Browse Prior Art Database

Systems Architecture for Compile Time Authorization Integrity

IP.com Disclosure Number: IPCOM000088319D
Original Publication Date: 1977-May-01
Included in the Prior Art Database: 2005-Mar-04
Document File: 3 page(s) / 35K

Publishing Venue

IBM

Related People

Coleman, CD: AUTHOR [+3]

Abstract

Compile-time analysis of data-base application programs allows comprehensive and semantic integrity checking without heavy performance degredation, as would occur in a system where these checks were performed at execution time. However, these advantages are obtained at the cost of high sensitivity of the compile programs to any changes in the physical structure or to some type of changes in the logical aspects of the data. This article presents a system architecture to realize the advantages of compile-time actions with reduced sensitivity to changes in the data base and with improved security.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Systems Architecture for Compile Time Authorization Integrity

Compile-time analysis of data-base application programs allows comprehensive and semantic integrity checking without heavy performance degredation, as would occur in a system where these checks were performed at execution time. However, these advantages are obtained at the cost of high sensitivity of the compile programs to any changes in the physical structure or to some type of changes in the logical aspects of the data. This article presents a system architecture to realize the advantages of compile-time actions with reduced sensitivity to changes in the data base and with improved security.

The basic idea of this architecture is the division of the compiled object programs into three modules; 1) a module, called the A-program, which contains all the non-data base processing of the application program; 2) a module, called the D-program, which contains all the database base interactions (retrieval, update, insertion, deletion); 3) a module, called the C-program, which contains all the data control, i.e., authorization and integrity checking, and enforcement procedures to take care of access violations. To utilize this architecture, the following steps are required: 1) User application programs are written in some language which makes explicit their interactions with the data base. There exist several languages of this type, some of which are extensions of a standard high- level language, and some of which are self-contained query languages. 2) The application programs are compiled and the compiler analyzes their interaction with the data base. The result of this analysis is an "access list" which describes what data elements are being accessed and how. 3) Using the access list, the compiler generates the three object modules described above.

The three modules execute as described in the figure. The A-program is initiated, and whenever there is a need for data-base information, a call is made to the D-program. The D-program, before satisfying the request, makes a call to the C-program for evaluation of any authorization or integrity constraints. Notice that the A-program does not have access to the data base, but has to request data from the D-program. The C-program cannot access the data base either, but when it needs information from the data base to decide access, it must get it through the D-program. For sensitivity reasons (see below) the D-program is divided into two parts, one for satisfying requests from the A-program, the D(A) part, and one for requests from the C-program, the D(C) part. The effect of changes to the data base is as fol...