An Authorization Model for Object-Oriented Databases and Its Efficient Access Control
スポンサーリンク
概要
- 論文の詳細を見る
Access control is a key technology for providing data security in database management systems(DBMSs). Recently, various authorization models for object-oriented databases(OODBs)have been proposed since authorization models for relational databases are insufficient for OODBs because of the characteristics of OODBs, such as class hierarchies, inheritance, and encapsulation. Generally, an authorization is modeled as a set of rigtts, where a right consists of at least three components, s, o, t and means that subject s is authorized to perform operation t on object o. In specifying authorizations implicitly, inference rules are useful for deriving rights along the class hierarchies on subjects, objects, and operations. An access request req=(s, o, t)is permitted if a right corresponding to req is given explicitly or implicitly. In this paper, we define an authorization model independent of any specific database schemas and authorization policies, and also define an authorization specification language which is powerful enough to specify authorization policies proposed in the literature. Furthermore, we propose an efficient access control method for an authorization specified by the proposed language, and evaluate the proposed method by simulation.
- 社団法人電子情報通信学会の論文
- 1998-06-25
著者
-
ITO Minoru
Graduate School of Information Science, Nara Institute of Science and Technology (NAIST)
-
Ito M
Nara Inst. Sci. And Technol. Nara Jpn
-
Ishihara Y
Osaka Univ. Toyonaka‐shi Jpn
-
Seki H
Graduate School Of Information Science Nara Institute Of Science And Technology
-
MORITA Toshiyuki
Graduate School of Information Science, Nara Institute of Science and Technology
-
SEKI Hiroyuki
Graduate School of Information Science, Nara Institute of Science and Technology
-
ISIHARA Yasunori
Graduate School of Information Science, Nara Institute of Science and Technology
-
Seki Hiroyuki
Graduate School Of Information Science Nara Institute Of Science And Technology
-
Ito Minoru
Graduate School Of Information Science Nara Institute Of Science And Technology (naist)
-
Morita Toshiyuki
Graduate School Of Information Science Nara Institute Of Science And Technology
-
Ito Minoru
Graduate School Of Information Science Nara Institute Of Science And Technology
関連論文
- Two-layer distributed service placement method on mobile ad-hoc networks (モバイルコンピューティングとユビキタス通信)
- HDAR: Highly Distributed Adaptive Service Replication for MANETs
- Computational Complexity of Finding Meaningful Association Rules
- Implication Problems for Specialization Constraints on Databases Supporting Complex Objects
- Computational Complexity of Finding Highly Co-occurrent Itemsets in Market Basket Databases
- An Approximation Algorithm for the Task-Coalition Assignment Problem
- A Formal Approach to Detecting Security Flaws in Object-Oriented Databases (Special Issue on New Generation Database Technologies)
- An Authorization Model for Object-Oriented Databases and Its Efficient Access Control
- Assignment of Data Types to Words in a Natural Language Specification
- Implementation of Natural Language Specifications of Communication Protocols by Executable Specifications
- A Translation Method from Natural Language Specifications of Communication Protocols into Algebraic Specifications Using Contextual Dependencies
- Complexity of the Type-Consistency Problem for Acyclic Object-Oriented Database Schemas
- RNA Pseudoknotted Structure Prediction Using Stochastic Multiple Context-Free Grammar
- On the Generative Power of Grammars for RNA Secondary Structure(Foundations of Computer Science)
- RIGHT-LINEAR FINITE PATH OVERLAPPING REWRITE SYSTEMS EFFECTIVELY PRESERVE RECOGNIZABILITY
- A Polynomial Time Learning Algorithm for Recognizable Series
- Layered Transducing Term Rewriting System and Its Recognizability Preserving Property (Special Issue on Selected Papers from LA Symposium)
- Termination Property of Inverse Finite Path Overlapping Term Rewriting System is Decidable
- A Polynomial-Time Recognizable Subclass of Lexical-Functional Grammars
- A Note on Inadequacy of the Model for Learning from Queries
- Finite State Translation Systems and Parallel Multiple Context-Free Grammars
- The Universal Recognition Problems for Multiple Context-Free Grammars and for Linear Context-Free Rewriting Systems
- A Personal Navigation System with Functions to Compose Tour Schedules Based on Multiple Conflicting Criteria(Selected Papers from ICMU 2005(Second International Conference on Mobile Computing and Ubiquitous Networking))
- HDAR : Highly Distributed Adaptive Service Replication for MANETs
- A Labeled Transition Model A-LTS for History-Based Aspect Weaving and Its Expressive Power
- New certificate chain discovery methods for trust establishment in ad hoc networks and their evaluation (特集:次世代社会基盤をもたらす高度交通システムとモバイル通信システム)
- Policy Controlled System and Its Model Checking
- Decidability of the Security Verification Problem for Programs with Stack Inspection
- Tree Automaton with Tree Memory
- Probabilistic Coverage Methods in People-Centric Sensing
- Static Analysis for k-secrecy against Inference Attacks
- Specialization Constraints for a Complex Object Model Supporting Selective Inheritance
- An Efficient Method for Optimal Probe Deployment of Distributed IDS(Dependable Computing)
- A Reinforcement Learning Method with the Inference of the Other Agent's Policy for 2-Player Stochastic Games
- RNA Pseudoknotted Structure Prediction Using Stochastic Multiple Context-Free Grammar
- Deciding Schema k-Secrecy for XML Databases
- A Personal Navigation System with Functions to Compose Tour Schedules Based on Multiple Conflicting Criteria
- A Personal Navigation System with Functions to Compose Tour Schedules Based on Multiple Conflicting Criteria
- Probabilistic Coverage Methods in People-Centric Sensing
- A Static Analysis using Tree Automata for XML Access Control
- New Certificate Chain Discovery Methods for Trust Establishment in Ad Hoc Networks and Their Evaluation
- New Certificate Chain Discovery Methods for Trust Establishment in Ad Hoc Networks and Their Evaluation
- Runtime Control of a Program based on Quantitative Information Flow