Access control for client-server object databases

Accompanying the rise of the Internet, has been a surge in Intranets as an enterprise-wide computing solution. Connection to the Internet, and the increased ease with which distributed data processing can occur using Intranet technology, have given higher priority to concerns about security. Control of access to data is no longer centralized, rendering traditional data security solutions unacceptable and creating new challenges. Object databases (ODBs) want to provide needed Intranet services while maintaining control of data. Traditional coarse-grained protection schemes, such as per database or per relational database table, are insufficient in this environment.; While other functionality is useful, the key requirement leading most ODB users to adopt ODB technology is the good performance only met through the use of ODBs. Thus any new ODB functionality for security must have minimal performance impact for users. A central feature of ODB architectures, critical for high performance and a deviation from relational database architectures, is the shipping of data from the server to the client. This feature, however, complicates the task of adding access control--how can the server control access to data sent to the client? In addition, how can this control be achieved while maintaining the high performance standards of ODBs?; This thesis shows how to obtain efficient, fine-grained (object-level) control over user access to ODB data. We present a target access control model for ODB applications and delineate the trust assumptions required for providing such access control in client-server environments. The prototype implementations of our approach achieve very low overhead while providing object-level access control. By implementing our approach to access control for two major ODB architectures and measuring the resulting prototype's performance on standard ODB benchmarks, we show that when an application is entitled to access all the data it attempts to access, fine-grained access control is achievable with a run-time performance penalty of less than 15%. As the number attempts to access data the application is unauthorized to access increases, performance degrades gracefully. These results demonstrate that fine-grained access controls in ODBs are feasible without the order of magnitude performance degradation--effectively a functional difference--anticipated by the ODB community.