Abstract
Access control is the cornerstone of information security and integrity, but the semantic diversity of object models makes it difficult to provide a common foundation for access control in object-oriented systems. This paper presents a primitive capability-based access control architecture that can model a variety of authorization policies. The architecture described is integrated at the meta-object level of the Meta-Object Operating System Environment, providing a common foundation for access control in heterogeneous object models.
Chapter PDF
Similar content being viewed by others
References
Agha, G.A. (1986) ACTORS: A Model of Concurrent Computation in Distributed Systems. MIT Press, Cambridge, Massachusetts.
Bell, D. (1994) Modeling the multipolicy machine. Proceedings of the New Security Paradigms Workshop, 2–9.
Bertino, E., Jajodia, S. and Samarati, P. (1996) Supporting multiple access control policies in database systems. Proceedings of the IEEE Symposium on Research in Security and Privacy, 94–109.
Bertino, E., Origgi, F. and Samarati, P. (1994) A new authorization model for object-oriented databases, in Database Security, VIII: Status and Prospects (eds. J. Biskup et al.), Elsevier, Amsterdam, 199–222.
Bruggemann, H.H. (1992) Rights in an object-oriented environment, in Database Security, V: Status and Prospects (eds. C. Landwehr and S. Jajodia), Elsevier, Amsterdam, 99–115.
Demurjian, S., Daggett, T., Ting, T.C. and Hu, M. (1995) U1IBS enforcement mechanisms for object-oriented systems, in Database Security, IX: Status and Prospects (eds. D. Spooner et al.), Chapman and Hall, London, 79–94.
Dittrich, K., Hartig, M. and Pfefferle, H. (1989) Discretionary access control in structurally object-oriented databases, in Database Security, II: Status and Prospects (ed. C. Landwehr), Elsevier, Amsterdam, 105–121.
Fabry, R. (1974) Capability-based addressing. Communications of the ACM, 17 (7), 403–412.
Fernandez, E.B., Wu, J. and Fernandez, M.H. (1994) User group structures in object-oriented database authorization, in Database Security, VIII: Status and Prospects (eds. J. Biskup et al.), Elsevier, Amsterdam, 5776.
Gal-Oz, N., Gudes, E. and Fernandez, E.B. (1993) A model of methods access authorization in object-oriented databases. Proceedings of the 19th International Conference on Very Large Databases, 52–61.
Hale, J., Threet, J. and Shenoi, S. (1997) A framework for high assurance security of distributed objects, in Database Security, X: Status and Prospects (eds. P. Samarati and R. Sandhu), Chapman and Hall, London, 99–115.
Jajodia, S. and Kogan, B. (1990) Integrating an object-oriented data model with multilevel security. Proceedings of the IEEE Symposium on Research in Security and Privacy, 76–85.
Jonscher, D. and Dittrich, K.R. (1995) Argos — A configurable access control system for interoperable environments, in Database Security, IX: Status and Prospects (eds. D. Spooner et al.), Chapman and Hall, London, 43–60.
Karger, P. (1984) An augmented capability architecture to support lattice security. Proceedings of the IEEE Symposium on Research in Security and Privacy, 2–12.
Karger, P. (1988) Implementing commercial data integrity with secure capabilities. Proceedings of the IEEE Symposium on Research in Security and Privacy, 130–139.
Keefe, T.F., Tsai, W.T. and Thuraisingham, M.B. (1989) Soda: A secure object-oriented database system. Computers P.4 Security, 8(6), 517–533.
Rabitti, F., Bertino, E., Kim, W. and Woelk, D. (1991) A model of authorization for next-generation database systems. ACM Transactions on Database Systems, 16 (1), 88–133.
Rosenberry, W., Kenney, D. and Fisher, G. (1993) Understanding DCE. O’Reilly and Associates, Inc., Sebastopal, California.
Stefik, M. and Bobrow, D.G. (1985) Object-oriented programming: Themes and variations. AI Magazine, 6 (4), 40–62.
Thomas, R.K. and Sandhu, R. (1993) Discretionary access control in objectoriented databases: Issues and research directions. Proceedings of theSixteenth National Computer Security Conference, 63–74.
Thuraisingham, M.B. (1989) Mandatory security in object-oriented database systems. ACM SIGPLAN Notices, 24 (10), 203–210.
Wiederhold, G. (1992) Mediators in the architecture of future information systems: A new approach. IEEE Computer, 25 (3), 38–49.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 IFIP
About this chapter
Cite this chapter
Hale, J., Threet, J., Shenoi, S. (1998). Capability-based primitives for access control in object-oriented systems. In: Lin, T.Y., Qian, S. (eds) Database Security XI. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35285-5_8
Download citation
DOI: https://doi.org/10.1007/978-0-387-35285-5_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2914-5
Online ISBN: 978-0-387-35285-5
eBook Packages: Springer Book Archive