mandate type control for definite periods of the federated system’s exk tence. An approach to establishing su:h temporary dynamic security control is described in this paper. It is an adaptation of Shamir’s method [Sha79] for sharing a secret., and it aims to let users who are debarred at the default security level from access to particular data, gain access to this data under local control if an appropriate combination of current, database administrator of the system are prepared to grant, the access dynamically. Permirrion to copy without fee all or part of thir material ir granted provided that the copies are not made or di8tributed for direct commercial advantage, the VLDB copyright notice and the title of the publication and it8 date appear, and notice i8 given that copying is by permisrion of the Very Large Data Bare Endowment. To copy otherwi8e, or to npubGh, require8 a fee and/or rpeeial pemirrion from the Endowment. / Proceedings of the 20th VLDB Conference Santiago, Chile, 1994 One of the aims of a federated database is to enable the loose and flexible coupling of autonomous databases to make data sharing easier between the constituent databases. As such, in a federated database environment, data is held in local databases which have retained their autonomy within the federation but whose user communities can axe88 data at other sites and levels through the interoperability and integrating features of the federated database environment. When a database is joined to a federation its security is also integrated with the security provisions in other databases to create a common security level for the data in the federation. The most, important step in database security integration is the resolution of conflicts between integratable component databases. One feasible way to resolve such conflict is to choose the least upper bound value among candidate levels which will unfortunately result in overclassification in some candidate security levels. This means that some federated database users will be prevented from accessing data in databases where local security would let them access it. This restriction limits the access flexibility to data in the federation. It is important to realise that while the integrated security layer can act as barrier to the intended flexible sharing of a federated database, it is however a necessary protective measure and should only be overridden if the authorised security officers for each database grant, permission for it to be overridden for a fixed period of time or for a specified type