Using Agents for Secure Access to Data in the Internet

Relatively few databases are accessible over the Internet. With today's technology one would like to encapsulate a database and make it available over the Internet. A client using such databases would browse an old census database, look-up for references in an object-oriented database system, access descriptions and pictures over the Internet, or combine di erent information using NCSA Mosaic, WWW, or back-end databases. The security issue mainly prevents greater access to a wide number of heterogeneous databases. We believe that this issue can only be addressed within an environment in which databases can be connected and used without violation of their security policies. This environment will ensure that all its component databases can be separately or in combination used without violation of the different security policies, local security policies (which relate to individual database components) and federated security policies (which relate to databases which are used in combination). DOK (Distributed Object Kernel) [9] is a project which is currently under development at RMIT (Royal Melbourne Institute of Technology). This project aims the design of a secure database middleware allowing users efIEEE Communications, June 1997, pp. 136{140. fective searching, updating and combining of information in distributed and heterogeneous environment. The DOK system is based on CORBA (Common Object Request Broker) [1] technology, the distributed-object standard developed by the OMG (Object Management Group), to communicate across different database platforms. In addition, DOK provides federated services allowing clients to use multiple databases in combination, and these involve query service [5], reengineering service [6], and re ection service. Other services, such as trader and transaction services, are currently under development. Our experience indicates that security issues are required to be considered at the beginning of the design of any element of a federated environment. In this paper we describe the main elements of the DOK system which allow the enforcement of federated security policies in the context of autonomous, distributed and heterogeneous databases. DOK uses security agents to maintain a DOK federation in a secure state. Di erent types of security agents are involved in the enforcement of security policies. Coordination agents are responsible for managing the whole federation and delegate functions to a more speci c agents, called task agents. By delegating the access of information of local databases to database agents, task agents are able to control any access to a federation by using speci c designed security procedures.