A Formal Approach to Detecting Security Flaws in Object-Oriented Databases
نویسنده
چکیده
Detecting security aws is important in order to keep the database secure. A security aw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security aws can occur under the authorization. The main aim of this paper is to show an e cient decision algorithm for detecting a security aw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of nding a maximal subset of a given authorization under which no security aw exists. key words: object-oriented database, authorization, security aw, term rewriting system
منابع مشابه
A formal approach to implement access control models
Access control software must be based on a security policy model. Flaws in them may come from a lack of precision or some incoherences in the policy model or from inconsistencies between the model and the code. In this paper, we present a formalisation of access control models, based on the algebra of security models introduced by J.McLean [10], together with a description of its implementation...
متن کاملDetecting Design Flaws via Metrics in Object-Oriented Systems
The industry is nowadays confronted with large-scale monolithic and inflexible object-oriented software. Because of their high business value, these legacy systems must be reengineered. One of the important issues in reengineering is the detection and location of the design flaws, which prevent an efficient maintenance and further development of the system. In this paper we present a metrics-ba...
متن کاملModeling and Evaluation of Stochastic Discrete-Event Systems with RayLang Formalism
In recent years, formal methods have been used as an important tool for performance evaluation and verification of a wide range of systems. In the view points of engineers and practitioners, however, there are still some major difficulties in using formal methods. In this paper, we introduce a new formal modeling language to fill the gaps between object-oriented programming languages (OOPLs) us...
متن کاملModeling and Evaluation of Stochastic Discrete-Event Systems with RayLang Formalism
In recent years, formal methods have been used as an important tool for performance evaluation and verification of a wide range of systems. In the view points of engineers and practitioners, however, there are still some major difficulties in using formal methods. In this paper, we introduce a new formal modeling language to fill the gaps between object-oriented programming languages (OOPLs) us...
متن کاملSchema Refinement and Schema Integration in Object-oriented Databases Schema Reenement and Schema Integration in Object-oriented Databases
This report presents a formal approach to support schema integration in object-oriented databases. The basis of the approach is a synthetic subclass order to compare classes. Classes are integrated in a natural way using a join operator w.r.t. the subclass order. In contrast with existing literature, our subclass order compares classes not only by their attributes, but also by the behaviour of ...
متن کامل