Authorization and revocation in object-oriented databases

摘要

Few studies of object-oriented databases deal with their security, a fundamental aspect of systems with complex data structures. Most authorization systems give users who own resources only some basic control over them; here, we provide users with more direct control over their resources by associating with each grant propagation numbers. Propagation numbers govern the grantability and exercisability of the privileges. Of particular interest in our study of authorization in an OO environment is the combination of inheritance and granting of privileges. Diverse policies are discussed and implemented in a test-bed system.