Smalltalk-80: the language and its implementation
Smalltalk-80: the language and its implementation
A law-based approach to object-oriented programming
OOPSLA '87 Conference proceedings on Object-oriented programming systems, languages and applications
Security in computing
Object-oriented concepts, databases, and applications
Object-oriented concepts, databases, and applications
A path context model for addressing security in potentially non-secure environments
Computers and Security
Mandatory security in object-oriented database systems
OOPSLA '89 Conference proceedings on Object-oriented programming systems, languages and applications
Three steps to views: extending the object-oriented paradigm
OOPSLA '89 Conference proceedings on Object-oriented programming systems, languages and applications
IEEE Transactions on Software Engineering
SODA: a secure object-oriented database system
Computers and Security
Extending Objects to Support Multiple Interfaces and Access Control
IEEE Transactions on Software Engineering
An access control language for object-oriented programming system
Journal of Systems and Software
Multilevel security in a distributed object-oriented system
Computers and Security
Building a secure database using self-protecting objects
Computers and Security
Concepts and paradigms of object-oriented programming
ACM SIGPLAN OOPS Messenger
DISCO - A Discretionary Security Model for Object-oriented Databases
IFIP/Sec '92 Proceedings of the IFIP TC11, Eigth International Conference on Information Security: IT Security: The Need for International Cooperation
Modularized exception handling
ISAW '96 Joint proceedings of the second international software architecture workshop (ISAW-2) and international workshop on multiple perspectives in software development (Viewpoints '96) on SIGSOFT '96 workshops
Towards a configurable security architecture
Data Engineering
Modelling audit security for Smart-Card payment schemes with UML-SEC
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Research Frontiers in Object Technology
Information Systems Frontiers
Secure mediation: requirements, design, and architecture
Journal of Computer Security - IFIP 2000
Using organisational safeguards to make justifiable privacy decisions when processing personal data
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
The case for access control on XML relationships
Proceedings of the 14th ACM international conference on Information and knowledge management
Reducing inference control to access control for normalized database schemas
Information Processing Letters
Multilevel secure rules and its impact on the design of active database systems
BNCOD'03 Proceedings of the 20th British national conference on Databases
Enforcing confidentiality in relational databases by reducing inference control to access control
ISC'07 Proceedings of the 10th international conference on Information Security
| Hi-index | 0.00 |
This paper proposes a taxonomy for secure object-oriented databases in order to clarify the issues in modeling and implementing such databases. It also indicates some implications of the various choices one may make when designing such a database.Most secure database models have been designed for relational databases. The object-oriented database model is more complex than the relational model. For these reasons, models for secure object-oriented databases are more complex than their relational counterparts. Furthermore, since views of the object-oriented model differ, each security model has to make some assumptions about the object-oriented model used for its particular database.A number of models for secure object-oriented databases have been proposed. These models differ in many respects, because they focus on different aspects of the security problem, or because they make different assumptions about what constitutes a secure database or because they make different assumptions about the object-oriented model.The taxonomy proposed in this paper may be used to compare the various models: Models that focus on specific issues may be positioned in the broader context with the aid of the taxonomy. The taxonomy also identifies the major aspects where security models may differ and indicates some alternatives available to the system designer for each such design choice. We show some implications of using specific alternatives.Since differences between models for secure object-oriented databases are often subtle, a formal notation is necessary for a proper comparison. Such a formal notation also facilitates the formal derivation of restrictions that apply under specific conditions. The formal approach also gives a clear indication about the assumptions made by us—given as axioms—and the consequences of those assumptions (and of design choices made by the model designer)—given as theorems.