Security Policies in Replicated and Autonomous Databases

  • Ehud Gudes
  • Martin S. Olivier
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 14)


Autonomous object databases are becoming important in the Internet world of today and involve integration of several local databases. Such databases support local access for transactions and queries and local control over authorization of classes and objects. At the same time, these database objects are often replicated in various sites and are available for access by global queries and transactions. Such global access, which may involve a global query optimizer, is required to handle conflicts between the local authorizations of replicated objects, but give consistent results regardless of site dependent optimizations.

The paper uses previous models for object-based authorization, and extends them with policies to handle conflicts between local and global authorizations. It also discusses object migration and security administration. The problem of providing autonomy in a consistent way is discussed extensively.


Security Policy Local Policy Local Rule Local Access Negative Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    EB Fernandez, E Gudes, H Song, “A Model for Evaluation and Administration of Security in Object-Oriented Databases,” IEEE Trans. on Knowledge and Data Engineering, 6, 2, April 1994, 275–292CrossRefGoogle Scholar
  2. [2]
    N Gal-Oz, E Gudes and EB Fernandez, “A Model of Methods Access Authorization in Object-Oriented Databases,” Proc. of the 19th VLDB Conference, Dublin, Ireland, 1993Google Scholar
  3. [3]
    M Gendler-Fishman and E Gudes, “Compile-time flow analysis of transactions and methods in object-oriented databases,” in TY Lin, S Qian and R Sandhu (eds), Database Security XI, Status and prospects, Chapman and Hall, 1997, 95–109Google Scholar
  4. [4]
    D Jonscher and KR Dittrich, “Argos — A Configurable Access Control System for Interoperable Environments,” in DL Spooner, SA Demurjian and JE Dobson (eds), Database Security IX: Status and Prospects, Chapman and Hall, 1996, 43–60Google Scholar
  5. [5]
    W Kim, Introduction to Object-Oriented Databases,MIT Press, 1990Google Scholar
  6. [6]
    M Larrondo-Petrie, E Gudes, H Song, EB Fernandez, “Security Policies in object-oriented databases,” in DL Spooner and CE Landwehr (eds), Database Security IV: Status and Prospectus, Elsevier Science Publishers, 1990, 257–268Google Scholar
  7. [7]
    MS Olivier and SH von Solms, “A Taxonomy for Secure Object-oriented Databases”, ACM Transactions on Database Systems, 19, 1 (1994) 3–46CrossRefGoogle Scholar
  8. [8]
    MS Olivier, “Self-protecting Objects in a Secure Federated Database”, in DL Spooner, SA Demurjian and JE Dobson (eds), Database Security IX: Status and Prospects, Chapman and Hall, 1996, 27–42Google Scholar
  9. [9]
    P Samarati, E Bertino, A Ciampichetti and S Jajodia, “Information Flow Control in Object-Oriented Systems,” IEEE Trans. on Knowledge and Data Engineering, 9, 4, August 1997, 524–538CrossRefGoogle Scholar
  10. [10]
    R Sandhu, E Coyne, H Feinstein and C Youman, “Role-Based Access Control Models,” IEEE Computer, 29, 2, February 1996CrossRefGoogle Scholar
  11. [11]
    Z Tari and G Fernandez, “Security enforcement in the DOK federated database system,” in P Samarati and R Sandhu (eds), Database Security X, Status and prospects, Chapman and Hall, 1997, 3–42Google Scholar

Copyright information

© Springer Science+Business Media New York 1999

Authors and Affiliations

  • Ehud Gudes
  • Martin S. Olivier

There are no affiliations available

Personalised recommendations