An integrated access control in heterogeneous distributed database systems

Abstract

As a number of diverse, heterogeneous types of database management systems are employed within a single organization, the need to integrate those systems is stringent to have an efficient and transparent accesses to remote sites. Of our particular interest among various heterogeneity issues is integrated access control that combines mandatory access control (MAC) and discretionary access control (DAC) together, with MAC based on a lattice of sensitivity labels and DAC based on individual and group access privileges. The necessity for integrating MAC and DAC arises in an open, heterogeneous multidatabase system, since any trusted system has so far provided a single, exclusive type of access control paradigm: either MAC or DAC. In this paper, we tried to formulate an integrated access control, which can provide a new and general framework to access control in heterogeneous distributed database systems (HDDBSs). The integrated access control, placed at the level of global data manager in each site, is used for security enforcement in an HDDBS. The global data manager maintains a data dictionary that contains meta data describing the global schema of the multilevel databases, clearances of users, security classifications of data, and access authorizations. Our integrated access control restricts both access to information and the flow of information only in authorized ways.