Abstract
System security services like authentication, access control and auditing are becoming increasingly critical for information systems particularly in distributed heterogeneous environments. Since information system architectures are moving rapidly from centralized, grand unifying architectures towards open, service-oriented and communication-based environments (“Persistent Object Systems”) constructed with well-organized component technologies it is essential that such structural changes are reflected adequately in the architecture of system security services.
In this paper we present an open, library-based approach to the se?curity of Persistent Object Systems which generalizes and unifies the protection mechanisms that traditionally come bundled with database, communication or operating system services. More specifically, we illustrate how polymorphic typing can be exploited to abstract from par?ticular commercially available security services, such as Kerberos, and how higher-order functions allow the user to add value to existing secu?rity services. Furthermore, we demonstrate how higher-order functions, first-class modules and reflection provide a technical framework for the realization of domain-specific security policies and for the systematic construction of security-enhanced activities.
This research is supported by ESPRIT Basic Research, Project FIDE, #6309 and by a grant from the German Israeli Foundation for Research and Development (bulk data classification, I-183 060).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M.P. Atkinson and P. Bunemann. Types and persistence in database programming languages. ACM Computing Surveys, 19 (2), June 1987.
M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Technical report, DEC System Research Center, 1989.
D.E. Bell and L.J. LaPadula. Secure computer systems: Mathe-matical foundations. Technical Report ESD-TR-73–278, Vol. 1, The MITRE Corporation, Bedford, Massachusetts, 1973.
R. Burstall and B. Lampson. A kernel language for abstract data types and modules. In Semantics of Data Types, volume 173 of Lecture Notes in Computer Science. Springer-Verlag, 1984.
D.F.C. Brewer and J.W. Nash. The chinese wall security policy. In Proceedings 1989 IEEE Symposium on Security and Privacy,Oakland, California, 1989. IEEE Computer Society Press.
L. Cardelli. Structural subtyping and the notion of power type. In Proceedings of the Fifteenth ACM Symposium on Principles of Programming Languages, San Diego, California, 1988.
L. Cardelli. Typeful programming. Technical Report 45, Digital Equipment Corporation, Systems Research Center, Palo-Alto, California, May 1989.
Data encryption standard. Federal Information Processing Standards, no. 46, National Bureau of Standards, U.S. Department of Commerce, 1977.
D.D. Downs, J.R. Rub, C.K. Kung, and C.S. Jordan. Issues in discretionary access control. In Proceedings 1985 IEEE Symposium on Security and Privacy, pages 208–218, April 1985.
W. Fumy and P. Landrock. Principles of key management. IEEE Journal on Selected Areas in Communications, 11 (5): 785–793, May 1993.
A. Gawecki and F. Matthes. The Tycoon machine language TML: An optimizable persistent program representation. FIDE Technical Report FIDE/94/100, Fachbereich Informatik, Universität Hamburg, Germany, August 1994.
J. Linn. Practical authentication for distributed computing. In Pro-ceedings 1990 IEEE Symposium on Research in Security and Pri-vacy, pages 31–40. IEEE Computer Society Press, 1993.
F. Matthes. Persistente Objektsysteme: Integrierte Datenbanken-twicklung und Programmerstellung Springer-Verlag, 1993. (In German.).
J.K. Millen. Models of multilevel computer security. Advances in Computers, 29: 1–45, 1989.
F. Matthes and J.W. Schmidt. System construction in the Tycoon environment: Architectures, interfaces and gateways. In P.P. Spies, editor, Proceedings of Euro-Arch’98 Congress, pages 301–317. Springer-Verlag, October 1993.
F. Matthes and J.W. Schmidt. Persistent threads. To appear in the Proceedings of the Twentieth Conference on Very Large Databases, VLDB, 1994, Santiago, Chile, 1994.
S.J. Mullender. Protection. In S.J. Mullender, editor, Distributed Systems, chapter 7, pages 117–132. ACM Press, 1991.
R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21 (2), 1978.
J.W. Schmidt and F. Matthes. Lean languages and models: Towards an interoperable kernel for persistent object systems. In Proceedings of the IEEE International Workshop on Research Issues in Data Engineering, pages 2–16, April 1993.
J.G. Steiner, B.C. Neumann, and J.I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 Usenix Conference, February 1988.
Trusted computer system evaluation criteria. Department of Defense, DOD 5200.28-STD, 1985.
S.T. Vinter. Extended discretionary access controls. In Proceedings 1988 IEEE Symposium on Security and Privacy, pages 39–49, April 1985.
M. Yap and D. Sng. Building public concurrent engineering frame-works on a national information infrastructure. In Proceedings of 2nd IEEE Workshop on Enabling Technologies Infrastructure for Collaborative Enterprises, West Virginia, U.S.A., April 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rudloff, A., Matthes, F., Schmidt, J.W. (1995). Security as an Add-On Quality in Persistent Object Systems. In: Eder, J., Kalinichenko, L.A. (eds) East/West Database Workshop. Workshops in Computing. Springer, London. https://doi.org/10.1007/978-1-4471-3577-7_7
Download citation
DOI: https://doi.org/10.1007/978-1-4471-3577-7_7
Publisher Name: Springer, London
Print ISBN: 978-3-540-19946-5
Online ISBN: 978-1-4471-3577-7
eBook Packages: Springer Book Archive