Journal of KIISE:Databases (한국정보과학회논문지:데이타베이스)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Content-Dependent Authorization Mechanism using Predicates

술어를 이용한 내용 의존적 권한부여 기법

  • Published : 2003.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we present a content-dependent authorization mechanism for object-oriented database systems. So far, several models of authorization for object-oriented databases have been proposed, but most of these models do not support the authorization based on the database content. This paper shows how the traditional content-independent authorization model can be extended to provide the content-dependent authorization using predicates on the values of attributes of a class. The proposed model makes it possible to group objects that satisfy the specified conditions on the values of the objects and to grant a single authorization on those objects. This model supports the negative authorization and provides the concept of the strong and weak authorization to resolve conflicts between positive and negative authorizations. In addition, we address and resolve some of the problems that arise when the predicates are associated with the authorization. In particular, since the authorization operations of the traditional content- independent model become inadequate for our mode, we redefine the semantics of the authorization operations.

본 논문은 객체지향 데이타베이스 시스템에서의 내용 의존적 권한부여 기법을 제시한다. 현재까지 객체지향 데이타베이스를 위한 많은 권한부여 모델들이 제안되었으나 대부분 데이타베이스의 내용에 기반한 권한부여를 지원하지 못하였다. 본 논문은 객체지향 데이타베이스를 위한 기존의 내용 독립적 권한부여 모델을 클래스의 애트리뷰트의 값에 대한 술어를 이용하여 확장한 내용 의존적 권한부여 모델을 제시하였다. 제시된 모델은 객체의 값에 대한 명시된 조건을 만족하는 객체들을 집단화하여 그러한 객체들에 대해 하나의 권한을 부여할 수 있게 한다. 또한 부정 권한을 지원하며 긍정 권한과 부정 권한 사이의 충돌을 해결하기 위하여 강성 권한과 약성 권한의 개념을 지원한다. 또한 권한에 술어를 결합시킴으로써 생기는 여러 가지 문제점들을 지적하고 이를 해결한다. 특히 내용 독립적 권한부여 모델에서의 권한 연산들이 본 논문에서 제시하는 모델에서 그대로 적용될 수 없음을 보이고 연산들의 의미를 재정의 하였다.

Keywords

References

  1. W.Kim. Authorization, Introduction to Object-Oriented Databases. The MIT Press, 1990
  2. F.Rabitti, E.Bertino, W.Kim, and D.Woelk, A Model of Authorization for Next-Generation Database Systems. ACM Transactions on Database Systems, Vol. 16, No. 1, Mar. 1991 https://doi.org/10.1145/103140.103144
  3. E.Fernandez, R.Summers and C.Wood. Database Security and Integrity, Addison-Wesley Publishing Company. 1981
  4. E.Bertino, P.Samarati, and S.Jajodia. An Extended Authorization Model for Relational Databases. IEEE Transactions on Knowledge and Data Engineering, Vol. 9, No. 1. Mar. 1997 https://doi.org/10.1109/69.567051
  5. P.P.Griffiths and B.W.Wade. An Authorization Mechanism for Relational Database System. ACM Transactions on Database Systems, Vol. 1, No. 3, pp 242-256. Sep. 1976 https://doi.org/10.1145/320473.320482
  6. W.Kim. On View Support in Object-Oriented Database System, Modern Database Systems: The Object Model, Interoperability, and Beyond, pp130-145. ACM Press, 1995
  7. E.Bertino, F.Origgi, and P.Samarati. A New Authorization Model for Object-Oriented Databases. Database Security VIII:Status and Prospects, Elsevier Science B.V. 1994. In Proceedings of the 3rd International Conference on Extending Database Technology EDBT 92, LNCS, Vol
  8. V.Atluri and A.Gal. An Authorization Model for Temporal and Derived Data: Securing Information Portals. ACM Transactions on Information and System Security, Vol.5, No. 1, pp 62-94. Feburary 2002 https://doi.org/10.1145/504909.504912
  9. A.Gal and V.Atluri. An Authorization Model for Temporal Data. In Proceedings of the Seventh ACM Conference on Computer and Communication Security, pp 144-153, November 2000 https://doi.org/10.1145/352600.352621
  10. A Content-Based Authorization Model for Digital Libraries. IEEE Transactions on Knowledge and Data Engineering, pp. 296-315, 2002 https://doi.org/10.1109/69.991718
  11. R.Ahad, P.Lyngbaek and E.Onuebge. Supporting access control in an object-oriented database language. 2580, pp184-200, Vienna, March. 1992
  12. E.Gudes, H.Song and E.Fernandez. Evaluation of Negative, Predicate, and Instance-based Authorization in Object-Oriented Databases. Database Security IV:Status and Prospects, Elsevier Science B.V. 1991