A Module Definition Facility for Access Control in Distributed Data Base Systems

Future information systems will involve the interconnection of databases through public networks, requiring the development of adequate security facilities within the local nodes in order to prevent unauthorized access and use of data. A key component of any security scheme is a set of lanuage primitives that define access rights; these language primitives must be combined with other language facilities that assure integrity of the data bases involved and that promote the development of reliable software systems. In such an environment, transaction-based systems, providing interactive access to stored data through a set of predefined operations, may be implemented with programming languages containing facilities for data base definition and manipulation. In such a case, it is necessary to provide some primitives for access control within the programming language. This paper presents a set of such primitives, embedded in a module definition facility, that permits defferent classes of users to share a data base in a controlled way. These facilities are presented as a possible set of extensions to the programming language PLAIN.