Previous | Table of Contents | Next |
James Cannady
Object-oriented (OO) methods are a significant development in the management of distributed data. Data base design is influenced to an ever-greater degree by OO principles. As more DBMS products incorporate aspects of the object-oriented paradigm, data base administrators must tackle the unique security considerations of these systems and understand the emerging security model.
INTRODUCTION
Object-oriented (OO) programming languages and OO analysis and design techniques influence data base systems design and development. The inevitable result is the object-oriented data base management system (OODBMS).
Many of the established data base vendors are incorporating OO concepts into their products in an effort to facilitate data base design and development in the increasingly OO world of distributed processing. In addition to improving the process of data base design and administration, the incorporation of OO principles offers new tools for securing the information stored in the data base. This article explains the basics of data base security, the differences between securing relational and object-oriented systems, and some specific issues related to the security of next-generation OODBMSs.
BASICS OF DATA BASE SECURITY
Data base security is primarily concerned with the secrecy of data. Secrecy means protecting a data base from unauthorized access by users and software applications.
Secrecy, in the context of data base security, includes a variety of threats incurred through unauthorized access. These threats range from the intentional theft or destruction of data to the acquisition of information through more subtle measures, such as inference. There are three generally accepted categories of secrecy-related problems in data base systems:
Discretionary vs. Mandatory Access Control Policies
Both traditional relational data base management system (RDBMS) security models and OO data base models make use of two general types of access control policies to protect the information in multilevel systems. The first of these policies is the discretionary policy. In the discretionary access control (DAC) policy, access is restricted based on the authorizations granted to the user.
The mandatory access control (MAC) policy secures information by assigning sensitivity levels, or labels, to data entities. MAC policies are generally more secure than DAC policies and they are used in systems in which security is critical, such as military applications. However, the price that is usually paid for this tightened security is reduced performance of the data base management system. Most MAC policies also incorporte DAC measures as well.
SECURING A RDBMS VS. OODBMS: KNOW THE DIFFERENCES
The development of secure models for OODBMSs has obviously followed on the heels of the development of the data bases themselves. The theories that are currently being researched and implemented in the security of OO data bases are also influenced heavily by the work that has been conducted on secure relational data base management systems.
Relational DBMS Security
The principal methods of security in traditional RDBMSs are through the appropriate use and manipulation of views and the structured query language (SQL) GRANT and REVOKE statements. These measures are reasonably effective because of their mathematical foundation in relational algebra and relational calculus.
Previous | Table of Contents | Next |