Abstract
User-role based security (URBS) has drawn significant attention in recent years for its ability to customize security privileges according to the responsibilities of individual user roles. In object-oriented applications, the public interface of each class contains methods for all potential users of the class. URBS can be introduced to promote a strategy that controls access on a role-by-role basis, with different roles having access to specific subsets of each public interface based on their responsibilities within the application. This paper continues these efforts by investigating approaches for extensible and reusable URBS enforcement mechanisms for object-oriented systems. Such approaches should insulate software engineers from security concerns while simultaneously embedding the URBS policies into compiled applications that then behave differently based on an individual’s role. We consider generic security classes that stress uniformity, encapsulate security details, and promote software reuse. We explore exception handling as an vehicle for achieving dynamic role-based behavior. Together, generics and exception handling yield an approach that attains software reuse and software evolution.
Chapter PDF
Similar content being viewed by others
References
J. Barkley, “Implementing Role-Based Access Control Using Object Technology”, Proc. of First ACM Workshop on Role-Based Access Control, Gaithersburg, MD, November 1995.
S. Demurjian, M.-Y. Hu, T.C. Ting, and D. Kleinman, “Towards an Authorization Mechanism for User-Role Based Security in an Object-Oriented Design Model”, Proc. of 1993 Phoenix Conf. on Computers and Communications Scottsdale, AZ, March 1993.
S. Demurjian and T.C. Ting, “The Factors that Influence Apropos Security Approaches for the Object-Oriented Paradigm”, Workshops in Computing, Springer-Verlag, 1994.
S. Demurjian, T. Daggett, T.C. Ting, and M.-Y. Hu, “URBS Enforcement Mechanisms for Object-Oriented Systems and Applications”, in Database Security, IX: Status and Prospects, D. Spooner, S. Demurjian, and J. Dobson (eds.), Chapman Hall, 1995.
S. Demurjian, M.-Y. Hu, and T.C. Ting, “Role-Based Access Control for ObjectOriented/C++ Systems”, Proc. of First ACM Workshop on Role-Based Access Control, Gaithersburg, MD, November 1995.
K. El Guemhioui, S. Demurjian, T. Peters, and H. Ellis, “Profiling in an Object-Oriented Design Environment that Supports Ada 9X and Ada 83 Code Generation”, Proc. of 1994 TriAda Conf. Baltimore, MD, Nov. 1994.
H. Ellis and S. Demurjian, “Object-Oriented Design and Analyses for Advanced Application Development—Progress Towards a New Frontier”, Proc. of the 21st Annual ACM Computer Science Conf., Feb. 1993.
W. Harrison and H. Ossher, “Subject-Oriented Programming (A Critique of Pure Objects)”, Proc. of 1993 OOPSLA Conf., Oct. 1993.
M.-Y. Hu, S. Demurjian, and T.C. Ting, “User-Role Based Security Profiles for an Object-Oriented Design Model”, in Database Security, VI: Status and Prospects, C. Landwehr and B. Thuraisingham (eds.), North-Holland, 1993.
M.-Y. Hu, “Definition, Analyses, and Enforcement of User-Role Based Security in an Object-Oriented Design Model”, Ph.D. Degree Dissertation, The University of Connecticut, May 1993.
M.-Y. Hu, S. Demurjian, and T.C. Ting, “Unifying Structural and Security Modeling and Analyses in the ADAM Object-Oriented Design Environment”, in Database Security, VIII: Status and Prospects, J. Biskup, C. Landwehr, and M. Morgenstern (eds.), Elsevier Science, 1994.
F. H. Lochovsky and C. C. Woo, “Role-Based Security in Data Base Management Systems”, in Database Security: Status and Prospects, C. Landwehr (ed.), North-Holland, 1988.
D. Needham, S. Demurjian, K. El Guemhioui, T. Peters, P. Zemani, M. McMahon, H. Ellis “ADAM: A Language-Independent, Object-Oriented, Design Environment for Modeling Inheritance and Relationship Variants in Ada 95, C++, and Eiffel”, Proc. of 1996 TriAda Conf. Philadelphia, PA, December 1996.
H. Ossher, et al., “Subject-Oriented Composition Rules’ ”, Proc. of 1995 OOPSLA Conf., Oct. 1995.
F. Rabitti, et al., “A Model of Authorization for Next Generation Database Systems”, ACM Trans. on Database Systems, Vol. 16, No. 1, March 1991.
J. Richardson and P. Schwarz, “Aspects: Extending Objects to Support Multiple, Independent Roles”, Proc. of 1991 ACM SIGMOD Conf., May 1991.
R. Sandhu, et al., “Role-Based Access Control Models”, IEEE Computer, Vol. 29, No. 2, Feb. 1996.
D. Spooner, “The Impact of Inheritance on Security in Object-Oriented Database Systems”, in Database Security, II: Status and Prospects, C. Landwehr (ed.), North-Holland, 1989.
T.C. Ting, “A User-Role Based Data Security Approach”, in Database Security: Status and Prospects, C. Landwehr (ed.), North-Holland, 1988.
T.C. Ting, S. Demurjian, and M.-Y. Hu, “Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model”, in Database Security, V: Status and Prospects, C. Landwehr and S. Jajodia (eds.), North-Holland, 1992.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Demurjian, S.A., Ting, T.C., Price, M., Hu, M.Y. (1997). Extensible and Reusable Role-Based Object-Oriented Security. In: Samarati, P., Sandhu, R.S. (eds) Database Security. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35167-4_18
Download citation
DOI: https://doi.org/10.1007/978-0-387-35167-4_18
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2900-8
Online ISBN: 978-0-387-35167-4
eBook Packages: Springer Book Archive