Degree Name

Doctor of Philosophy


Department of Computer Science


In a multi-user environment with a large shared database, it is necessary that the security of data in the database is considered. To enforce security of data in a database, we start with an access control model. The model defines which users have what privileges to which information. There are three different types of access control policies: discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC). A discretionary access control specifies users' privileges to different system resources, including their ability to transfer their privileges to other users. In a mandatory access control, the access of data by users is based on authorized security clearance levels. MAC policies are of concern in multi-level databases, which are databases that contain information of different security levels. A role-based access control manages access to data based on a user's responsibility within an organization. Each role has an associated collection of privileges. This collection is automatically transferred to a subject who plays the role.

Most of the current access control models in database systems are developed for relational databases. Since the object-oriented database (OODB) model differs substantially from the relational model, results obtained for relational databases as well as models proposed for relational databases are not necessarily applicable to OODB systems. Amongst other issues, inheritance and the encapsulation of methods in the database information pose challenges in designing new authorization models for OODB systems. It is therefore necessary to extend the research on secure databases to include the O-O model. This thesis presents a study of security in OODB systems. Access control protection forms a substantial component of this work.

Principles from the O-O model are used to express rules for computing implicit privileges from explicit ones. It requires an efficient mechanism which evaluates implicit rights each time an access IS requested. A cryptographic mechanism which is based on unique and secure access keys for each entity (object or class) is proposed. The proposal ensures that access keys for implicit authorizations were derived from related entities by applying pseudo-random and SIFF functions during query processing. The security of the system is based on the difficulty of predicting the output of pseudo-random functions and finding extra collisions for SIFF functions. Both are known to be computationally difficult.

Another major requirement for the access control model is the implementation of content-dependent authorization. The content-dependent authorization incorporates the value of attributes in the access control model. The accessible data are determined by checking the requested attributes. A content-dependent access control model based on views is proposed. Rules for computing an implicit authorization from the explicit ones are also formulated.

Finally, a new design approach for a secure multi-level OODB system based on views is proposed. The central idea is to provide the user with a multi-level view derived from a single-level secure OODB system. Hence the database operations performed on the multi-level views are decomposed into a set of operations on the single-level objects. They can then be implemented on any conventional mandatory security kernel.


pp. 15-31 missing from original hardcopies of this thesis