Security Management Through Overloading Views

The model of overloading views is a facility allowing the programmer to separate some kinds of crosscutting concerns that occur during design, implementation and maintenance of database applications. In this paper we show how it can be used to manage data security. The model is based on updateable object views built within the stack-based approach to objectoriented query languages. After inserting the overloading view on top of the given population of objects all references to the objects come via the view. Thus the view can implement additional security semantics independently on the object implementation. Views allow one to add such new semantic to all the operations (retrieve, insert, update, delete) that can be performed on the objects. In our model overloading views are named encapsulated database entities that can be dynamically inserted, modified or deleted. Because virtual objects delivered by an overloading view are not distinguishable from stored objects, the overloading views model allows one to form a chain of views, where each next view adds new semantics (a specific concern) to the semantics introduces by the object implementation and previous views. In this way any new security requirement can be implemented independently from other requirements.