Abstract
The integration of autonomous information systems causes a fundamental problem for security management. How to ensure a consistent authorisation state if several independent software components are involved, each having an access control system of its own? In other words, how to ensure an organisation-wide security policy?
Argos has been developed for the CHASSIS1 project, where it serves as an access control system at the global layer of heterogeneous database federations. However, it can be used for any object-based system. The Argos mechanisms are very flexible; it is possible to enforce a variety of security policies in the area of identity-based access control (discretionary access control with several mandatory extensions).
Since database federations have to take the autonomy of component systems into account, Argos is able to propagate global authorisations to the involved (local) component systems. Autonomy means that the local systems are free to accept or reject these propagated authorisations. Therefore, the global system has to act as a coordinator of the involved component systems, which includes the enforcement of failure protocols.
In this paper, we focus on the propagation of global authorisations from the global to the local layers. Further, we describe the functionality of Argos, i.e. the spectrum of policies Argos is able to enforce.2
Chapter PDF
Similar content being viewed by others
References
Ahad, R. et al.; Supporting Access Control in an Object-Oriented Database Language; Proc. EDBT ’82, Vienna; Lecture Notes in Computer Science, 580, Springer-Verlag, 1992, 184–200
Atkinson, M.; Bancilhon, F.; DeWitt, D.; Dittrich, K.; Maier, D.; Zdonik, S.; The Object-Oriented Database System Manifesto; 1st International Conference on Deductive and Object-Oriented Databases, Kyoto, Dec. 1989
Bertino, E.; Jajodia, S.; Samarati, P.; Access Control in Object-Oriented Database Systems — Some Approaches and Issues; Adams, N.R.; Bhargava, B.K. (eds.); Advances in Database Systems; Lecture Notes in Computer Science, 759, Chapter 2, Springer-Verlag, Berlin, 1993
Bertino, E.; Origgi, F.; Samarati, P.;A New Authorization Model for Object-Oriented Databases; IFIP WG 11.3 8th Int. Conference on Database Security, Bad Salzdetfurth, Aug. 1994
Bertin, E.; Data Hiding and Security in Object-Oriented Databases; Proc. of the International Conference on Data Engineering, IEEE Computer Society Press, Phoenix, Feb. 1992, 338–347
Bertino, E.; Samarati, P.; Jajodia, S.; Authorization in Relational Database Management Systems; 1st ACM Computer and Communications Security Conference, Fairfax, VA, Nov. 1993
Bertino, E.; Samarati, P.; Jajodia, S.;An Extended Authorization Model for Relational Databases; to appear: IEEE Transactions on Data and Knowledge Engineering, 1995
Brüggemann, H.H.; Rights in an Object-Oriented Environment; Jajodia, S.; Landwehr, C. (eds.); Database Security, V. Status and Prospects, Elsevier, IFIP, 1992
Clark, D.D.; Wilson, D.R.; A Comparison of Commercial and Military Computer Security Policies; Proc. IEEE Symp. on Security and Privacy, Oakland, Apr. 1987, 184–194
Fagin, R.; On an Authorisation Mechanism; ACM Transactions on Database Systems, Vol. 3, No. 3, Sep. 1978, 310–319
Faatz, D.B.; Spooner, D.L.; Discretionary Access Control in Object-Oriented Engineering Database Systems; Jajodia, S.; Landwehr, C. (eds.); Database Security, IV: Status and Prospects; Elsevier,1TIP, 1991
Fernandez, E.B.; Gudes, E.; Song, H.; A Security Model for Object-Oriented Databases; 1989 IEEE Symp. on Security and Privacy, Oakland, CA, May 1989
Fernandez, E.B.; Summer, R.C.; Wood, Ch.; Database Security and Integrity; Addison-Wesley, MA, 1981
Fernandez, E.B.; Wu, J.; Fernandez, M.H.; User Group Structures in Object-Oriented Database Authorization; Proc. IFIP WG 11.3 8th Int. Conference on Database Security, Bad Salzdetfurth, Aug. 1994
Gal-Oz, N.; Gudes, E.; Fernandez, E.B.; A Model of Methods Access Authorization in Object-Oriented Databases; Proc. of the 17th VLDB, Dublin, Aug. 1993, 52–61
Graham, G.S.; Denning, P.J.; Protection — Principles and Practice; AFIPS Spring Joint Computer Conference, AMPS Press, Montvale, 1972, 417–429
Griffith, P.P.; Wade, B.W.; An Authorization Mechanism for a Relational Database System; ACM Transactions on Database Systems, Vol. 1, No. 3, Sep. 1976, 242–255
Gudes, E.; Song, H.; Fernandez, E.B.; Evaluation of Negative, Predicate, and Instance-based Authorization in Object-Oriented Databases; Jajodia, S.; Landwehr, C. (eds.); Database Security, IV: Status and Prospects; Elsevier, IFIP, 1991
Härtig, M.; Dittrich, K.R.; An Object-Oriented Integration Framework for Building Heterogeneous Database Systems; Proc. of the IFIP DS-5 Conference on Semantics of Interoperable Database Systems, Lorne, Australia, Nov. 1992
Harrison, M.A.; Ruzzo, W.L.; Ullman, J.D.; Protection in Operating Systems, Comm of the ACM, Vol. 19, No. 8, Aug. 1976, 461–471
Holbein, R.; Teufel, S.; A Security Service for Role Based Access Controls in Distributed Systems; 11th IFIP TC 11 International Conference on Computer Security SEC’95, South Africa, 1995, 270–285
Hu, M.-Y.; Demurjian, S.A.; Ting, T.C.; User-Role Based Security Profiles for an Object-Oriented Design Model; Thuraisingham, B.M.; Landwehr, C.E. (eds.); Database Security, VI: Status and Prospects, Elsevier, 1993, IFIP, 333–348
Hu, M.-Y.; Demurjian, S.A.; Ting, T.C.; User-Role Based Security in the ADAM Object-Oriented Design and Analysis Environment; Proc. IFIP WG 11.3 8th Int. Conference on Database Security, Bad Salzdetfurth, Aug. 1994
Jonscher, D.; Dittrich, K.R.; Access Control for Database Federations; a discussion of the state-of-the-art; Proc. DBTA Workshop on Interoperability of Database Systems and Database Applications, Fribourg, Switzerland, Oct. 1993, 156–178
Jonscher, D.; Dittrich, K.R.; A Formal Security Model based on an Object-Oriented Data Model; Technical Report No. 93.41, Institut far Informatik der Universität Zürich, Nov. 1993
Jonscher, D.; Dittrich, K.R.; An Approach for Building Secure Database Federa-tions; Proc. 20th VLDB Conference, Santiago, Chile, Sep. 1994, 24–35
Kent, W.; Object Orientation and Interoperability; NATO Advanced Study Institute, Kusadasi, Turkey, Aug. 1993
Lampson, B.W.; Protection; 5th Princeton Symp. on Information Science and Systems, Mar. 1971, 437–443
Larrondo-Petrie, M.M.; Gudes, E.; Song, H.; Fernandez, E.; Security Policies in Object-Oriented Databases; Spooner, D.L.; Landwehr, C. (eds.); Database Security, III: Status and Prospects, Elsevier, IFIP, 1990
Lunt, T.; Access Control Policies: Some Unanswered Questions; Computer Security Foundations Workshop, Franconia, Jun. 1988
Nicol, J.R.; Wilkes, C.Th.; Manola, F.A.; Object Orientation in Heterogeneous Distributed Computing Systems; IEEE Computer, Jun. 1993, 57–67
Nyanchama, G.M.; Osborn, S.L.; Database Security Issues in Distributed Object Oriented Databases; Proc. of the Int. Workshop on Distributed Object Management, Edmonton, Canada, Aug. 1992
Nyanchama, M.; Osborn, S.; Role-Based Security, Object Oriented Databases & Separation of Duty; SIGMOD RECORD, Vol. 22, No. 4, Dec. 1993, 45–51
The Common Object Request Broker: Architecture and Specification Document Number 91.12.1 Revision 1.1, Object Management Group and X Open
Pfefferle, H.; Härtig, M.; Dittrich, K.; Discretionary Access Control in Structurally Object-Oriented Database Systems; Proc. IFIP 11. 3 Workshop on Database Security, Kingston, Ontario, Canada, Oct. 1988
Rabitti, F.; Woelk, D.; Kim, W.; A Model of Authorization for Object-Oriented and Semantic Databases; Proc. of the International Conference on Extending Database Technology, Venice, Italy, Mar. 1988
Rabitti, F.; Bertino, E.; Kim, W.; Woelk, D.; A Model of Authorization for Next-Generation Database Systems; ACM Transactions on Database Systems, Vol. 19, No. 1, Mar. 1991, 88–131
Saltor, F.; Castellanos, M.; Garcia-Solaco, M.; Suitability of data models as canonical models for federated databases; SIGMOD Record, Vol. 20, No. 4, Dec. 1991
Sheth, A.P.; Larson, J.A.; Federated Database Systems for Managing Distributed, Heterogeneous, and Autonomous Databases; ACM Computing Surveys, Vol. 22, No. 3, Sep. 1990, 180–236
Spooner, D.L.; The Impact of Inheritance on Security in Object-Oriented Database Systems; Proc. IFIP WG 11. 3 Workshop on Database Security, Kingston, Ontario, Canada, Oct. 1988
Ting, T.C.; Demurjian, A.; Hu, M.-Y.; Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model; Jajodia, S.; Landwehr, C.E. (eds.); Database Security, V: Status and Prospects, Elsevier, IFIP, 1992
Ting, T.C.; Demurjian, S.A.; Hu, M.-Y.; On Information Hiding for Supporting User-Role Based Database Security in the Object-Oriented Paradigm; Jajodia, S.; Landwehr, C. (eds.); Database Security, V: Status and Prospects, Elsevier, IFIP, 1992
Wang, C.-Y.; Spooner, D.L.; Access Control in a Heterogeneous Distributed Database Management System; IEEE 6th Symp. on Reliability in Distributed Software and Database Systems, Williamsburg, VA, Mar. 1987, 84–92
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Jonscher, D., Dittrich, K.R. (1996). Argos — A Configurable Access Control System for Interoperable Environments. In: Spooner, D.L., Demurjian, S.A., Dobson, J.E. (eds) Database Security IX. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34932-9_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-34932-9_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2954-1
Online ISBN: 978-0-387-34932-9
eBook Packages: Springer Book Archive