Sebastiaan H. von Solms

A taxonomy for secure object-oriented databases

This paper proposes a taxonomy for secure object-oriented databases in order to clarify the issues in modeling and implementing such databases. It also indicates some implications of the various choices one may make when designing such a database. Most secure database models have been designed for relational databases. The object-oriented database model is more complex than the relational model. For these reasons, models for secure object-oriented databases are more complex than their relational counterparts. Furthermore, since views of the object-oriented model differ, each security model has to make some assumptions about the object-oriented model used for its particular database. A number of models for secure object-oriented databases have been proposed. These models differ in many respects, because they focus on different aspects of the security problem, or because they make different assumptions about what constitutes a secure database or because they make different assumptions about the object-oriented model. The taxonomy proposed in this paper may be used to compare the various models: Models that focus on specific issues may be positioned in the broader context with the aid of the taxonomy. The taxonomy also identifies the major aspects where security models may differ and indicates some alternatives available to the system designer for each such design choice. We show some implications of using specific alternatives. Since differences between models for secure object-oriented databases are often subtle, a formal notation is necessary for a proper comparison. Such a formal notation also facilitates the formal derivation of restrictions that apply under specific conditions. The formal approach also gives a clear indication about the assumptions made by us—given as axioms—and the consequences of those assumptions (and of design choices made by the model designer)—given as theorems.

Electronic commerce with secure intelligent trade agent

Electronic commerce on the Internet has the potential to generate billions of transactions but the number of merchants providing goods or services on the Internet will be so large, that it will become impossible for humans to visit each site and decide where it is best to buy or sell goods. In this paper we develop intelligent trade agents that roam a network, collect and analyse the data from servers on the network and make decisions to buy and sell goods on behalf of a user. The combination of distributed-object technology and single and public key encryption mechanisms makes these agents secure intelligent trade agents. We show that distributed-object technology is an enabling technology for intelligent trade agents.

Information Security: Process Evaluation and Product Evaluation

Effective management in any organisation requires a holistic approach in focusing on information security. Senior managers have to know how well their organisations are performing as measured against internationally accepted best practices. Part of the information security management problem is that it is viewed either from a technological perspective focussing on product evaluation only, or from a procedural and management perspective focussing on evaluation of the management processes. This paper aims to provide a consolidated perspective that takes both these aspects into consideration when measuring and evaluating the information security level of an organisation.

Information Security: Mutual Authentication in E-Commerce

Information Security is ever increasingly becoming an important topic when it comes to network communications. This greatly concerns areas of electronic commerce, especially online shopping and money transfers. This paper outlines a methodology for securing electronic communication between e-Merchants and online shoppers. The methodology is based on a simple hierarchy of a trusted third party and communicating hosts. The paper further explains how the new methodology avoids e-commerce pitfalls of current technologies and presents an approach for securing currently unsecured online shoppers, in the process of making them capable of performing safe and secure network transactions.

Information Security Management Through Measurement

This paper suggests a model, based on the continuous measuring and monitoring of information security parameters, by which information security management can be made more dynamic and relevant.

DNA-proofing for Computer Systems - A New Approach to Computer Security?

Modem day network-centric computing can increasingly be viewed as a vast, extremely involved organism, of which the boundaries are not clear, and most of the constituent parts are unknown from any given viewpoint. It may even become impossible to ensure the security of computing systems in future with current approaches to computer security. On the other hand, nature has been successful in defending its complex biological systems from infection and damage for countless millennia by using highly specialized and evolved immune systems. It is therefore postulated that a highly effective defensive mechanism can be developed, to transparently enforce an acceptable level of security in very extensive and complex computer networks and systems, by building very basic, but specialized autonomous agents, that follow basic rules that can be deduced from biological immune systems. Key to this concept is the biological system’s ability to distinguish what belongs to it and what is foreign and therefore needs to be destroyed. This is done, inter alia, via genetic information contained in the DNA of each cell. Central to the proposed immune model is thus the concept of ‘DNA-proofing’

MoFAC: a model for fine-grained access control

Access control in Information Technology (IT) systems, also known as Authorization, is one of the cornerstones of any Information Security Policy. The granularity of such access control can be on different levels, for example on volume (disc pack) level, database level, table level, and even on individual record (or tuple) and data field level. Although very fine-grained access control, for example on record level, is often required, in most systems access control on table level is used. The reason is that the management process is significantly easier and simpler the courser the level of control becomes.