Abstract
Security concerned users and organizations must be provided with the means to protect and control access to object-oriented software, especially with an exploding interest in designing/developing object-oriented software in Java, C++, and Ada95. Our user-role based security (URBS) approach has emphasized: a customizable public interface that appears differently at different times for specific users; security policy specification via a role hierarchy to organize and assign privileges based on responsibilities; and, extensible/reusable URBS enforcement mechanisms. This paper expands our previous work in URBS for an object-oriented framework by exploring software architectural alternatives for realizing enforcement, with the support of assurance and consistency as a key concern for security policies that evolve and change.
Chapter PDF
Similar content being viewed by others
References
S. Demurjian and T.C. Ting, “The Factors that Influence Apropos Security Approaches for the Object-Oriented Paradigm”, Workshops in Computing, Springer-Verlag, 1994.
S. Demurjian, T.C. Ting, and M.-Y. Hu, “Security for Object-Oriented Databases, Systems, and Applications”, in Progress in Object-Oriented Databases, Prater (ed.), Ablex, 1997.
S. Demurjian, T.C. Ting, M. Price, and M.-Y. Hu, “Extensible and Reusable Role-Based Object-Oriented Security”, in Database Security, X: Status and Prospects, Spooner, Samarati, and Sandhu (eds.), Chapman Hall, 1997.
M.-Y. Hu, S. Demurjian, and T.C. Ting, “Unifying Structural and Security Modeling and Analyses in the ADAM Object-Oriented Design Environment”, in Database Security, VIII: Status and Prospects, Biskup, Landwehr, and Morgenstern (eds.), Elsevier Science, 1994.
D. Needham, et al., “ADAM: A Language-Independent, Object-Oriented, Design Environment for Modeling Inheritance and Relationship Variants in Ada 95, C++, and Eiffel”, Proc. of 1996 TriAda Conf., Philadelphia, PA, December 1996.
M. Shaw and D. Garlan, “Software Architecture: Perspectives on an Emerging Discipline”, Prentice-Hall, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 IFIP
About this chapter
Cite this chapter
Demurjian, S.A., Ting, T.C., Reisner, J.A. (1998). Software architectural alternatives for user role-based security policies. In: Lin, T.Y., Qian, S. (eds) Database Security XI. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35285-5_15
Download citation
DOI: https://doi.org/10.1007/978-0-387-35285-5_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2914-5
Online ISBN: 978-0-387-35285-5
eBook Packages: Springer Book Archive