Handbook of Information Security Management:Application Program Security

Previous Table of Contents Next


Chapter 7-1-2
Security Models for Object-Oriented Data Bases

James Cannady

Object-oriented (OO) methods are a significant development in the management of distributed data. Data base design is influenced to an ever-greater degree by OO principles. As more DBMS products incorporate aspects of the object-oriented paradigm, data base administrators must tackle the unique security considerations of these systems and understand the emerging security model.

INTRODUCTION

Object-oriented (OO) programming languages and OO analysis and design techniques influence data base systems design and development. The inevitable result is the object-oriented data base management system (OODBMS).

Many of the established data base vendors are incorporating OO concepts into their products in an effort to facilitate data base design and development in the increasingly OO world of distributed processing. In addition to improving the process of data base design and administration, the incorporation of OO principles offers new tools for securing the information stored in the data base. This article explains the basics of data base security, the differences between securing relational and object-oriented systems, and some specific issues related to the security of next-generation OODBMSs.

BASICS OF DATA BASE SECURITY

Data base security is primarily concerned with the secrecy of data. Secrecy means protecting a data base from unauthorized access by users and software applications.

Secrecy, in the context of data base security, includes a variety of threats incurred through unauthorized access. These threats range from the intentional theft or destruction of data to the acquisition of information through more subtle measures, such as inference. There are three generally accepted categories of secrecy-related problems in data base systems:

1.  The improper release of information from reading data that was intentionally or accidentally accessed by unauthorized users. Securing data bases from unauthorized access is more difficult than controlling access to files managed by operating systems. This problem arises from the finer granularity that is used by data bases when handling files, attributes, and values. This type of problem also includes the violations to secrecy that result from the problem of inference, which is the deduction of unauthorized information from the observation of authorized information. Inference is one of the most difficult factors to control in any attempts to secure data. Because the information in a data base is semantically related, it is possible to determine the value of an attribute without accessing it directly. Inference problems are most serious in statistical data bases where users can trace back information on individual entities from the statistical aggregated data.
2.  The improper modification of data. This threat includes violations of the security of data through mishandling and modifications by unauthorized users. These violations can result from errors, viruses, sabotage, or failures in the data that arise from access by unauthorized users.
3.  Denial-of-service threats. Actions that could prevent users from using system resources or accessing data are among the most serious. This threat has been demonstrated to a significant degree recently with the SYN flooding attacks against network service providers.

Discretionary vs. Mandatory Access Control Policies

Both traditional relational data base management system (RDBMS) security models and OO data base models make use of two general types of access control policies to protect the information in multilevel systems. The first of these policies is the discretionary policy. In the discretionary access control (DAC) policy, access is restricted based on the authorizations granted to the user.

The mandatory access control (MAC) policy secures information by assigning sensitivity levels, or labels, to data entities. MAC policies are generally more secure than DAC policies and they are used in systems in which security is critical, such as military applications. However, the price that is usually paid for this tightened security is reduced performance of the data base management system. Most MAC policies also incorporte DAC measures as well.

SECURING A RDBMS VS. OODBMS: KNOW THE DIFFERENCES

The development of secure models for OODBMSs has obviously followed on the heels of the development of the data bases themselves. The theories that are currently being researched and implemented in the security of OO data bases are also influenced heavily by the work that has been conducted on secure relational data base management systems.

Relational DBMS Security

The principal methods of security in traditional RDBMSs are through the appropriate use and manipulation of views and the structured query language (SQL) GRANT and REVOKE statements. These measures are reasonably effective because of their mathematical foundation in relational algebra and relational calculus.


Previous Table of Contents Next


-->
The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.