Static Detection of Security Flwas in Object-Oriented Databases
by Keishi Tajima
We propose a model of access control in object-oriented databases. In
the model, the granularity of access control is function invocations
on data objects. The users are granted rights to invoke composed
functions instead of rights to invoke primitive operations. Although
primitive operations are invoked inside composed functions, the users
can invoke them only through the granted functions. This achieves
access control in abstract operation level. Access control utilizing
encapsulation of functions, however, easily causes many ``security
flaws'' through which malicious users can bypass the encapsulation and
can abuse the primitive operations inside the functions. In this
paper, we develop techniques to statically detect such security flaws.
First, we design a framework to describe security requirements that
should be satisfied. Then, we develop an algorithm that syntactically
analyzes program code of the functions and determines whether given
security requirements are satisfied or not. This algorithm is sound,
that is, whenever there is a security flaw, it detects it.
object-oriented database, object-oriented programming, security flaw,
security analysis, program analysis, encapsulation, abstract data
type, method, protection, access control
Published in Proc. of ACM SIGMOD'96, pp.341-352, Jun. 1996, Montreal, Canada.