A Unifying Approach to the Design of a Secure Database Operating System

Abstract

Database management systems (DBMS's) today are usually built as subsystems on top of an operating system (OS). This design approach can lead to problems of unreliability and inefficient performance as well as forcing a duplication of functions between the DBMS and OS. A new design approach is proposed which eliminates much of this duplication by integrating the duplicated functions into independent subsystems used by both the DBMS and OS. Specifically, an I/O and file support subsystem and a security subsystem are defined. Both subsystems make use of a logical information model which models the stored information in secondary storage. The new database operating system organization and the logical information model are presented in detail. Design of the security subsystem is based on the access control model, and is extended with Boolean predicates to produce an access control model capable of enforcing content-dependent security policies. The access matrix is implemented using a combination of access lists and capabilities. Authorization models and multiple user processes are discussed in relation to the new system organization. The outline of a formal specification and proof of correctness of the security subsystem is also discussed.