Abstract
This paper describes the security architecture of the IRO-DB database federation, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative, discretionary access control policy supporting positive, negative, as well as implied authorizations. It includes a procedure for conflict resolution within the set of specified authorization rules, and concentrates on role-based security. Additionally, the integration of heterogeneous, local security policies of database systems joining the federation is discussed.
This work is supported in part by the European ESPRIT III program under project Nr. 8629.
Chapter PDF
Similar content being viewed by others
Keywords
References
Atwood, T., Duhl, J., Ferran, G., Loomis, M., and Wade, D. (1993) The Object Database Standard: ODMG-93, Release 1.1. Morgan Kaufmann Publishers, San Francisco, California, USA.
Bertino, E., Kim, W., Rabitti, F. and Woelk, D. (1991) A Model of Authorization for Next-Generation Database Systems. ACM ToDS, Vol. 16/1.
Eßmayr, W., Kastner, F., Pernul, G., Preishuber, S., and Tjoa, A M. (1995) Access Controls for Federated Database Environments. Proc. Joint IFIP TC 6 and TC 11 Working Conf. on Communications and Multimedia Security, Graz, Austria.
Eßmayr, W., Kastner, F., Pernul, G., Preishuber, S., and Tjoa, A M. (1996) Authorization and Access Control in IRO-DB. Proc. of the 12th Int. Conf on Data Engineering, New-Orleans, Louisiana, USA.
Fernandez, E.B., Gudes, E. and Song, H. (1994a) A Model for Evaluation and Administration of Security in Object-Oriented Databases. IEEE Trans. on Knowl. Amp; Data Eng., Vol. 6 /2.
Fernandez, E.B., Wu, J., and Fernandez, M.H. (1994b) User Group Structures in Object-Oriented Database Authorization. Proc. IFIP WG 11.3 Database Security, 1994. In: Database Security VIII, Status and Prospects (J. Biskup, M. Morgenstern, C. E. Landwehr, Eds). North Holland (Elsevier).
Gardarin G., Gannouni S., Finance B., Fankhauser P., Klas W., Pastre D., Legoff R., Ramfos A. (1994). IRO-DB: A Distributed System Federating Object and Relational Databases. In Bukhres O. and Elmargarmid A.K., Object-Oriented Multidatabase Systems, Prentice Hall.
Jonscher, D. and Dittrich, K.R. (1993) Access Control for Database Federations. DBTA Workshop on Interoperablity of Database Systems and Database Applications, Fribourg.
Jonscher, D. and Dittrich, K.R. (1994) An Approach for Building Secure Database Federations. Proc. 20th Int. Conf. on Very Large Databases (VLDB), Santiago, Chile.
Jonscher, D. and Dittrich, K.R. (1995) Argos - A Configurable Access Control System for Interoperable Environments.
Morgenstern, M., Lunt, T.F., Thuraisingham, B. and Spooner, D.L. (1992) Security Issues in Federated DBSs: Panel Contributions. Proc. of the Working Conf. of the IFIP WG 11.3 on Database Security.
Nyanchama, M., Osborn, S. (1994) Access Rights Administration in Role-Based Security Systems. Proc. IFIP WG 11.3 Database Security, 1994. In: Database Security V III, Status and Prospects (J. Biskup, M. Morgenstern, C. E. Landwehr, Eds). North Holland (Elsevier ).
Pernul, G. (1992) Canonical Security Modeling for Federated Databases. Proc. of IFIP TC2/WG 2.6 Conf, on Semantics of Interoperable Database Systems (DS’S), Lorne, Australia.
Pernul, G. (1994) Database Security. In: Advances in Computers, Vol.38, pp. 1–72. (M. C. Yovits, ed.). Academic Press.
Sheth, A.P. and Larson, J.A. (1990) Federated Database Systems for Managing Distributed, Heterogeneous, and Autonomous Databases. ACM Computing Surveys, Vol. 22 /3.
Wang, C.Y. and Spooner, D.L. (1987) Access Control in a Heterogeneous Distributed Database Management System. Proc. Sixth Symp. on Reliability in Distributed Software and Database Systems, IEEE Computer Society Press.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Eßmayr, W., Kastner, F., Pernul, G., Tjoa, A.M. (1996). The security architecture of IRO-DB. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_22
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_22
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive