Toward a multilevel secure relational data model
SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
Access control in distributed heterogeneous database management systems
Computers and Security
Object-oriented modeling and design
Object-oriented modeling and design
Active Database Systems: Triggers and Rules for Advanced Database Processing
Active Database Systems: Triggers and Rules for Advanced Database Processing
Cache Management in CORBA Distributed Object Systems
IEEE Concurrency
Designing the Reengineering Services for the DOK Federated Database System
ICDE '97 Proceedings of the Thirteenth International Conference on Data Engineering
An Approach for Building Secure Database Federations
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
A Multilevel Secure Federated Database
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Canonical Security Modeling for Federated Databases
Proceedings of the IFIP WG 2.6 Database Semantics Conference on Interoperable Database Systems (DS-5)
A Property-based Clustering Approach for the CORBA Trading Service
ICDCS '99 Proceedings of the 19th IEEE International Conference on Distributed Computing Systems
Detection and Elimination of Inference Channels in Multilevel Relational Database Systems
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
GDM: a new graph based data model using functional abstractionx
Journal of Computer Science and Technology - Special section on China AVS standard
A systematic literature review of inference strategies
International Journal of Information and Computer Security
| Hi-index | 0.00 |
The Distributed Object Kernel is a federated database system providing a set of services which allow cooperative processing across different databases. The focus of this paper is the design of a DOK security service that provides for enforcing both local security policies, related to the security of local autonomous databases, and federated security policies, governing access to data aggregates composed of data from multiple distributed databases. We propose Global Access Control, an extended access control mechanism enabling a uniform expression of heterogeneous security information. Mappings from existing Mandatory and Discretionary Access Controls are described. To permit the control of data aggregation, the derivation of unauthorized information from authorized data, our security framework provides a logic-based language, the Federated Logic Language (FELL), which can describe constraints on both single and multiple states of the federation. To enforce constraints, FELL statements are mapped to state transition graphs which model the different subcomputations required to check the aggregation constraints. Graph aggregation operations are proposed for building compound state transition graphs for complex constraints. To monitor aggregation constraints, two marking techniques, called Linear Marking Technique and Zigzag Marking Technique, are proposed. Finally, we describe a three-layer DOK logical secure architecture enabling the implementation of the different security agents. This includes a Coordination layer, a Task layer, and a Database layer. Each contains specialized agents that enforce a different part of the federated security policy. Coordination is performed by the DOK Manager, enforcing security is performed by a specialized Constraint Manager agent, and the database functions are implemented by user and data agents.