An Authorization Model for Object-Oriented Databases and Its Efficient Access Control

Toshiyuki MORITA  Yasunori ISHIHARA  Hiroyuki SEKI  Minoru ITO  

IEICE TRANSACTIONS on Information and Systems   Vol.E81-D   No.6   pp.521-531
Publication Date: 1998/06/25
Online ISSN: 
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Databases
database management system,  access control,  authorization model,  inference rule,  

Full Text: PDF(930.1KB)>>
Buy this Article

Access control is a key technology for providing data security in database management systems (DBMSs). Recently, various authorization models for object-oriented databases (OODBs) have been proposed since authorization models for relational databases are insufficient for OODBs because of the characteristics of OODBs, such as class hierarchies, inheritance, and encapsulation. Generally, an authorization is modeled as a set of rights, where a right consists of at least three components s, o, t and means that subject s is authorized to perform operation t on object o. In specifying authorizations implicitly, inference rules are useful for deriving rights along the class hierarchies on subjects, objects, and operations. An access request req=(s,o,t) is permitted if a right corresponding to req is given explicitly or implicitly. In this paper, we define an authorization model independent of any specific database schemas and authorization policies, and also define an authorization specification language which is powerful enough to specify authorization policies proposed in the literature. Furthermore, we propose an efficient access control method for an authorization specified by the proposed language, and evaluate the proposed method by simulation.