Authorization Analysis of Queries in Object-Oriented Databases

A simple model for method-based authorization is defined and an algorithm is presented for testing in compile-time whether a given database schema violates authorizations. As an underlying model of method execution, we adopt the model proposed by Hull et al.; a database schema consists of a class hierarchy, attribute declarations and method definitions. A method body is simply a sequence of statements. There are three types of statements: an access to an attribute of the self object, a method invocation, and a built-in operation on basic values. Authorizations are represented as a pair of finite sets: AUTH = AUTHm AUTHs , AUTHm = ( 1 1 1 1) ( 2 2 2 2) . . . ( ) , AUTHs = ( 1 1 1) ( 2 2 2) . . . ( ) where is a subject (user, process), , are classes and , are method names. Given a database schema S, a subject and a set of authorizations AUTH, we say that (S ) is valid with respect to AUTH, if, whenever a method invoked by on an object of a class is directly invoking a method on an object of a class , ( ) belongs to AUTHs or ( ) belongs to AUTHm. In this paper we show that if one of the following conditions holds, then it can be decided in polynomial time whether (S ) is valid with respect to AUTH. 1. S is a retrieval schema, that is, does not contain any statement which updates an attribute. 2. S is a non-branching update schema, which permits updates in a restricted way, and a database instance is acyclic.