Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Towards a configurable security architecture
Olivier M. Data Engineering38 (2):121-145,2001.Type:Article
Date Reviewed: Apr 17 2002

The author proposes separating the security properties of protection objects (called “entities” in this paper) in the form of “security labels.” These labels can then be used through a proposed architecture to enforce security constraints, independently from the data processing part of the system. This separation provides flexibility for configuring and modifying the security policies of a system. The idea is well developed, including notes on its use in implementing access control, flow control, authorization, and role-based access control. The architecture has been implemented and appears reasonably efficient.

This approach uses the principle of separation of authorization from processing aspects. This principle is not new; it was already used in Lang et al. [1], where a separate module was in charge of the authorization functions of a database system. However, its use here is quite different: it is applied to the security model, not to its software implementation as in Lang et al. [1].

A problem with this approach is that since it is defined at a high level, it needs a way to assure that the lower levels actually enforce the security constraints. If a user can access any of the lower levels directly, these constraints may be bypassed. This aspect is not discussed in the paper.

Overall, the paper is well written, and presents an interesting and well-justified security architecture. It is valuable reading for anybody interested in security models and architectures.
Reviewer:  E. B. Fernandez Review #: CR125813 (0204-0223)
1) Lang, T.; Fernandez, E.B.; and Summers R. A system architecture for compile-time actions in databases. Proceedings of the ACM 1977 Annual Conference, 453-462, October 1977.
1) Lang, T.; Fernandez, E.B.; and Summers R. A system architecture for compile-time actions in databases. Proceedings of the ACM 1977 Annual Conference, 453-462, October 1977 .
Bookmark and Share
  Featured Reviewer  
 
Security, Integrity, And Protection (H.2.7 ... )
 
 
Security and Protection (D.4.6 )
 
 
Management Of Computing And Information Systems (K.6 )
 
Would you recommend this review?
yes
no
Other reviews under "Security, Integrity, And Protection": Date
Security of random data perturbation methods
Muralidhar K., Sarathy R. ACM Transactions on Database Systems 24(4): 487-493, 1999. Type: Article		 Apr 1 2000
A propositional policy algebra for access control
Wijesekera D., Jajodia S. ACM Transactions on Information and System Security 6(2): 286-325, 2003. Type: Article		 May 29 2003
Perturbing nonnormal confidential attributes: the copula approach
Sarathy R., Muralidhar K., Parsa R. Management Science 48(12): 1613-1627, 2002. Type: Article		 Jul 2 2003
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy