Security Models for ObjectOriented DBMS (Models to secure OODBMS)MuhammadAwaisComputer Science DepartmentVirtual university ofAbstract—Aim of this document is to provide an completeoverview of object oriented database security like RDBMS it is very muchnecessary to also define the methods that secure the OODBMS in better way sothis paper will show that methods that are uses by RDBMS and then show the newmethods for OODBMS how that help to secure the OODBMS. I. Introduction Object oriented feature are gettingvery famous now a days like other object oriented analysis and object orientedprogramming also influence the database are in system design and developmentafter the using the feature of object oriented Database management system become OODBMS. The impact of the OODBMS are positive so that’sway database vendor of database are adding up the OO feature in the design anddevelopment in products to make more efficient distributed processing. As OOfeatures addition new tools offer to for the security of the database.
Thisterm paper will explain the security of the OODBMS. II. Security of the Database The security of the database is very much essential which mean is if theany unauthorized user and application access the database then it will be notable to access the dataDiscretionaryAccess control vs.
Mandatory Access control PoliciesProtect the information in multilevel system bothtraditional rational database management system (RDBMS) and object orienteddatabase management system (OODBMS) use mostly two type of policies which arediscretionary access control and mandatory access control policies. A. Discretionary Access controlDAC is implemented in most of the operatingsystems and most of us are familiar with it. in this Policy the owner handle theaccess of the objects means the authorization provided by the owner of anobject to its user to access that object. Let clear this with an example if theinformation of an object is copied to another object then the informationcannot be accessed until the access is not granted to original object from theinformation is copied. B. Mandatory Access control Policies MAC policy is more reliable than the DAC policies in which theinformation is secure by assigning the levels and label to database entities.
Asystem policy defined which allow to have access to the object single usercannot modify or change the access. That are the major concern of the military. Difference between securing a RDBMSand OODBMSThere are many researches are under going tosecure the Object oriented database which are mostly getting the help fromRational DBM security models.
RDBMS secure by the methods ofappropriate views and GRANT and REVOKE statement these are the effectivemethods for just because of relational algebra and relational calculus. First we will discuss security modelof RDBMS further we will discuss security model in OORBMS III. Relational DBMS SecurityA. View Base access control in RDBMS.
For the unauthorized users it is must the user cannotaccess the database without authorization for that view allow that toconceptually divide the database into pieces so that important and sensitivedata will not available for the unauthorized users. View have very strongmechanism for the authorization. A user who create the View are said to beowner of the view and can drop the view also but this user cannot perform allthe privileges.
If a user not have the permission then information cannot willbe not available. Let we create a view Computer_dept to clarify thesituation CreateView Computer_dept As Select Name, Salary, Supervisor From Employee Where Dept =’Computer science’ A user cannot get the information from the viewuntil that user have not permission to retrieve information from view. Viewshave very power full mechanism for information retrieval. Figure 1: Working of View B. Privileges. Viewsare included in SQL languages and other database managers so view are not solemechanism for RDMS security. GRANT and Revoke are the very strong statementsthat grant privilege’s and revoke them as per on need.· GRANT STATEMENT The owner of a relation can grant oneor more privileges to the other user that can be done with the GRANT or withoutGRANT option.
If the user is Granted the without GRANT option then then user will not able to pass the GRANTthe authorization to other user. If the user granted with GRANT option thenuser can pass the GRANT to further users so unauthorized users are able to accessthe same information. The General format for GRANT option isGRANT privilege ON object TO {user_name | PUBLIC | role_name} WITH GRANT OPTION; · REVOKE STATEMENT REVOKE statement working andfunctionality are similar to GRANT statement but the result of this statementis opposite to the GRANT Statement. There are many characteristics of REVOKEstatement but one of the main is REVOKE statement has Cascading effects. When auser REVOKE of previously granted right the all the users rights are REVOKED thathave been provide access by the originators. The General format for REVOKE optionis REVOKE privilegeON object FROM {user_name | PUBLIC | role_name} Figure 2 Roles assignment overviewC. Other Relational Security Mechanisms Despite the fact that viewsand GRANT/REVOKE statements are essentially the most generally used safetymeasures in normal RDBMSs, they are not the one mechanisms integrated in mostsafety techniques making use of the relational model. A further securityprocedure used with ordinary relational data base managers, which is similar toprovide/REVOKE statements, is the usage of query modification Most relational information base administrationsystems additionally rely on the protection measures present in the workingsystem of the host computer.
Common RDMBSs reminiscent of DB2 work closely withthe operating method to make certain that the information base protectionapproach will not be circumvented via permitting access to data via the runningprocedure. Nevertheless, many running methods provide inadequate security. Furthermore, when you consider that of the portability of many newer Data baseapplications, the safety of the running procedure will have to now not beassumed to be sufficient for the security of the wealth of understanding in aninformation base. D. MAC Methods for OODBMS Security.
Dr. Bhavani Thuraisingham of MITRE Corp. proposedin 1989 a MAC policy called SORION.
This mannequin extends the ORION mannequinto encompass necessary entry manage. The model specifies subjects, objects, andaccess modes inside the method, and it assigns safety/sensitivity levels toeach and every entity. Exact houses regulate the venture of the sensitivitystages to each and every of the subjects, objects, and entry modes. So as toachieve access to the example variables and methods in the objects, distincthomes which might be headquartered on the quite a lot of sensitivity phasesmust be convinced. A identical strategy has been proposed within theMillen-Lunt model.
This model, developed by means of Jonathan okay. Millen ofMITRE Corp. And Teresa Lunt of SRI/DARPA (security developed study tasksagency), also uses the project of sensitivity levels to the objects, subjects, and access modes inside the info base.
In the Millen-Lunt mannequin, the housesthat keep watch over the access to the Data are designated as axioms within themannequin. This model extra makes an attempt to categories expertise accordingto three one-of-a-kind cases:• the information itself is labeled.• The existence of the information is categorized.• The cause for classifying the understanding canbe categorized. These three classifications widely cover thespecifics of the objects to be secured within the information base; nevertheless, the classification approach additionally commonly raises thecomplexity of the procedure. E.
The SODA Model. Dr. Thomas F. Keefe of Penn State proposes a model called Secure Object OrientedBase (SODA). The SODA model was once one of the crucial first items to handlethe certain principles within the object oriented paradigm. It’s probably usedas a regular illustration of comfortable object-oriented items from which otheritems are when put next. TheSODA model complies with MAC properties and is done in a multilevel protectionapproach.
SODA assigns classification stages to the information via the use ofinheritance. Nevertheless, multiple inheritance shouldn’t be supported withinthe SODA model. Likeother models SODA assigns security level to subjects in the method andsensitivity level to objects. The security subjects are checked against thesensitivity degree of the information before entry is allowed to make sure thatclassification of security are correct or not. Polyinstantiation. Notlike many current OO models, SODA permits using polyinstantiation as an optionto the multiparty replace clash. This obstacle arises when users with differentsecurity phases attempt to use the equal expertise.
The sort of clearances andsensitivities in a secure Data base procedure influence in conflicts betweenthe objects that can be accessed and modified with the aid of the customers. Via the use of polyinstantiation, Data is located in more than one vicinity, frequently with extraordinary security stages. Absolutely, the more touchy Datais neglected from the situations with lower safety stages. Despitethe fact that polyinstantiation solves the multiparty replace conflictobstacle, it raises a potentially higher problem in the type of making certainthe integrity of the info inside the database.
Without some method of at thesame time updating all occurrences of the data in the Data base, the integrityof the information speedily disappears. In essence, the method turns into acollection of a couple of specific information base systems, each with itspossess data. F. Data-Hiding Model. One other relaxed model thatuses authorizations to execute approaches has been offered by using JoelRichardson. This model has some similarity to the information-hidingmannequin’s use of furnish/REVOKE-kind statements.
The creator of an object canspecify which customers may just execute the methods within the item. A ultimate authorization-elegant mannequin risingfrom OODBMS security research has been proposed by means of Dr. Eduardo B. Fernandezof Florida Atlantic school.
On this model the authorizations are divided intoconstructive and poor authorizations. The Fernandez mannequin additionallymakes it possible for the construction of recent authorizations from these atthe start precise by means of the user use through the semantic relationships in the Database. Dr. Naftaly H. Minsky of Rutgers University hasdeveloped a model that limits unrestricted entry to things by means of theusage of a view mechanism just like that used in ordinary relational systemsinformation base management systems. Minsky’s notion is to furnish more thanone interfaces to the objects within the info base. The mannequin entails alist of legal guidelines, or rules, that govern the entry constraints to the objects. The legal guidelines within the info base specify which moves must be taken viathe process when a message is distributed from one object to one more.
Theprocess could allow the message to proceed unaltered, block the sending of themessage, send the message to a further object, or ship yet another message tothe meant object. Despite the fact that the discretionary entrycontrol models do furnish varying levels of security for the information insidethe info base, not one of the DAC units with no trouble addresses the quandaryof the authorizations supplied to customers. A better degree of safety inside acomfortable object-oriented Data base model is provided via the usage ofobligatory access control.
Figure 3: Data Hiding Model ConclusionWedescribe the security models with respect the RDBMS and then further extentthat to define the security models for OODBS and show with the help of examplehow these methods help to secure the OODBMS. Rferences THUR88cThuraisingham M. B.
, “ Foundations ofMultilevelDatabases”, Presented at the 1st RADCDatabaseSecurity Invitational Workshop, Menlo Park, CA, May 1988. THUR89cThuraisingham M. B., “ Recent Developments in Database Security”, Tutorial Proceedingsof the (IEEE) COMPSAC Conference, Orlando, FL, September 1989. WOEL861 Woelk D. et al.
, “ An Object-orientedApproach to Multimedia Databases”, Proceedings of the ACM Sigmod Conference, 1986. ROUG87Rougeau P. and Stearns, “ The Sybase SecureDatabaseServer”, A Solution to the Multilevel SecureDBMSProblem”, Proceedings of the 10th NationalComputerSecurity Conference, Baltimore, MD, October 1987.