Using Security Methods to Enforce Mandatory and Discretionary Access Control in an Object Database
نویسنده
چکیده
In this paper, we propose a new security enforcement mechanism and demonstrate how this mechanism can enforce policies for both mandatory access control (MAC) and discretionary access control (DAC) in an object database system. Each class may have a security method that can block messages that leave instances of the class, and can block messages directed to instances of the class. Each superclass controls the invocation of security methods in its subclasses. A subclass cannot override the security methods in its superclasses, but the subclass can extend those security methods. The mandatory access control policy is enforced by a single security method along with other methods in the highest class in the class hierarchy. The discretionary access control policy is enforced by a single security method along with other methods a subclass of the highest class.
منابع مشابه
Security Enforcement in the DOK Federated Database System
The Distributed Object Kernel (DOK) is a federated database system currently under development at the Royal Melbourne Institute of Technology. One of the issues currently under study is the development of a federated access control, as well a secure logical architecture allowing the DOK system to enforce federated security policies in the context of autonomous, distributed and heterogeneous dat...
متن کاملEnhancing Cim Environments by Security Control
Computer Integrated Manufacturing (CIM) applications require a different database functionality than applications in more traditional areas. Due to the growing importance of CIM, advanced database systems and data models have been developed to meet the CIM specific requirements. However, none of these approaches considers to include the security control in CIM databases. In this paper we identi...
متن کاملArgos - A Configurable Access Control System for Interoperable Environments
The integration of autonomous information systems causes a fundamental problem for security management. How to ensure a consistent authorisation state if several independent software components are involved, each having an access control system of its own? In other words, how to ensure an organisation-wide security policy? Argos has been developed for the CHASSIS1 project, where it serves as an...
متن کاملSupporting Parameterised Roles with Object-based Access Control
The per-method access control lists of standard internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept ...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کامل