Security in heterogeneous interoperable database environments

The paper deals with the security of interoperable heterogeneous database environments. It contains a general discussion of the issues involved as well as a description of our experiences gained during the development and implementation of the security module of IRO-DB - an European ESPRIT III funded project with the goal to develop interoperable access between relational and object-oriented databases

The security API of IRO-DB

This paper describes the application programming interface (API) providing authorization and access control in IRO-DB. IRO-DB is an ODMB compliant federated database system supporting interoperable access between relational and object-oriented databases. The developed security API implements a federated, administrative, discretionary access control policy which is role-based but additionally supports ownership of data. Authorization rules can be positive as well as negative and use implied authorization for deriving implicit access from a set of explicit rules. The security API depicts a C++ class library maintaining security information (like authorization subjects, objects, and rules) and providing security mechanisms (like identification, authentication, authorization and access control). As a consequence of providing interoperable access by keeping the autonomy of participating component databases a mapping mechanism between the heterogeneous local security policies and the global ..

The security architecture of IRO-DB

This paper describes the security architecture of the IRO-DB database federation, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative, discretionary access control policy supporting positive, negative, as well as implied authorizations. It includes a procedure for conflict resolution within the set of specified authorization rules, and concentrates on role-based security. Additionally, the integration of heterogeneous, local security policies of database systems joining the federation is discussed. Keywords Database security, role-based security, discretionary access controls, interoperability, objectoriented database systems, relational database systems, federated database systems *) This work is supported in part by the European ESPRIT III program under project Nr. 8629. 1 INTRODUCTION Many organizations maintain information spread over several independent, possibly heterogeneous..

Authorization and Access Control in IRO-DB

The paper describes authorization and access control in the IRO-DB database system, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative discretionary access control policy which supports positive, negative, as well as implied authorization, includes a procedure for conflict resolution within the set of specified authorization rules, and concentrates on role-based security. 1 Introduction An increasing number of database applications need to work on data which are stored by using several different file systems or are spread over existing possibly heterogeneous databases. This has led to a lot of research and classifications in the field of heterogeneous database systems, database federations, multidatabases, and interoperable systems. A classification of federated database systems (FDBS) depending on the management of the federation is given in [15]. A federated database system (FDBS) co..

Authorization and Access Control in IRO-DB *)

The paper describes authorization and access control in the IRO-DB database system, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative discretionary access control policy which supports positive, negative, as well as implied authorization, includes a procedure for conflict resolution within the set of specified authorization rules, and concentrates on role-based security.

Technical Enforcement of Informational Assurances

this paper is devoted to direct the readers attention to some recent contributions towards these goals. It is not intended to present a complete survey (that would be beyond the scope of the authors present resources) rather it concentrates on selected topics that the author believes to proceed in the right direction (and that the author is acquainted with from his actual experience)