{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,10,20]],"date-time":"2023-10-20T08:20:21Z","timestamp":1697790021870},"reference-count":164,"publisher":"Elsevier BV","issue":"1","license":[{"start":{"date-parts":[[1981,1,1]],"date-time":"1981-01-01T00:00:00Z","timestamp":347155200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information Systems"],"published-print":{"date-parts":[[1981,1]]},"DOI":"10.1016\/0306-4379(81)90014-4","type":"journal-article","created":{"date-parts":[[2003,8,8]],"date-time":"2003-08-08T01:31:39Z","timestamp":1060306299000},"page":"1-22","source":"Crossref","is-referenced-by-count":15,"title":["Database security\u2014System architectures"],"prefix":"10.1016","volume":"6","author":[{"given":"H.Rex","family":"Hartson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/0306-4379(81)90014-4_BIB1_1","series-title":"Proc. Computer Software and Applications Conf.","first-page":"357","article-title":"An experiment in database access control","author":"Manola","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB1_2","author":"Manola","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB2","series-title":"Army Regulation No. 389-380: Automated system security","year":"1977"},{"issue":"3","key":"10.1016\/0306-4379(81)90014-4_BIB3","doi-asserted-by":"crossref","first-page":"242","DOI":"10.1145\/320473.320482","article-title":"An authorization mechanism for a relational database system","volume":"1","author":"Griffiths","year":"1976","journal-title":"ACM Trans. on Database Systems"},{"key":"10.1016\/0306-4379(81)90014-4_BIB4","article-title":"A study of architectural and security issues associated with integrating database computers into WWMCCS","author":"Claybrook","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB5","series-title":"Proc. IEEE Computer and Software Applications Conf.","first-page":"349","article-title":"Dynamics of database protection enforcement\u2014a preliminary study","author":"Hartson","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB6","series-title":"Proc. IEEE Computer and Software applications Conf. (COMPSAC)","first-page":"729","article-title":"Cooperative authorization in computer systems","author":"Minsky","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB7","series-title":"Research Rep. OSU-CISRC-TR-75-6","article-title":"Languages for specifying protection requirements in data base systems\u2014a semantic model","author":"Hartson","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB8","series-title":"Proc. IEEE Computer and Software Applications Conf.","first-page":"453","article-title":"The relationship between operating system and database system security: A survey","author":"Fernandez","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB9","article-title":"Research problems in the data base system\/operating system interface","author":"Gudes","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB10","article-title":"A unified security model for data base and operating systems","author":"Spooner","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB11","first-page":"1278","article-title":"The protection of information in computer systems","volume":"63","author":"Saltzer","year":"1975"},{"issue":"8","key":"10.1016\/0306-4379(81)90014-4_BIB12","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1145\/360303.360333","article-title":"On protection in operating systems","volume":"19","author":"Harrison","year":"1976","journal-title":"Comm. ACM"},{"issue":"5","key":"10.1016\/0306-4379(81)90014-4_BIB13","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1145\/1067629.806538","article-title":"The enforcement of security policies for computation","volume":"9","author":"Jones","year":"1975","journal-title":"Operating Systems Rev."},{"key":"10.1016\/0306-4379(81)90014-4_BIB14","volume":"Vols. 1 and 2","author":"Anderson","year":"1972"},{"key":"10.1016\/0306-4379(81)90014-4_BIB15","series-title":"ACM SIGPLAN Notices","first-page":"64","article-title":"In defense of program testing, or correctness proofs considered harmful","author":"Tanenbaum","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB16","first-page":"37","article-title":"A certified multilevel secure minicomputer operating system","volume":"32","author":"Walker","year":"1977","journal-title":"SIGNAL"},{"issue":"5","key":"10.1016\/0306-4379(81)90014-4_BIB17","doi-asserted-by":"crossref","first-page":"243","DOI":"10.1145\/360051.360059","article-title":"Security kernel validation in practice","volume":"19","author":"Millen","year":"1976","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB18","series-title":"Proc. AFIPS NCC","first-page":"1079","article-title":"Issues in kernel design","author":"Popek","year":"1978"},{"issue":"9","key":"10.1016\/0306-4379(81)90014-4_BIB19","doi-asserted-by":"crossref","first-page":"739","DOI":"10.1145\/359588.359597","article-title":"A model for verification of data security in operating systems","volume":"21","author":"Popek","year":"1978","journal-title":"Comm. ACM"},{"issue":"5","key":"10.1016\/0306-4379(81)90014-4_BIB20","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1145\/359104.359106","article-title":"Social processes and proofs of theorems and programs","volume":"22","author":"DeMillo","year":"1979","journal-title":"Comn. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB21","series-title":"ACM Forum, Numerous letters commenting on Social processes and proofs of theorems and programs","first-page":"621","volume":"22","year":"1979"},{"key":"10.1016\/0306-4379(81)90014-4_BIB22","series-title":"Current Trends in Programming Methodology","first-page":"61","article-title":"A formal methodology for the design of operating system software","volume":"Vol. 1","author":"Robinson","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB23","article-title":"Secure Computer Systems: Mathematical foundations and model","volume":"Vols. I, II, and III","author":"Bell","year":"1973"},{"issue":"7","key":"10.1016\/0306-4379(81)90014-4_BIB24","doi-asserted-by":"crossref","first-page":"388","DOI":"10.1145\/361011.361067","article-title":"Protection and the control of information sharing in MULTICS","volume":"17","author":"Saltzer","year":"1974","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB25","series-title":"Multics security kernel certification plan","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB26","first-page":"43","article-title":"The multics kernel design project","volume":"11","author":"Schroeder","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB27","article-title":"Analysis of secure communications processor architecture","author":"Gilson","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB28","series-title":"Proc. ACM Conf.","first-page":"411","article-title":"VM 370 Security Retrofit Program","author":"Gold","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB29","first-page":"335","article-title":"A security retrofit of VM\/370","volume":"48","author":"Gold","year":"1979"},{"key":"10.1016\/0306-4379(81)90014-4_BIB30","first-page":"355","article-title":"UCLA secure UNIX","volume":"48","author":"Popek","year":"1979"},{"key":"10.1016\/0306-4379(81)90014-4_BIB31","series-title":"Proc. AFIPS NCC","first-page":"1087","article-title":"Computer system security evaluation","author":"Neumann","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB32","first-page":"345","article-title":"KSOS\u2014the design of a secure operating system","volume":"48","author":"McCauley","year":"1979"},{"key":"10.1016\/0306-4379(81)90014-4_BIB33","first-page":"373","article-title":"KSOS\u2014Computer network applications","volume":"48","author":"Padlipsky","year":"1979"},{"key":"10.1016\/0306-4379(81)90014-4_BIB34","first-page":"365","article-title":"KSOS\u2014The development methodology for a secure operating system","volume":"48","author":"Berson","year":"1979"},{"key":"10.1016\/0306-4379(81)90014-4_BIB35","article-title":"A provably secure operating system: The system, its applications, and proofs","author":"Neumann","year":"1977","journal-title":"Final Rep., Project 4332, SRI International Menlo Park, California"},{"issue":"12","key":"10.1016\/0306-4379(81)90014-4_BIB36","doi-asserted-by":"crossref","first-page":"1064","DOI":"10.1145\/359657.359667","article-title":"An example of hierarchical design and proof","volume":"21","author":"Spitzer","year":"1978","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB37","series-title":"Proc. ACM Conf. on Language Design for Reliable Software","first-page":"1","article-title":"GYPSY: A language for specification and implementation of verifiable programs","author":"Ambler","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB38","series-title":"Proc. Int. Conf. on Very Large Data Bases","first-page":"428","article-title":"Granularity of locks in a shared data base","author":"Gray","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB39","series-title":"Lecture Notes in Computer Science, Vol. 39: Data Base Systems","doi-asserted-by":"crossref","first-page":"339","DOI":"10.1007\/3-540-07612-3_15","article-title":"On the integrity of data bases and resource locking","author":"Bayer","year":"1976"},{"issue":"3","key":"10.1016\/0306-4379(81)90014-4_BIB40","doi-asserted-by":"crossref","first-page":"233","DOI":"10.1145\/320557.320566","article-title":"Effects of locking granularity in a database","volume":"2","author":"Ries","year":"1977","journal-title":"ACM Trans. on Database Systems"},{"key":"10.1016\/0306-4379(81)90014-4_BIB41","series-title":"Proc. ACM-SIGMOD Int. Conf. on Management of Data","first-page":"23","article-title":"An authorization model for a shared data base","author":"Fernandez","year":"1975"},{"issue":"2","key":"10.1016\/0306-4379(81)90014-4_BIB42","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1145\/320455.320457","article-title":"System R: Relational approach to database management","volume":"1","author":"Astrahan","year":"1976","journal-title":"ACM Trans. on Database Systems"},{"key":"10.1016\/0306-4379(81)90014-4_BIB43","article-title":"A system structure for data security","author":"Summers","year":"1977","journal-title":"IBM Los Angeles Scientific Center Technical Rep. G320-2687"},{"key":"10.1016\/0306-4379(81)90014-4_BIB44","article-title":"A file system for a problem solving facility","author":"Hsiao","year":"1968"},{"issue":"2","key":"10.1016\/0306-4379(81)90014-4_BIB45","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1145\/362007.362015","article-title":"A formal system for information retrieval from files","volume":"13","author":"Hsiao","year":"1970","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB46","series-title":"Proc. ACM Annual Conf.","first-page":"303","article-title":"Modeling and performance evaluation of physical database structures","author":"Yao","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB47","series-title":"Proc. ACM Annual Conf.","first-page":"319","article-title":"An attribute based file organization for a relational database","author":"Weldon","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB48","series-title":"Proc. 2nd Int. Conf. on Software Engng","first-page":"532","article-title":"A software engineering experience in the management, design, and implementation of a data secure system","author":"Hsiao","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB49","first-page":"231","article-title":"Information secure systems","volume":"Vol. 14","author":"Hsiao","year":"1967"},{"key":"10.1016\/0306-4379(81)90014-4_BIB50","article-title":"A model for data secure systems","author":"McCauley","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB51","article-title":"Authorization in multilevel database models","author":"Wood","year":"1978","journal-title":"IBM Los Angeles Scientific Center Techn. Rep. G320-2696"},{"key":"10.1016\/0306-4379(81)90014-4_BIB52","article-title":"Study group on data bsae management systems, interim report","author":"ANSI\/X3\/SPARC","year":"1975","journal-title":"FDT. Bulletin of the ACM SIGMOD"},{"key":"10.1016\/0306-4379(81)90014-4_BIB53","series-title":"Proc. Int. Conf. on Very Large Data Bases","first-page":"268","article-title":"Definition and evaluation of access rules in data management systems","author":"Fernandez","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB54","series-title":"Proc. Int. Conf. on Very Large Data Bases","first-page":"27","article-title":"A semantic model for data base protection languages","author":"Hartson","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB55","series-title":"Proc. Annual Conf. ACM","first-page":"90","article-title":"Full protection specifications in the semantic model for database protection languages","author":"Hartson","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB56","article-title":"Design of event-driven protection mechanisms","author":"Cohen","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB57","series-title":"Databases: Improving Usability and Responsiveness","first-page":"411","article-title":"Event driven protection for enhancing data sharing in data base systems","author":"Cohen","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB58","series-title":"Proc. 3rd Jerusalem Conf. on Information Technology","first-page":"165","article-title":"Derivation protection in database systems","author":"Cohen","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB59","first-page":"119","article-title":"Security controls in the ADEPT-58 time sharing system","volume":"35","author":"Weissman","year":"1969"},{"key":"10.1016\/0306-4379(81)90014-4_BIB60","series-title":"Proc. SJCC.","first-page":"1181","article-title":"Selective capabilities in ASAP\u2014A file management system","author":"Conway","year":"1972"},{"key":"10.1016\/0306-4379(81)90014-4_BIB61","series-title":"Proc. ACM Annual Conf.","first-page":"180","article-title":"Access control in a relational data base management system by query modification","author":"Stonebraker","year":"1974"},{"key":"10.1016\/0306-4379(81)90014-4_BIB62","series-title":"Proc. Annual Conf. ACM","first-page":"80","article-title":"The INGRES protection system","author":"Stonebraker","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB63","article-title":"A distributed data base version of INGRES","author":"Stonebraker","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB64","article-title":"Implementation of a secure data management system for the secure UNIX operating system","author":"Wagner","year":"1977","journal-title":"Mitre Corp. Technical Rep. for the Air Force ESD, ESD-TR-78-154"},{"key":"10.1016\/0306-4379(81)90014-4_BIB65","series-title":"Protection Proc. 5th Princeton Symp. on Information Sciences and Systems","first-page":"437","author":"Lampson","year":"1971"},{"key":"10.1016\/0306-4379(81)90014-4_BIB66","author":"Blasgen","year":"1979","journal-title":"System R: An architectural update IBM Research Rep. RJ2581 (33481)"},{"key":"10.1016\/0306-4379(81)90014-4_BIB67","series-title":"Proc. IEEE Computer and Software Applications Conf. (COMPSAC)","first-page":"342","article-title":"A framework for data base protection and its application to the INGRES and System R data base management systems","author":"McLeod","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB68","series-title":"Proc. ACM National Conf.","first-page":"28","article-title":"Associative techniques in the solution of data management problems","author":"DeFiore","year":"1971"},{"key":"10.1016\/0306-4379(81)90014-4_BIB69","series-title":"Proc. AFIPS NCC","first-page":"181","article-title":"A data management system utilizing an associative memory","author":"DeFiore","year":"1973"},{"key":"10.1016\/0306-4379(81)90014-4_BIB70","series-title":"Proc. AFIPS NCC","first-page":"1","article-title":"Some problems in associative processor applications to data base management","author":"Berra","year":"1974"},{"key":"10.1016\/0306-4379(81)90014-4_BIB71","series-title":"Proc. 1st Annual Symp. on Computer Architecture","first-page":"121","article-title":"The architecture of CASSM: A cellular system for non-numeric processing","author":"Copeland","year":"1973"},{"key":"10.1016\/0306-4379(81)90014-4_BIB72","series-title":"Proc. ACM SIGPLAN, SIGIR Interface Meeting","first-page":"144","article-title":"Retrieval operations and data representations in a contentaddressable disk system","author":"Su","year":"1973"},{"key":"10.1016\/0306-4379(81)90014-4_BIB73","first-page":"379","article-title":"RAP\u2014An associative processor for data base management","volume":"44","author":"Ozkarahan","year":"1975"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB74","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1145\/320544.320553","article-title":"Performance evaluation of a relational associative processor","volume":"2","author":"Ozkarahan","year":"1977","journal-title":"ACM Trans. on Database Systems"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB75","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1145\/320434.320447","article-title":"The design of a rotating associative memory for relational database applications","volume":"1","author":"Lin","year":"1976","journal-title":"ACM Trans. on Database Systems"},{"key":"10.1016\/0306-4379(81)90014-4_BIB76","series-title":"Proc. AFIPS NCC","first-page":"581","article-title":"INFOPLEX\u2014hierarchical decomposition of a large information management system using a microprocessor complex","author":"Madnick","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB77","article-title":"Mass memory organization study","author":"Farnesworth","year":"1976","journal-title":"Rome Air Development Center Techn. Rep. RADC-TR-76-254"},{"key":"10.1016\/0306-4379(81)90014-4_BIB78","series-title":"RELACS, an associative computer architecture to support a relational data model","author":"Oliver","year":"1979"},{"issue":"10","key":"10.1016\/0306-4379(81)90014-4_BIB79","doi-asserted-by":"crossref","first-page":"575","DOI":"10.1145\/355620.361172","article-title":"A back-end computer for data base management","volume":"17","author":"Canaday","year":"1974","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB80","year":"1978","journal-title":"Report on development of a back-end data base management system"},{"key":"10.1016\/0306-4379(81)90014-4_BIB81","series-title":"Proc. ACM Annual Conf.","first-page":"666","article-title":"Encapsulation: An approach to operating system security","author":"Bisbey","year":"1974"},{"key":"10.1016\/0306-4379(81)90014-4_BIB82","series-title":"Proc. 3rd Int. Conf. on Very Large Data Bases","article-title":"A kernel design for a secure database management system","author":"Downs","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB83","article-title":"A system architecture for compile-time actions in databases","author":"Lang","year":"1976","journal-title":"IBM Los Angeles Scientific Center, Rep. No. G320-2682"},{"key":"10.1016\/0306-4379(81)90014-4_BIB84","doi-asserted-by":"crossref","first-page":"767","DOI":"10.1109\/TC.1978.1675189","article-title":"Architectural support for system protection and database security","volume":"8","author":"Fernandez","year":"1978","journal-title":"IEEE Trans. on Computers C-27"},{"key":"10.1016\/0306-4379(81)90014-4_BIB85","article-title":"Secure data management systems","author":"Hinke","year":"1975"},{"issue":"2","key":"10.1016\/0306-4379(81)90014-4_BIB86","first-page":"8","article-title":"The reference monitor technique for security in data management systems","volume":"1","author":"Kirkby","year":"1977","journal-title":"IEEE Data Base Engineering"},{"key":"10.1016\/0306-4379(81)90014-4_BIB87","article-title":"A model of a protected data management system","author":"Grohn","year":"1976"},{"issue":"5","key":"10.1016\/0306-4379(81)90014-4_BIB88","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1145\/360051.360056","article-title":"A lattice model of secure information flow","volume":"19","author":"Denning","year":"1976","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB89","doi-asserted-by":"crossref","DOI":"10.21236\/ADA045537","article-title":"On specifying the functional design for a protected DMS tool","author":"Kirkby","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB90","doi-asserted-by":"crossref","DOI":"10.21236\/ADA045538","article-title":"Validation of the protected DMS specifications","author":"Kirkby","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB91","article-title":"WWMCCS data management analysis and data base machine requirements definition and functional description","author":"Cady","year":"1978","journal-title":"TM-WD-7911\/000\/00"},{"key":"10.1016\/0306-4379(81)90014-4_BIB92","article-title":"A. distributed architecture security system for centralized and distributed data base systems","author":"Cary","year":"1979"},{"issue":"3","key":"10.1016\/0306-4379(81)90014-4_BIB93","volume":"12","year":"1979","journal-title":"IEEE Computer"},{"key":"10.1016\/0306-4379(81)90014-4_BIB94","volume":"6","year":"1979","journal-title":"AC-28"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB95","first-page":"146","article-title":"What's happening with data base processors","volume":"26","author":"Bray","year":"1979","journal-title":"Datamation"},{"issue":"4","key":"10.1016\/0306-4379(81)90014-4_BIB96","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1145\/320289.320292","article-title":"Concepts and capabilities of a database computer","volume":"3","author":"Banerjee","year":"1978","journal-title":"ACM Trans. on Database Systems"},{"key":"10.1016\/0306-4379(81)90014-4_BIB97","article-title":"The architectural design of a secure database management system","author":"Baum","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB98","article-title":"The architecture of a database computer (DBC); Part I: Concepts and capabilities","author":"Baum","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB99","article-title":"The architecture of a database computer; Part II:- The design of structure memory and its related processors","author":"Hsiao","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB100","article-title":"DBC software Requirements for supporting heirarchical databases","author":"Hsiao","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB101","article-title":"DBC software requirements for supporting network databases","author":"Banerjee","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB102","article-title":"DBC software requirements for supporting relational databases","author":"Banerjee","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB103","article-title":"Simulation studies of the database computer (DBC)","author":"Hsiao","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB104","article-title":"Multiprocessor architectures for supporting secure database management","author":"Trueblood","year":"1979"},{"key":"10.1016\/0306-4379(81)90014-4_BIB105","unstructured":"R. P. Trueblood, H. R. Hartson and J. J. Martin: MULTISAFE\u2014a modular multiprocessing approach to secure database management. Submitted for publication."},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB106","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1145\/356683.356688","article-title":"Multiprocessor organization\u2014A survey","volume":"9","author":"Enslow","year":"1977","journal-title":"ACM Computing Surveys"},{"key":"10.1016\/0306-4379(81)90014-4_BIB107","series-title":"Notes on a workshop on distributed computing","first-page":"18","volume":"13","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB108","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1109\/C-M.1978.218056","article-title":"A survey of developments in distributed data base management systems","author":"Maryanski","year":"1978","journal-title":"IEEE Computer"},{"key":"10.1016\/0306-4379(81)90014-4_BIB109","article-title":"An overview of the preliminary design of SDD-1: A system for distributed databases","author":"Rothnie","year":"1977","journal-title":"Computer Corporation of American Tech. Rep. CCA-77-04"},{"key":"10.1016\/0306-4379(81)90014-4_BIB110","series-title":"Proc. AFIPS NCC","first-page":"821","article-title":"Access control mechanisms for a network operating system","author":"Wood","year":"1979"},{"key":"10.1016\/0306-4379(81)90014-4_BIB111","article-title":"Data control in a distributed database system","author":"Fernandez","year":"1977","journal-title":"IBM Los Angeles Scientific Center Tech. Rep. G320-2693"},{"key":"10.1016\/0306-4379(81)90014-4_BIB112","article-title":"Authorization in a decentralized database system","author":"Wood","year":"1979","journal-title":"IBM Los Angeles Scientific Center Tech. Rep. G320-2698"},{"key":"10.1016\/0306-4379(81)90014-4_BIB113","series-title":"Proc. AFIPS NCC","first-page":"551","article-title":"A perspective on network operating systems","author":"Kimbleton","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB114","series-title":"Proc. AFIPS NCC","first-page":"773","article-title":"Network operating systems\u2014An implementation approach","author":"Kimbleton","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB115","series-title":"Reprints ACM Interprocess Communication Workshop","first-page":"118","article-title":"Issues in communication protocol design\u2014formal correctness","author":"Sunshine","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB116","series-title":"Presented at the workshop on Operating and Data Base Management Systems","article-title":"User interface multi-level security issues in a transaction oriented data base management system","author":"Ames","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB117","series-title":"Proc. AFIPS NCC","first-page":"765","article-title":"Design of a message processing system for a multilevel security environment","author":"Ames","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB118","series-title":"Proc. AFIPS NCC","first-page":"839","article-title":"SIGMA\u2014an interactive message service for the military message experiment","author":"Stolz","year":"1979"},{"issue":"3","key":"10.1016\/0306-4379(81)90014-4_BIB119","doi-asserted-by":"crossref","first-page":"227","DOI":"10.1145\/356778.356782","article-title":"Data security","volume":"11","author":"Denning","year":"1979","journal-title":"ACM Computing Surveys"},{"key":"10.1016\/0306-4379(81)90014-4_BIB120","series-title":"Mock-up issue of Abacus published by AFIPS","first-page":"22","article-title":"The limits of data security","author":"Denning","year":"1977"},{"issue":"5","key":"10.1016\/0306-4379(81)90014-4_BIB121","first-page":"74","article-title":"Getting a personal dossier from a statistical data bank","volume":"16","author":"Hoffman","year":"1970","journal-title":"Datamation"},{"issue":"2","key":"10.1016\/0306-4379(81)90014-4_BIB122","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1145\/320071.320073","article-title":"Linear queries in statistical databases","volume":"4","author":"Schwartz","year":"1979","journal-title":"ACM Trans., on Database Systems"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB123","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1145\/320064.320068","article-title":"Secure databases: Protection against user inference","volume":"4","author":"Dobkin","year":"1979","journal-title":"ACM Trans., on Database Systems"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB124","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1145\/320064.320069","article-title":"The tracker: A threat to statistical database security","volume":"4","author":"Denning","year":"1979","journal-title":"ACM Trans. on Database Systems"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB125","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1145\/320241.320250","article-title":"Security in statistical databases for queries with small counts","volume":"3","author":"Chin","year":"1978","journal-title":"ACM Trans. on Database Systems"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB126","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1055\/s-0038-1635690","article-title":"Identification and retrieval of personal records from a statistical data bank","volume":"14","author":"Schl\u00f6rer","year":"1975","journal-title":"Methods of Information in Medicine"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB127","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1145\/320128.320138","article-title":"A fast procedure for finding a tracker in a statistical database","volume":"5","author":"Denning","year":"1980","journal-title":"ACM Trans. on Database Systems"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB128","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/320521.320525","article-title":"A model of statistical databases and their security","volume":"2","author":"Kam","year":"1977","journal-title":"ACM Trans. on Database Systems"},{"key":"10.1016\/0306-4379(81)90014-4_BIB129","series-title":"Proc. ACM Annual Conf.","first-page":"85","article-title":"Selective partial access to a database","author":"Conway","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB130","series-title":"Modem Methods for Computer Security and Privacy","author":"Hoffman","year":"1977"},{"key":"10.1016\/0306-4379(81)90014-4_BIB131","article-title":"Computer Security Problems and Solutions","author":"Hsiao","year":"1979"},{"issue":"2","key":"10.1016\/0306-4379(81)90014-4_BIB132","doi-asserted-by":"crossref","first-page":"229","DOI":"10.1147\/sj.192.0229","article-title":"Database security: requirements, policies and models","volume":"19","author":"Wood","year":"1980","journal-title":"IBM Systems J."},{"key":"10.1016\/0306-4379(81)90014-4_BIB133","doi-asserted-by":"crossref","first-page":"277","DOI":"10.1109\/TSE.1976.233833","article-title":"A language extension for controlling access to shared data","volume":"4","author":"Jones","year":"1976","journal-title":"IEEE Trans. on Software Engineering SE-2"},{"issue":"5","key":"10.1016\/0306-4379(81)90014-4_BIB134","doi-asserted-by":"crossref","first-page":"358","DOI":"10.1145\/359488.359493","article-title":"A language extension for expressing constraints on data access","volume":"21","author":"Jones","year":"1978","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB135","series-title":"Proc. AFIPS FJCC","first-page":"587","article-title":"The formulary model for flexible privacy and access controls","author":"Hoffman","year":"1971"},{"key":"10.1016\/0306-4379(81)90014-4_BIB136_1","series-title":"Proc. 2nd USA-Japan Computer Conf.","first-page":"481","article-title":"Data security implications of an extended subschema concept","author":"Manola","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB136_2","author":"Manola","year":"1975","journal-title":"NRL Report 7905"},{"issue":"3","key":"10.1016\/0306-4379(81)90014-4_BIB137","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1145\/360018.360027","article-title":"Intentional resolution of privacy protection in database systems","volume":"19","author":"Minsky","year":"1979","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB138","series-title":"Guidelines for automatic data processing physical security and risk management","year":"1974"},{"key":"10.1016\/0306-4379(81)90014-4_BIB139","article-title":"Security risk assessment in electronic data processing systems","author":"Courtney","year":"1975","journal-title":"Working document of IFIP-TG-15"},{"key":"10.1016\/0306-4379(81)90014-4_BIB140_1","article-title":"Security of federal automated information systems. Executive officer of the President, Officer of Management and Budget (0MB)","author":"McIntyre","year":"1978","journal-title":"Circular A-71 and Transmittal Memorandum No. 1"},{"key":"10.1016\/0306-4379(81)90014-4_BIB140_2","first-page":"21","article-title":"security of federal automated information systems","author":"McIntyre","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB141","series-title":"Proc. AFIPS NCC","first-page":"531","article-title":"SECURATE\u2014Security evaluation and analysis using fuzzy metrics","author":"Hoffman","year":"1978"},{"issue":"2","key":"10.1016\/0306-4379(81)90014-4_BIB142","doi-asserted-by":"crossref","first-page":"178","DOI":"10.1145\/320251.320260","article-title":"System level concurrency control for distributed database systems","volume":"3","author":"Rosencrantz","year":"1978","journal-title":"ACM Trans. Database Systems"},{"key":"10.1016\/0306-4379(81)90014-4_BIB143","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1109\/TSE.1978.231494","article-title":"The concurrency control mechanism of SDD-1: A system for distributed databases (The fully redundant case)","volume":"3","author":"Bernstein","year":"1978","journal-title":"IEEE Trans. on Software Engineering SE-4"},{"key":"10.1016\/0306-4379(81)90014-4_BIB144","series-title":"Proc. 3rd Berkeley Workshop on Distributed Data Management and Computer Networks","first-page":"235","article-title":"Concurrency control and consistency of multiple copies of data in distributed INGRES","author":"Stonebraker","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB145","series-title":"Proc. Int. Conf. on Very Large Data Bases","first-page":"48","article-title":"Functional specifications of a subsystem for data base integrity","author":"Eswaran","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB146","series-title":"Proc. Int. Conf. on Very Large Data Bases","first-page":"25","article-title":"Semantic integrity in a relational database system","author":"Hammer","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB147","series-title":"Proc. 2nd Int. Conf. on Software Engineering","article-title":"Application of clustering to estimate missing data and improve data integrity","author":"Lee","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB148","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/C-M.1978.218340","article-title":"Computer system organization: Problems of the 1980s","author":"Apfelbaum","year":"1978","journal-title":"IEEE Comput."},{"key":"10.1016\/0306-4379(81)90014-4_BIB149","article-title":"Notes on data base operating systems","author":"Gray","year":"1978","journal-title":"IBM Research Laboratory Techn. Rep. RJ2188"},{"key":"10.1016\/0306-4379(81)90014-4_BIB150","series-title":"AFIPS Proc. National Computer Conf.","first-page":"57","article-title":"Integrating data base management into operating systems\u2014An access method approach","author":"Moreira","year":"1974"},{"key":"10.1016\/0306-4379(81)90014-4_BIB151","article-title":"Design alternatives for computer network security","volume":"Vol. 1","author":"Cole","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB152","article-title":"HYDRA: The Kernel of a Multiprocessor Operating System","author":"Wulf","year":"1973","journal-title":"Carnegie-Mellon University, AD 762 514"},{"key":"10.1016\/0306-4379(81)90014-4_BIB153","first-page":"141","article-title":"Protection in the HYDRA operating system","volume":"9","author":"Cohen","year":"1975"},{"key":"10.1016\/0306-4379(81)90014-4_BIB154","series-title":"Databases: Improving Usability and Responsiveness","first-page":"193","article-title":"An authorization mechanism for a data-base","author":"Arditi","year":"1978"},{"key":"10.1016\/0306-4379(81)90014-4_BIB155","article-title":"Secure Database management study","author":"Hartson","year":"1978"},{"issue":"10","key":"10.1016\/0306-4379(81)90014-4_BIB156","doi-asserted-by":"crossref","first-page":"613","DOI":"10.1145\/362375.362389","article-title":"A note on the confinement problem","volume":"16","author":"Lampson","year":"1973","journal-title":"Comm. ACM"},{"key":"10.1016\/0306-4379(81)90014-4_BIB157","unstructured":"S. R. Kimbleton: National Bureau of Standards. Personal communication."},{"issue":"3","key":"10.1016\/0306-4379(81)90014-4_BIB158","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1145\/320473.320476","article-title":"The design and implementation of INGRES","volume":"1","author":"Stonebraker","year":"1976","journal-title":"ACM Trans. on Database Systems"},{"key":"10.1016\/0306-4379(81)90014-4_BIB159","series-title":"Proc. Annual ACM Conf.","first-page":"293","article-title":"An evaluation of a conversion to a back-end data base management system","author":"Maryanski","year":"1976"},{"key":"10.1016\/0306-4379(81)90014-4_BIB160","article-title":"A user-transparent mechanism for the distribution of a CODASYL data base management system","author":"Maryanski","year":"1976"},{"issue":"1","key":"10.1016\/0306-4379(81)90014-4_BIB161","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1145\/1164672.1164677","article-title":"Architectural approaches to secure databases","volume":"6","author":"Hartson","year":"1980","journal-title":"ACM SIGSMALL Newsletter"}],"container-title":["Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:0306437981900144?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:0306437981900144?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2020,3,25]],"date-time":"2020-03-25T05:19:25Z","timestamp":1585113565000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/0306437981900144"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[1981,1]]},"references-count":164,"journal-issue":{"issue":"1","published-print":{"date-parts":[[1981,1]]}},"alternative-id":["0306437981900144"],"URL":"https:\/\/doi.org\/10.1016\/0306-4379(81)90014-4","relation":{},"ISSN":["0306-4379"],"issn-type":[{"value":"0306-4379","type":"print"}],"subject":[],"published":{"date-parts":[[1981,1]]}}}