A Heuristic for Securing Hypertext Systems

  • Martin S. Olivier
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)


This paper considers the security requirements of hypertext and hypermedia systems. The emphasis is on the mechanism used to determine which subjects should be allowed to access which information. Many of the concerns are already being addressed by current secure database research—especially secure object-oriented database research. However, the particular structure of hypertext and hypermedia system allows one to study the particular requirements of such systems.

This paper considers the types of links that may be used in such systems and proposes a heuristic based on link types to simplify labelling entities to be protected. Such a heuristic is important since a typical hypertext system may contain extremely many nodes and links. The heuristic will help to reduce the burden of assigning labels to nodes and decrease the amount of time before the system can be used.

Keyword Codes

H.5.1 K.6.5 H.3.5 


Multimedia Information Systems Security and Protection Online Information Systems 


  1. Feldman, T (1994) Multimedia, Chapman & Hall, LondonGoogle Scholar
  2. Garvey, TD and Lunt, TF (1991) Cover Stories for Database Security, Proceedings of the Fifth IFIP WG11.3 Workshop on Database Security, Shepherdstown, USAGoogle Scholar
  3. Gay, G and Mazur, J (1991) Navigating in Hypermedia, in Hypertext/Hypermedia Handbook, (eds E Berk and J Devlin ), McGraw-Hill, New YorkGoogle Scholar
  4. Lunt, TF (1990) Multilevel Security for Object-Oriented Database Systems, pp 199–209 in Database Security III: Status and Prospects (eds DL Spooner and C Landwehr), North-Holland, AmsterdamGoogle Scholar
  5. Maurer, H (1993) An Overview of Hypermedia and Multimedia Systems, ppl-12 in Virtual Worlds and Multimedia (eds NM Thalman and D Thalman), WileyGoogle Scholar
  6. Kim, W (1991) Object-oriented Database Systems: Strengths and Weaknesses, Journal of Object-oriented Programming, 4, 4, 21–29Google Scholar
  7. Olivier, MS and Von Solms, SH (1994) A Taxonomy for Secure Object-oriented Databases, ACM Transactions on Database Systems, 19, 1, 3–46CrossRefGoogle Scholar
  8. Olivier, MS (1994) A Multilevel Secure Federated Database, Proceedings of the Eighth IFIP 11.3 Working Conference on Database Security, Bad Salzdetfurth, GermanyGoogle Scholar
  9. Olivier, MS (1995) Self-protecting Objects in a Secure Federated Database SubmittedGoogle Scholar
  10. Pernul, G (1993) Canonical Security Modelling for Federated Databases, pp207–22 in In-teroperable Database Systems (eds DK Hsiao, EJ Neuhold and R Sacks-Davis), Elsevier, AmsterdamGoogle Scholar
  11. Pfleeger, CP (1989) Security in Computing, Prentice-Hall, LondonGoogle Scholar
  12. Rabitti, F, Bertino, E, Kim, W and Woelk, D (1991) A Model of Authorization for Next-Generation Database Systems, ACM Transactions on Database Systems, 16, 1, 88–131CrossRefGoogle Scholar
  13. Sandhu, RS (1993) Lattice-based Access Control Models, IEEE Computer, 9–19Google Scholar
  14. Slatin, JM (1991) Composing Hypertext: A Discussion for Writing Teachers, pp55–64 in Hypertext/Hypermedia Handbook (eds E Berk and J Devlin), McGraw-Hill, New YorkGoogle Scholar
  15. Stein, RM (1994) Object Databases, Byte, 74–84Google Scholar
  16. Thuraisingham, B (1993) Multilevel Security for Information Retrieval Systems, Information F Management, 24, 93–103CrossRefGoogle Scholar
  17. Thuraisingham, B (1994) Security Issues for Federated Database Systems, Computers F Security, 13, 509–25CrossRefGoogle Scholar
  18. Thuraisingham, B (1995) Multilevel Security for Information Retrieval Systems — II, Information F Management, 28, 49–61CrossRefGoogle Scholar
  19. Van Dyke Parunak, H (1991) Ordering the Information Graph, pp299–325 in Hypertext/Hypermedia Handbook (eds E Berk and J Devlin), McGraw-Hill, New YorkGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 1995

Authors and Affiliations

  • Martin S. Olivier
    • 1
  1. 1.Department of Computer ScienceRand Afrikaans UniversityJohannesburgSouth Africa

Personalised recommendations