Abstract
With the emergence of the Internet, collaborative computing has become more feasible than ever. Organizations can share valuable information among each other. However, certain users should only access certain portions of source data. The CHAOS (Configurable Heterogeneous Active Object System) project addresses security issues that arise when information is shared among collaborating enterprises. It provides a framework for integrating security policy specification with source data maintenance. In CHAOS, security policies are incorporated into the data objects as active nodes to form active objects. When active objects are queried, their active nodes are dynamically loaded by the active security mediator and executed. The active nodes, based on the security policy incorporated, can locate and operate on all the elements within the active object, modifying the content as well as the structure of the object. A set of API’s is provided to construct more complex security policies, which can be tailored for different enterprise settings. This model moves the responsibility of security to the source data provider, rather than through a central authority. The design provides enterprises with a flexible mechanism to protect sensitive information in a collaborative computing environment.
Chapter PDF
References
Steven M. Bellovin. Security and Software Engineering. In B. Krishnamurthy, editor: Practical Reusable UNIX Software. John Wiley & Sons, 1995.
S. Castano, M.G. Fugini, G. Martella and P. Samarati. Database Security. Addison-Wesley, 1995.
U. Dayal. Active Database Management Systems. In Proceedings of the Third International Conference on Data and Knowledge Bases, 1988.
Dorothy E. R. Denning. Cryptography and Data Security. Addison-Wesley, Reading, MA, 1983.
Simson Garfinkel and Gene Spafford. Practical Unix Security. O’Reilly and Associates, Inc., 1991.
L. Gong and X. Qian: Computational Issues in Secure Interoperation. IEEE Transactions on Software Engineering, IEEE, January 1996.
P. P. Griffiths and B. W. Wade. An Authorization Mechanism for a Relational Database System. ACM Transactions on Database Systems, 1(3):243–255, Sept. 1976.
Roy Goldman and Jennifer Widom. Dataguides: Enabling Query Formulation and Optimization in Semistructured Databases. VLDB Conference, 1997.
Martin Hardwick, David L. Spooner, Tom Rando, and K.C. Morris. Sharing Manufacturing Information in Virtual Enterprises. Comm. ACM, 39(2):46–54, Feb. 1996.
D. Jonscher and K.R. Dittrich. An Approach for Building Secure Database Federations. In Proc. of the 20th VLDB Conference, 1994.
Sushil Jajodia and Carl E. Landwehr: Database Security IV: Status and Prospects. North-Holland, 1990.
D. Randolph Johnson, Fay F. Sayjdari, and John P. Van Tassell. Missi Security Policy: A Formal Approach. Technical Report R2SPO-TR001-95, National Security Agency Central Service, July 1995.
Luniewski, A. et al. Information Organization Using Rufus. ACM SIGMOD, Washington DC, May 1993. pp. 560–561.
J. McHugh, S. Abiteboul, R. Goldman, D. Quass, and J. Widom. Lore: A Database Management System for Semistructured Data. SIGMOD Record, 26(3):54–66, Sept. 1997.
YongChul Oh and Shamkant Navathe. Seer: Security Enhanced Entity-Relationship Model for Secure Relational Databases. In Papazoglou (ed.): OOER’95, Springer LCNS 1021, 1995, pp.170–180.
Y. Papakonstantinou, S. Abiteboul, and H. Garcia-Molina. Object Fusion in Mediator Systems. VLDB Conference, 1996.
David M. Rind et al.: Maintaining the Confidentiality of Medical Records Shared over the Internet and the World Wide Web. Annals of Internal Medicine, Vol.15 No.127, July 1997, pp.138–141.
B. Thuraisingham and H.H. Rubinovitz. Multilevel Security Issues in Distributed DBMS III. Computer & Security, 11:661–674, 1992.
Gio Wiederhold, Michel Bilello, Vatsala Sarathy, and XiaoLei Qian. Protecting Collaboration. In Proceedings of the NISSC’96 National Information Systems Security Conference, pages 561–569, Oct. 1996.
Gio Wiederhold, Michel Bilello, Vatsala Sarathy, and XiaoLei Qian. A Security Mediator for Healthcare Information. In Proceedings of the 1996 AMIA Conference, pages 120–124, Oct. 1996.
Gio Wiederhold and Michael Genesereth. The Conceptual Basis for Mediation Services. IEEE Expert, Intelligent Systems and their Applications, 12(5), Oct. 1997.
S. De Capitani di Vimercati and P. Samarati. Authorization Specification and Enforcement in Federated Database Systems. Journal of Computer Security, 5(2):155–188, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, D., Law, K., Wiederhold, G. (2000). CHAOS: An Active Security Mediation System. In: Wangler, B., Bergman, L. (eds) Advanced Information Systems Engineering. CAiSE 2000. Lecture Notes in Computer Science, vol 1789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45140-4_16
Download citation
DOI: https://doi.org/10.1007/3-540-45140-4_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67630-0
Online ISBN: 978-3-540-45140-2
eBook Packages: Springer Book Archive