Treffer: A Cryptographic Mechanism for Object-Instance-based Authorization in Object-Oriented Database Systems

In this paper a mechanism for access control at the instance level of a class in objectoriented databases is suggested. The approach is based on the use of pseudo-random functions and sibling intractable functions, rather than on the traditional access control list associated with each object. Each object-instance in the object-oriented model is associated with secure access keys that insure secure access to the object and all related objects. The security of the system depends on the difficulty of predicting the output of pseudo-random functions and on finding extra sibling collision for the sibling intractable function family. The authorization system supports ownership and granting/revoking of access rights. Keywords: Authorization, Access control, DAC, MAC, Data security, Database security, Object-oriented databases, Application of cryptography. 1 Introduction Most of the current models for authorization in database systems are developed for relational databases [10, 21]. Object-.