Abstract
In current database systems the responsibility for enforcing security is often given to the various application programs. Even where the database management system does supply security mechanisms, a single application program often handles sensitive transactions for some users and therefore needs a high clearance for accessing data-this may render the provided mechanisms inadequate. Furthermore, the user's identity is often concealed because the user has many "software agents" acting on its behalf-especially in distributed environments. A simple mapping between subjects and objects is no longer possible. We propose a model for extending object-oriented database systems to enable objects themselves to ensure security-that is, to protect themselves. This extension is based on the concept of "baggage"-baggage is collected from all components involved in any request; this baggage may then be verified by the object against its personal security profile before any method is executed.
Original language | English |
---|---|
Pages (from-to) | 259-271 |
Number of pages | 13 |
Journal | Computers and Security |
Volume | 11 |
Issue number | 3 |
DOIs | |
Publication status | Published - May 1992 |
Keywords
- DBMS
- Multilevel secure database
- Object-oriented
- Path context model (PCM)
- Security
ASJC Scopus subject areas
- General Computer Science
- Law