Rollenbasierte Zugangskontrolle in interoperablen Umgebungen
Student: Wolfgang Eßmayr
Supervisor: Univ.-Prof. Dr. Roland Wagner
Security in information systems is often regarded as a bothersome issue that tends to be neglected in favor of effective and powerful applications. Many enterprises already experienced the consequences of this attitude ranging from harmless attacks of hackers to a serious shutdown of business activities. The increasing number of information systems applied within an arbitrary enterprise as well as the enhanced network facilities available raise the demand for interoperable environments that change the relationship between legacy systems and modern information technology from simple coexistence to real integration. This thesis presents a security concept for database federations, a typical representative for an interoperable environment.
The security concept rests on the principle of role-based access controls which allow for a clear distinction of the questions ´what has to be done´ and ´who has to do it´. Furthermore, the definition of role- hierarchies permits the organizational and functional representation of an enterprise relieving the administration of security issues. The particular characteristics of interoperable environments are addressed as follows: (1) integration of advanced security concepts in order to allow for mappings between as many security models as possible (heterogeneity), (2) ability to define and control a global security policy which takes the security requirements of the involved component systems into account, and (3) enhancements to the security architecture with symmetric and asymmetric cryptography in order to guarantee confidential and authentic communication among component systems. The proposed security concept has been realized within the EU ESPRIT III project no. 8629 (IRO-DB, interoperable relational and object-oriented databases).