Abstract
In this paper a mechanism for access control at the instance level of a class in object-oriented databases is suggested. The approach is based on the use of pseudo-random functions and sibling intractable functions. Each object-instance in the object-oriented model is associated with access keys that insure secure access to the object and all related objects. The security of the system depends on the difficulty of predicting the output of pseudorandom functions and finding extra collision for the sibling intractable function family. The authorization system supports ownership and granting/revoking of access rights.
Support for this project was provided in part by the Australian Research Council under the reference number A49530480.
Preview
Unable to display preview. Download preview PDF.
References
A. Baraani-Dastjerdi and J. Pieprzyk and R. Safavi-Naini and J. R. Getta. A Cryptographic Mechanism for Object-Instnace-Based Authorization in Object-Oriented Database Systems. Technical report, TR-95-1, Department of Computer Science, The University of Wollongong, Wollongong, Australia, 1995.
A. Baraani-Dastjerdi and J. R. Getta and J. Pieprzyk and R. Safavi-Naini. A Cryptographic Solution to Discretionary Access Control in Structurally Object-Oriented Databases. In Proceedings of the 6th Australian Database Conference (ADC'95), volume 17(2), pages 36–45, 1995.
D. B. Faatz and D. L. Spooner. Discretionary Access Control in Object-Oriented Engineering Database Systems. In Database Security IV: Status and Prospects, pages 73–83, 1991.
E. B. Fernandez and R. C. Summers and C. Wood. Database Security and Integrity. Addison-Wesley Publishing Company, 1981.
F. Rabitti and E. Bertino and W. Kim and D. Woelk. A Model of Authorization for Next-Generation Database Systems. ACM Transactions on Database Systems, 16(1):88–131, March 1991.
K. Dittrich. Object-Oriented Database Systems: The Notations and Issues. In Proceedings of the First International Workshop on Object-Oriented Database Systems. IEEE Computer Society Press, September 1986.
K. R. Dittrich and M. Hartig and H. Pfefferle. Discretionary Access Control In Structurally Object-Oriented Database Systems. In Database Security II: Status and Prospects, pages 105–121, 1989.
M. Atkinson and D. DeWitt and D. Maier and F. Bancilhon and K. Dittrich. The Object-Oriented Database System Manifesto. In Proceeding of First International Conference on DOOD89, pages 223–240, December 1989.
M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st ACM Symposium on Theory of Computing, pages 33–43. ACM, 1989.
P. P. Griffiths and B. W. Wade. An Authorization mechanism for a Relational Database System. ACM Transactions on Database Systems, 1(3):242–253, 1976.
S. G. Akl and P. D. Taylor. Cryptographic Solution To A Multilevel Security Problem. In Advances in Cryptology Proceedings of CRYPTO'82, pages 237–250. Plenum Press, 1982.
T. Hardjono and Y. Zheng and J. Seberry. A New Approach to Database Authentication. In Research and Practical Issues in Databases:Proceedings of the Third Australian Database Conference (Database'92), pages 334–342, 1992.
Won Kim. Object-Oriented Databases: Definition and Research Directions. IEEE Transactions on Knowledge and Data Engineering, 2(3):327–341, September 1990.
Y. Zheng and T. Hardjono and J. Pieprzyk. The Sibling Intractable Function Family (SIFF): Notation, Construction and Applications. IEICE Transactions, Fundamentals, E76-A(1):4–13, January 1993.
Yair Wand. A Proposal for a Formal Model of Objects. In Object-Oriented Concepts, Databases, and Applications, pages 537–559. Addison-Wesley, Reading, ACM Press, 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Baraani-Dastjerdi, A., Safavi-Naini, R., Pieprzyk, J., Getta, J.R. (1995). A cryptographic mechanism for object-instance-based authorization in object-oriented database systems. In: Papazoglou, M.P. (eds) OOER '95: Object-Oriented and Entity-Relationship Modeling. ER 1995. Lecture Notes in Computer Science, vol 1021. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0020519
Download citation
DOI: https://doi.org/10.1007/BFb0020519
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60672-7
Online ISBN: 978-3-540-48527-8
eBook Packages: Springer Book Archive