Abstract
This paper proposes a taxonomy for secure object-oriented databases in order to clarify the issues in modeling and implementing such databases. It also indicates some implications of the various choices one may make when designing such a database. Most secure database models have been designed for relational databases. The object-oriented database model is more complex than the relational model. For these reasons, models for secure object-oriented databases are more complex than their relational counterparts. Furthermore, since views of the object-oriented model differ, each security model has to make some assumptions about the object-oriented model used for its particular database. A number of models for secure object-oriented databases have been proposed. These models differ in many respects, because they focus on different aspects of the security problem, or because they make different assumptions about what constitutes a secure database or because they make different assumptions about the object-oriented model. The taxonomy proposed in this paper may be used to compare the various models: Models that focus on specific issues may be positioned in the broader context with the aid of the taxonomy. The taxonomy also identifies the major aspects where security models may differ and indicates some alternatives available to the system designer for each such design choice. We show some implications of using specific alternatives. Since differences between models for secure object-oriented databases are often subtle, a formal notation is necessary for a proper comparison. Such a formal notation also facilitates the formal derivation of restrictions that apply under specific conditions. The formal approach also gives a clear indication about the assumptions made by us—given as axioms—and the consequences of those assumptions 1994—given as theorems.
Original language | English |
---|---|
Pages (from-to) | 3-46 |
Number of pages | 44 |
Journal | ACM Transactions on Database Systems |
Volume | 19 |
Issue number | 1 |
DOIs | |
Publication status | Published - 3 Jan 1994 |
Keywords
- formal security models
- information security
- multilevel secure databases
- object-orientation
ASJC Scopus subject areas
- Information Systems