Implementation of Predicate-Based Protection in MULTISAFE

Abstract

This paper reports some implementation work done within the MULTI SAFE database protection research project group at Virginia Tech. It describes the evolution of an approach to database security from a formal model of predicate-based protection, through an implementation model, to an on-going implementation. The implementation model is based on a relational database approach to the management of protection information (stored representations of authorizations). Classes of access decision dependency are reviewed. Protection policies, design deci¬sions, and special implementation problems are discussed. Detailed examples are used to illustrate the use of this flexible and generalized approach to database security within the MULTI SAFE system architecture.