In this paper, we address security in object-oriented database systems for multilevel secure environments. Such an environment consists of users cleared to various security levels, accessing information labeled with v...
详细信息
In this paper, we address security in object-oriented database systems for multilevel secure environments. Such an environment consists of users cleared to various security levels, accessing information labeled with varying classifications. Our purpose is three-fold. First, we show how security can be naturally incorporated into the object model of computing so as to form a foundation for building multilevel secure object-oriented database management systems. Next, we show how such an abstract security model can be realized under a cost-effective, viable, and popular security architecture. Finally, we give security arguments based on trusted subjects and a formal proof to demonstrate the confidentiality of our architecture and approach. A notable feature of our solution is the support for secure synchronous write-up operations. This is useful when low level users want to send information to higher level users. In the object-oriented context, this is naturally modeled and efficiently accomplished through write-up messages sent by low level subjects. However, such write-up messages can pose confidentiality leaks (through timing and signaling channels) if the timing of the receipt and processing of the messages is observable to lower level senders. Such covert channels are a formidable obstacle in building high-assurance secure systems. Further, solutions to problems such as these have been known to involve various tradeoffs between confidentiality, integrity, and performance. We present a concurrent computation model that closes such channels while preserving the conflicting goals of confidentiality, integrity, and performance. Finally, we give a confidentiality proof for a trusted subject architecture and implementation and demonstrate that the trusted subject (process) cannot leak information in violation of multilevel security.
object-oriented databases (OODB) have received considerable attention in recent years. Their performance is a critical factor hindering their current use. Several indexing schemes have been proposed in the literature ...
详细信息
object-oriented databases (OODB) have received considerable attention in recent years. Their performance is a critical factor hindering their current use. Several indexing schemes have been proposed in the literature for enhancing OODB performance and they are briefly reviewed here. In this paper a new and uniform indexing scheme is proposed. This scheme is based on a single B-tree and combines both the hierarchical and nested indexing schemes. The uniformity of this scheme enables compact and optimized code for dealing with a large range of queries on the one hand, and flexibility in adding and removing indexed paths on the other hand. The performance of the scheme is discussed and an extensive experimental analysis for the class-hierarchy case is presented. The results show the advantages of the scheme for small range, clustered sets queries. (C) 1997 Elsevier Science Ltd.
This article focuses on the bottom-up design approach used for software development. As top-down design approaches give database designers little guidance with transforming a conceptual model into an active object-ori...
详细信息
This article focuses on the bottom-up design approach used for software development. As top-down design approaches give database designers little guidance with transforming a conceptual model into an active object-oriented database schema. A bottom-up design approach may provide a better perspective. Using this approach to Active object-oriented databases (AOODB) two subtasks are needed, specifying application classes, and identifying business policies, which are generally spread over different classes. This approach enhance sequential message passing, so interactions are specifiable in a concurrent object-oriented (OO) environment based on multiple threads of control. Although such interaction mechanisms are built-in primitives in some concurrent OO systems, they must usually be defined by programmers. Two interaction rule patterns are, the abstraction from a single application-specific rule to a primitive rule pattern, and a composite rule pattern abstracting from more than one rule. To successfully apply rule patterns, they must include a proper design and development tool.
This paper introduces the Knowhow-Bearing objects (KBO) model. KBO objects have both a data and a behavioural side. This allows us to treat behaviours as objects, so that a database approach can be taken to manage the...
详细信息
This paper introduces the Knowhow-Bearing objects (KBO) model. KBO objects have both a data and a behavioural side. This allows us to treat behaviours as objects, so that a database approach can be taken to manage these objects. In particular, we are able to model different kinds of behaviour invocation and to use a database query language to manipulate and query persistent behaviour collections. Examples of complex query construction using an object algebra are given.
The paper gives a brief explanation of the important aspects of object-oriented databases. It summarizes the expected benefits of the application of the object-oriented approach to data manipulation. Two contrasting a...
详细信息
The paper gives a brief explanation of the important aspects of object-oriented databases. It summarizes the expected benefits of the application of the object-oriented approach to data manipulation. Two contrasting approaches to implementation are described. Areas that need investigating to increase the acceptance of object-oriented databases are outlined.
The focus of this article is the transformation of conceptual data models (such as ER, NIAM and PSM) to object-oriented databases. This transformation is captured within the framework of a two-level architecture. Conc...
详细信息
The focus of this article is the transformation of conceptual data models (such as ER, NIAM and PSM) to object-oriented databases. This transformation is captured within the framework of a two-level architecture. Conceptual models are first mapped to abstract intermediate specifications, which are then transformed to database schemas in a given object-oriented database environment. This enables us to treat different target systems in a uniform way. As final implementation environments, we consider object-oriented as well as object-relational DBMSs, including the SQL3 and ODMG-93 standards. We do not reveal the specific details of these standards. Rather, we use intermediate representations expressed in F-logic, a logic-based abstract specification language for object-oriented systems. Several transformation alternatives are discussed in a formal context, resulting in a collection of design options. (C) 1998 Elsevier Science B.V.
In this paper, we employ the view model given by Bertino to design a secure multi-level object-oriented database system. The central idea is to provide users with multi-level views derived from a single-level secure o...
详细信息
In this paper, we employ the view model given by Bertino to design a secure multi-level object-oriented database system. The central idea is to provide users with multi-level views derived from a single-level secure object-oriented database. The database operations performed on multi-level views are decomposed into a set of operations on single-level objects which can be implemented on any conventional mandatory security kernel. We show that this approach allows us to overcome the difficulties of handling content and context dependent classification, dynamic classification and aggregation and inference problems in multi-level object-oriented databases.
The method invocation mechanism is one of the essential Features in object-oriented programming languages. This mechanism contributes to data encapsulation and code reuse, but there is a risk of a run-time type error....
详细信息
The method invocation mechanism is one of the essential Features in object-oriented programming languages. This mechanism contributes to data encapsulation and code reuse, but there is a risk of a run-time type error. In the case of object-oriented databases (OODBs), a run-time error causes rollback. Therefore, it is desirable to ensure that a given OODB schema is consistent;i.e., no run-time type error occurs during the execution of queries under any database instance of the OODB schema. This paper discusses the computational complexity of the type-consistency problem. As a model of OODB schemas, we adopt update schemas introduced by R. Hull cr rrl.. which have all of the basic features of OODBs such as class hierarchy. inheritance. and complex objects. Fur several subclasses of update schemas, the complexity of the type-consistency problem is presented. Importantly, it turns out that nonflatness of the class hierarchy, recursion in the queries:, and update operations in the queries each make the problem difficult. (C) 2001 Academic Press.
Signature technique that is proposed for multikey indexing is used for flexible searching in the area of databases. In this article, we present a new signature technique called Virtual Path Signature for supporting qu...
详细信息
Signature technique that is proposed for multikey indexing is used for flexible searching in the area of databases. In this article, we present a new signature technique called Virtual Path Signature for supporting query processing of aggregation hierarchy as a tree in object-oriented databases (OODBs). We derive cost formulas for its storage overhead as well as the retrieval cost. Comparing with the Tree Signature Scheme, the Virtual Path Signature shows significant improvement in the retrieval operation, especially when the target distance between the target class and the predicate class is high. (C) 2004 Wiley Periodicals, Inc.
The object-oriented approach is being used in several areas of computing, including programming, databases, computer-aided design, and office information systems. The paper is a tutorial introduction to object-oriente...
详细信息
The object-oriented approach is being used in several areas of computing, including programming, databases, computer-aided design, and office information systems. The paper is a tutorial introduction to object-oriented databases, which is a new application in this field, although object-oriented programming has been under development since the late 1960s. The paper describes the background to object-oriented databases and outlines the rationale for this approach. It concludes with a possible application, in this case a cartographic database, explaining why the object-oriented approach is more appropriate to this application than traditional database approaches, such as the relational approach.
暂无评论