Security Policies in Replicated and Autonomous Databases
Autonomous object databases are becoming important in the Internet world of today and involve integration of several local databases. Such databases support local access for transactions and queries and local control over authorization of classes and objects. At the same time, these database objects are often replicated in various sites and are available for access by global queries and transactions. Such global access, which may involve a global query optimizer, is required to handle conflicts between the local authorizations of replicated objects, but give consistent results regardless of site dependent optimizations.
The paper uses previous models for object-based authorization, and extends them with policies to handle conflicts between local and global authorizations. It also discusses object migration and security administration. The problem of providing autonomy in a consistent way is discussed extensively.
KeywordsSecurity Policy Local Policy Local Rule Local Access Negative Rule
- N Gal-Oz, E Gudes and EB Fernandez, “A Model of Methods Access Authorization in Object-Oriented Databases,” Proc. of the 19th VLDB Conference, Dublin, Ireland, 1993Google Scholar
- M Gendler-Fishman and E Gudes, “Compile-time flow analysis of transactions and methods in object-oriented databases,” in TY Lin, S Qian and R Sandhu (eds), Database Security XI, Status and prospects, Chapman and Hall, 1997, 95–109Google Scholar
- D Jonscher and KR Dittrich, “Argos — A Configurable Access Control System for Interoperable Environments,” in DL Spooner, SA Demurjian and JE Dobson (eds), Database Security IX: Status and Prospects, Chapman and Hall, 1996, 43–60Google Scholar
- W Kim, Introduction to Object-Oriented Databases,MIT Press, 1990Google Scholar
- M Larrondo-Petrie, E Gudes, H Song, EB Fernandez, “Security Policies in object-oriented databases,” in DL Spooner and CE Landwehr (eds), Database Security IV: Status and Prospectus, Elsevier Science Publishers, 1990, 257–268Google Scholar
- MS Olivier, “Self-protecting Objects in a Secure Federated Database”, in DL Spooner, SA Demurjian and JE Dobson (eds), Database Security IX: Status and Prospects, Chapman and Hall, 1996, 27–42Google Scholar
- Z Tari and G Fernandez, “Security enforcement in the DOK federated database system,” in P Samarati and R Sandhu (eds), Database Security X, Status and prospects, Chapman and Hall, 1997, 3–42Google Scholar