A security model for an object-oriented information system | |
| Author | Sureerut Inmor |
| Call Number | AIT Diss. no.IM-02-01 |
| Subject(s) | Object-oriented methods (Computer science) System design Computer security |
| Note | A dissertation submitted in partial fulfilment of the requirements the Degree of Doctor of Technical Science |
| Publisher | Asian Institute of Technology |
| Abstract | The change in the programing paradigm from structure programming to object- oriented technology has migrated to several application areas. Security awareness has become a topic of interest in object-oriented systems because of the differences in programming paradigms. In an object-oriented information system, analysts should take security requirements into consideration when they start designing an Object model. A component of an Object model, the method, can be a crucial part that contributes much to the success of implementation of an application system with security requirements. In this dissertation, an Object-Oriented Security Model (OOSM) is proposed with a security-oriented extension, which emphasizes the design of a security mechanism at the user interface level and the design of an object model at the application-under-development level. The objective of this dissertation is to present additional methods and techniques for object- oriented design, which recognize software security as an important aspect in the development phase and throughout the. sofiware life cycle. The expected result is to have the design guidelines developed during the analysis and design phase of the system. A university library system has been used as an illustrative example to explain how to implement OOSM in both security levels. Visual OH- is used as the programming language and prototyping tool. The process Of an access control mechanism at the user interface level started with an analysis of users’ security requirements by employing the software prototype, which is designed using the principle of a multilevel menu with the necessary access control mechanism. To implement an access control mechanism, additional objects are created including the security object, the user information object, and the login information object. In the security analysis of both security levels, additional methods and techniques were used such as the role diagram, the Operation structure diagram, the sensitivity level diagram, the basic access matrix, and the access-checking rule. The resulting software prototype, after discussion with the user, provides the analyst with the security requirements of an application system. The analyst considers which operation has significance from a security perspective and continues to work with a carefiilly designed operation (object model). The design guidelines are produced as a result of security analysis at the application-under-development level. In the design guidelines, security functions are classified as set membership test, terminate membership test, relationship cardinality test, state change permission test, correctness of input data test, correctness of output data test, notification, control condition for synchronizing series of operations, organizational policy, audit trail, and permission test for Operational invocation. Embedding security functions into normal operation requires applying pre-conditions and post—conditions to an existing Operation. To make a mechanism more useful and efficient, it should be equipped with other security aspects such as authentication, network security, and distributed system security. These security aspects make the security mechanism generated from the OOSM more efficient and effective. |
| Year | 2002 |
| Type | Dissertation |
| School | School of Engineering and Technology (SET) |
| Department | Department of Information and Communications Technologies (DICT) |
| Academic Program/FoS | Information Management (IM) |
| Chairperson(s) | Vatcharaporn Esichaikul;Batanov, Dencho N. ; |
| Examination Committee(s) | Manukid Parnichkhun;Phan Minh Dung;Madey, Gregory R.; |
| Scholarship Donor(s) | Rajamangala Institute of Technology; |
| Degree | Thesis (Ph.D.) - Asian Institute of Technology, 2002 |