Abstract
Interoperation and information sharing among databases independently developed and maintained by different organizations is today a pressing need, if not a practice. Governmental, military, financial, medical, and private institutions are more and more required to become part of a distributed infrastructure and selectively share their data with other organizations. This sharing process inevitably opens the local system to new vulnerabilities and enlarges the space of possible threats to the data and resources it maintains. As a complicating factor, in general, data sources are heterogeneous both in the data models they adopt and in the security models by which protection requirements are stated. We present a modeling and architectural solution to the problem of providing interoperation while preserving autonomy and security of the local sources based on the use of wrappers and a mediator. A wrapper associated with each source provides a uniform data interface and a mapping between the source’s security lattice and other lattices. The mediator processes global access requests by interfacing applications and data sources. The combination of wrappers and mediator thus provides a uniform data model interface and allows the mapping between restrictions stated by the different security policies. We describe the practical application of these ideas to the problem of trusted interoperation of health care databases, targeted to enforcing security in distributed applications referring to independent heterogeneous sources protected by mandatory policy restrictions. We describe the architecture and operation of the system developed, and describe the tasks of the different components.
A preliminary version of this paper appeared under the title “Secure Interoperation of Heterogeneous Systems: A Mediator-Based Approach,”in Proc. of the IFIP 14th International Conference on Information Security (SEC’98), Vienna-Budapest, 31 August-2 September”, 1998 [8].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D.E. Bell and L.J. La Padula, “Secure computer systems: Unified exposition and multics interpretation,” Technical Report, The Mitre Corp., 1974.
J. Biskup, U. Regel, and Y. Karabulut, “Secure mediation: Requirements and design,” in Database Security XII: Status and Prospects, Sushil Jajodia (Ed.), Kluwer, 1999.
P. Bonatti, M.L. Sapino, and V.S. Subrahmanian, “Merging heterogeneous security orderings,” in Proc. 4th European Symp. on Research in Computer Security (ESORICS 96), Rome, Italy, September 1996.
K.S. Candan, S. Jajodia, and V.S. Subrahmanian, “Secure mediated databases,” in Proc. 12th International Conference on Data Engineering (1CDE ′96) New Orleans, Lousiana, February 1996.
S. Dawson, “Optimization techniques for trusted semantic interoperation,” Technical Report, SRI International, November 1997.
S. Dawson, J. Gryz, and X. Qian, “Query folding with functional dependencies,” Technical Report, SRI International, 1996.
S. Dawson and X. Qian, “Query mediation for trusted database interoperation,” in Proc. 1997 DoD Database Colloquium, San Diego, CA, September 1997.
S. Dawson, S. Qian, and P. Samarati, “Secure interoperation of heterogeneous systems: A mediator-based approach,” in Proc. of the IFIP 14th International Conference on Information Security (SEC′98), Vienna-Budapest, 31 August-2 September, 1998.
D.E. Denning, T.F. Lunt, R. Schell, M. Heckman, and S. Shockley, “Secure distributed data view (SeaView)—the Sea View formal security policy model,” Technical Report, SRI International, July 1987.
S. De Capitani di Vimercati and P. Samarati, “Authorization specification and enforcement in federated database systems,” Journal of Computer Security, vol. 5, no. 2, pp. 155–188, 1997.
L. Gong and X. Qian, “Computational issues in secure interoperation,” IEEE Transactions on Software Engineering, vol. 22, no. 1, pp. 43–52, January 1996.
D. Jonscher and K.R. Dittrich, “An approach for building secure database federations,” in Proc. 20th VLDB Conference, Santiago, Chile, 1994.
D. Jonscher and K.R. Dittrich, “Argos—A configurable access control subsystem which can propagate access rights,” in Proc. 9th IFIP Working Conference on Database Security, Rensselaerville, New York, August 1995.
A.Y. Levy, A. Rajaraman, and J.J. Ordille, “Querying heterogeneous information sources using source descriptions,” in Proc. of the 22nd International Conference on Very Large Databases (VLDB′96), Mumbay, India, September 1996, pp. 251–262.
M. Morgenstern, T.F. Lunt, B. Thuraisingham, and D.L. Spooner. Security issues in federated database systems: Panel contributions, in Database Security, V: Status and Prospects, C. E. Landwehr and S. Jajodia (Eds.), IFIP, Shepherds Town, West Virginia, 1992, pp. 131–148.
M.S. Olivier, “A multilevel secure federated database,” in Proc. 9th IFIP Working Conference on Database Security, Rensselaerville, New York, August 1995, pp. 23–38.
Y. Papakostantantinou, S. Abiteboul, and H. Garcia-Molina, “Object fusion in mediator systems,” in Proc. 22nd International Conference on Very Large Databases (VLDB′96), Mumbay, India, September 1996.
X. Qian, “Query folding,” in Proc. Twelfth International Conference on Data Engineering, 1996, pp. 48–55.
X. Qian and T. Lunt, “Semantic interoperation: A query mediation approach,” Technical Report TR 94-02, SRI International, 1994.
A.P. Sheth and J.A. Larson, “Federated database systems for managing distributed, heterogeneous, and autonomous databases,” ACM Computing Surveys, vol. 22, no. 3, 1990, pp. 183–236.
B. Thuraisingham and H.H. Rubinovitz, “Multilevel security issues in distributed database management systems III,” Computers & Security, vol. 11, pp. 661–674, 1992.
C.Y. Wang and D.L. Spooner, “Access control in a heterogeneous distributed database management system,” in IEEE 6th Symp. on Reliability in Distributed Software and Database Systems, Williamsburg, 1987, pp. 84–92.
G. Wiederhold, “Mediators in the architecture of future information systems,” IEEE Computer, vol. 25, no. 3, March 1992, pp. 38–49.
G. Wiederhold, M. Bilello, and C. Donahue, “Web implementation of a security mediator for medical databases,” in Database Security XI: Status and Prospects, T.Y. Lin and S. Qian (Eds.), Chapman & Hall, 1998, pp. 60–72.
G. Wiederhold, M. Bilello, V. Sarathy, and X. Qian, “A security mediator for health care information,” in Proc. 1996 AMIA Conference, lournal of the AMIA, Washington, DC, October 1998, pp. 120–124.
M. Winslett, N. Ching, V. Jones, and Slepchin, “Using digital credentials on the world wide web,” Journal of Computer Security, vol. 5, no. 3, pp. 255–267, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer Science+Business Media New York
About this chapter
Cite this chapter
Dawson, S., Qian, S., Samarati, P. (2000). Providing Security and Interoperation of Heterogeneous Systems. In: Atluri, V., Samarati, P. (eds) Security of Data and Transaction Processing. Springer, Boston, MA. https://doi.org/10.1007/978-1-4615-4461-6_5
Download citation
DOI: https://doi.org/10.1007/978-1-4615-4461-6_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4613-7009-3
Online ISBN: 978-1-4615-4461-6
eBook Packages: Springer Book Archive