Context Protection and Consistent Control in Data Base Systems (Part I).

Although the indispensibility of access control mechanisms in data secure systems has been recognized, there is a need for more subtle protection and refined control mechanisms. This report describes context protection mechanisms which enable the same data unit to be protected differently in different contexts, the differences being determined by the manner in which the fields and records are being accessed. The study shows that the method can be enforced by means of certain built-in relations among the data units involved. Three basic and primary relations are proposed as a starting point for more elaborate control systems. These primary relations allow the necessary and sufficient conditions under which violations will occur to be identified. With these conditions and the security system, it becomes possible to propose a data definition language for specifying data base protection requirements and to develop an access control mechanism for enforcing the requirements. (WDR)