ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Role-based security, object oriented databases and separation of duty
Full text PdfPdf (710 KB)
Source ACM SIGMOD Record archive
Volume 22 ,  Issue 4  (December 1993) table of contents
Pages: 45 - 51  
Year of Publication: 1993
ISSN:0163-5808
Authors
Matunda Nyanchama
Sylvia Osborn
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 57,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/166635.166652
What is a DOI?

ABSTRACT

In this paper we combined concepts of role-based protection and object oriented (O-O) databases to specify and enforce separation of duty as required for commercial database integrity [5, 23, 24]. Roles essentially partition database information into access contexts. Methods (from the O-O world) associated with a database object, also partition the object interface to provide windowed access to object information. By specifying that all database information is held in database objects and authorizing methods to roles, we achieve object interface distribution across roles. For processing in the commercial world we can design objects and distribute their associated methods to different roles. By authorizing different users to the different roles, we can enforce both the order of execution on the objects and separation of duty constraints on method execution.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
T. Andrews , C. Harris, Combining language and database advances in an object-oriented development environment, Readings in object-oriented database systems, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1989
 
2
[2] M. Atkinson, F. Bancilhon, D. DeWitt, K. R. Dittrich, D. Mater, and S. Zdonik. The Object Oriented Manifesto. In ACM SIGMOD '90 Proceedings, page 395, May 1990.
 
3
[3] R. W. Baldwin. Naming & Grouping Privileges to Simplify Security Management in Large Databases. In Proc. 1990 IEEE Symposium on Research in Security and Privacy , pages 116-132. IEEE Computer Society Press, May 1990.
4
Jay Banerjee , Hong-Tai Chou , Jorge F. Garza , Won Kim , Darrell Woelk , Nat Ballou , Hyoung-Joo Kim, Data model issues for object-oriented applications, ACM Transactions on Information Systems (TOIS), v.5 n.1, p.3-26, Jan. 1987  [doi>10.1145/22890.22945]
 
5
[5] D. D. Clark and D. R. Wilson. A Comparison of Commercial and Military Security Policies. In Proc. 1987 IEEE Symposium on Security and Privacy, pages 184-194. IEEE Computer Society Press, April 1987.
 
6
K. R. Dittrich, Object-oriented database systems: the next miles of the marathon, Information Systems, v.15 n.1, p.161-167, 1990  [doi>10.1016/0306-4379(90)90022-H]
 
7
[7] J. E. Dobson and J. A. McDermid. Security Models and Enterprise Models. In C.E. Landwehr, editor, Database Security II: Status & Prospects, pages 1-39. North-Holland, 1989.
 
8
[8] The Object Oriented Database Task Group. Final Report of the Object Oriented DataBase Task Group--OODBTG. Sept 1991.
 
9
[9] S. Jajodia and B. Kogan. Integrating an Object-Oriented Data Model with Multilevel Security. In Proc. 1990 IEEE Computer Society Symposium on Research in Security and Privacy, pages 76-85. IEEE Computer Society Press, May 1990.
 
10
[10] P.A. Karger. Implementing Commercial Data Integrity with Secure Capabilities. In Proc. 1988 IEEE Symposium on Security and Privacy, pages 130-139. IEEE Computer Society Press, April 1988.
11
Setrag N. Khoshafian , George P. Copeland, Object identity, Conference proceedings on Object-oriented programming systems, languages and applications, p.406-416, September 29-October 02, 1986, Portland, Oregon, United States
 
12
W. Kim, Object-Oriented Databases: Definition and Research Directions, IEEE Transactions on Knowledge and Data Engineering, v.2 n.3, p.327-341, September 1990  [doi>10.1109/69.60796]
 
13
L. G. Lawrence, The role of roles, Computers and Security, v.12 n.1, p.15-21, Feb. 1993  [doi>10.1016/0167-4048(93)90004-O]
14
C. Lecluse , P. Richard , F. Velez, O2, an object-oriented data model, Proceedings of the 1988 ACM SIGMOD international conference on Management of data, p.424-433, June 01-03, 1988, Chicago, Illinois, United States
 
15
[15] T. M. P. Lee. Using Mandatory Integrity to Enforce "Commercial" Security. In Proc. 1988 IEEE Symposium on Security and Privacy, pages 140-146. IEEE Computer Society Press, April 1988.
 
16
[16] M.J. Nash and K.R. Poland. Some Conundrums Concerning Separation of Duty. In Proc. 1990 IEEE Computer Society Symposium on Research in Security and Privacy, pages 201- 207. IEEE Computer Society Press, May 1990.
17
Matunda Nyanchama , Sylvia Osborn, Role-based security: pros, cons, & some research directions, ACM SIGSAC Review, v.11 n.2, p.11-17, Spring 1993  [doi>10.1145/153949.153952]
 
18
[18] S.L. Osborn. Algebraic Query Optimization for an Object Algebra. Tech. Report #251, Department of Computer Science, University of Western Ontario, London Canada, 1989.
 
19
S. L. Osborn, The Role of Polymorphism in Schema Evolution in an Object-Oriented Database, IEEE Transactions on Knowledge and Data Engineering, v.1 n.3, p.310-317, September 1989  [doi>10.1109/69.87977]
20
Fausto Rabitti , Elisa Bertino , Won Kim , Darrell Woelk, A model of authorization for next-generation database systems, ACM Transactions on Database Systems (TODS), v.16 n.1, p.88-131, March 1991  [doi>10.1145/103140.103144]
21
Ravinderpal S. Sandhu, The NTree: a two dimension partial order for protection groups, ACM Transactions on Computer Systems (TOCS), v.6 n.2, p.197-222, May 1988  [doi>10.1145/42186.42187]
 
22
R. S. Sandhu, Recognizing Immediacy in an N-Tree Hierarchy and its Application to Protection Groups, IEEE Transactions on Software Engineering, v.15 n.12, p.1518-1525, December 1989  [doi>10.1109/32.58764]
 
23
[23] Ravi Sandhu. Separation of Duties in Computerized Information Systems. In S. Jajodia and C. E. Landwehr, editors, Database Security, IV: Status and Prospects, pages 179-189. North-Holland, 1991.
 
24
[24] D.J. Thomsen. Role-Based Application Design and Enforcement. In S. Jajodia and C. E. Landwehr, editors, Database Security, IV: Status and Prospects, pages 151-168. North-Holland, 1991.
 
25
T. C. Ting , Steven A. Demurjian , M.-Y. Hu, Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model, Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects, p.275-296, November 01, 1991

CITED BY  6
Matunda Nyanchama , Sylvia Osborn, The role graph model, Proceedings of the first ACM Workshop on Role-based access control, p.12-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States
Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999
Luigi Giuri , Pietro Iglio, Role templates for content-based access control, Proceedings of the second ACM workshop on Role-based access control, p.153-159, November 06-07, 1997, Fairfax, Virginia, United States
Raymond K. Wong, RBAC support in object-oriented role databases, Proceedings of the second ACM workshop on Role-based access control, p.109-120, November 06-07, 1997, Fairfax, Virginia, United States
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999
Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the fifth ACM workshop on Role-based access control, p.21-30, July 26-28, 2000, Berlin, Germany

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.1 MODELS AND PRINCIPLES

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.0 General
          Subjects: Security, integrity, and protection**


General Terms:
Design, Human Factors, Management, Performance, Reliability, Security, Theory

Collaborative Colleagues:
Matunda Nyanchama: colleagues
Sylvia Osborn: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player