This dissertation considers the use of a virtual machine as an access control mechanism in a relational database management system. Such a mechanism may prove to be more flexible than the normal access control mechanism that forms part of a relational database management system. The background information provided in this text (required to clearly comprehend the issues that are related to the virtual machine and its language) introduces databases, security and security mechanisms in relational database management systems. Finally, an existing implementation of a virtual machine that is used as a pseudo access control mechanism is provided. This mechanism is used to examine data that travels across a electronic communications network. Subsequently, the language of the virtual machine is chiefly considered, since it is this language which will determine the power and flexibility that the virtual machine offers. The capabilities of the language is illustrated by showing how it can be used to implement selected access control policies. Furthermore it is shown that the language can be used to access data stored in relations in a safe manner, and that the addition of the programs to the DAC model does not cause a significant increase in the management of a decentralised access control model. Following the proposed language it is obvious that the architecture of the ìnewî access control subsystem is also important since this architecture determines where the virtual machine fits in to the access control mechanism as a whole. Other extensions to the access control subsystem which are important for the functioning of the new access control subsystem are also reected upon. Finally, before concluding, the dissertation aims to provide general considerations that have to be taken into account for any potential implementation of the virtual machine. Aspects such as the runtime support system, data types and capabilities for extensions are taken into consideration. By examining all of the previous aspects, the access control language and programs, the virtual machine and the extensions to the access control subsystem, it is shown that the virtual machine and the language offered in this text provides the capability of implementing all the basic access control policies that can normally be provided. Additionally it can equip the database administrator with a tool to implement even more complex policies which can not be handled in a simple manner by the normal access control system. Additionally it is shown that using the virtual machine does not mean that certain complex policies have to be implemented on an application level. It is also shown that the new and extended access control subsystem does not significantly alter the way in which access control is managed in a relational database management system. / Prof. M.S. Olivier
| Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:uj/uj:8802 |
| Date | 04 June 2008 |
| Creators | Van Staden, Wynand Johannes |
| Source Sets | South African National ETD Portal |
| Detected Language | English |
| Type | Thesis |
Page generated in 0.0025 seconds