By Topic

Controlling aggregation in distributed object systems: a graph-based approach

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Z. Tari ; Sch. of Comput. Sci. & Inf. Technol., R. Melbourne Inst. of Technol., Vic., Australia ; A. Fry

The Distributed Object Kernel is a federated database system providing a set of services which allow cooperative processing across different databases. The focus of this paper is the design of a DOK security service that provides for enforcing both local security policies, related to the security of local autonomous databases, and federated security policies, governing access to data aggregates composed of data from multiple distributed databases. We propose Global Access Control, an extended access control mechanism enabling a uniform expression of heterogeneous security information. Mappings from existing Mandatory and Discretionary Access Controls are described. To permit the control of data aggregation, the derivation of unauthorized information from authorized data, our security framework provides a logic-based language, the Federated Logic Language (FELL), which can describe constraints on both single and multiple states of the federation. To enforce constraints, FELL statements are mapped to state transition graphs which model the different subcomputations required to check the aggregation constraints. Graph aggregation operations are proposed for building compound state transition graphs for complex constraints. To monitor aggregation constraints, two marking techniques, called Linear Marking Technique and Zigzag Marking Technique, are proposed. Finally, we describe a three-layer DOK logical secure architecture enabling the implementation of the different security agents. This includes a Coordination layer, a Task layer, and a Database layer. Each contains specialized agents that enforce a different part of the federated security policy. Coordination is performed by the DOK Manager, enforcing security is performed by a specialized Constraint Manager agent, and the database functions are implemented by user and data agents

Published in:

IEEE Transactions on Parallel and Distributed Systems  (Volume:12 ,  Issue: 12 )