Discretionary Security for Object-Oriented Database Systems
Abstract
The discretionary access controls in today's computer systems are designed to enforce a specific access control policy. An application whose access control policies do not easily match the policy that is wired into the system is forced to work around that wired-in policy. As a result, the application itself must enforce discretionary security and cannot make use of the assurances of the computer system's discretionary access controls. This report presents a flexible approach to discretionary access control that allows the implementation of arbitrary access control policies. The generality of the approach allows a user to implement a discretionary access control policy that is tailored to an application, rather than having to work around a specific policy that is wired into the computer system. The report focuses on discretionary controls for object-oriented systems. Object-oriented systems are an emerging technology of great import for applications in business, industry, and the military. Many of these applications must share information among users with different needs and authorizations. The specific access rules desired will vary from application to application. Thus, a flexible approach to discretionary access control for such systems is proposed.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 1991
- Accession Number
- ADA237573
Entities
People
- Teresa F. Lung
Organizations
- Calspan-University of Buffalo Research Center