The access control mechanism of a database computer (DBC)

Quantified Score

Visualization

Abstract

The database computer (DBC) is a specialized back-end computer which is capable of managing data 1010 bytes in size and supporting known data models such as relational, network, hierarchical and attribute-based models. It is also perhaps the first database machine to have a built-in security mechanism for access control. At the outset, the security mechanism was made an integral part of the DBC design. This design philosophy not only allowed us to construct a system that has no “backdoors”, but also ensured that all access requests are, in fact, controlled by DBC's security mechanism. The DBC security mechanism is based on the concept of security atoms, aggregates of data units being definable by the user in terms of conjunctions of query predicates. The fundamental gain in utilizing query conjunctions for the purpose of access control is that any data that is accessible or updateable is also protectable. It is believed that the DBC security mechanism is less cumbersome than the view mechanism of some database systems and more efficient than the query modification mechanism used by some other systems. This is demonstrated at three levels of access control, namely the subfile, record and field (attribute) levels.