Providing security and interoperation of heterogeneous systems

Interoperation and information sharing among databases independently developed and maintained by different organizations is today a pressing need, if not a practice. Governmental, military, financial, medical, and private institutions are more and more required to become part of a distributed infrastructure and selectively share their data with other organizations. This sharing process inevitably opens the local system to new vulnerabilities and enlarges the space of possible threats to the data and resources it maintains. As a complicating factor, in general, data sources are heterogeneous both in the data models they adopt and in the security models by which protection requirements are stated. We present a modeling and architectural solution to the problem of providing interoperation while preserving autonomy and security of the local sources based on the use of wrappers and a mediator. A wrapper associated with each source provides a uniform data interface and a mapping between the source's security lattice and other lattices. The mediator processes global access requests by interfacing applications and data sources. The combination of wrappers and mediator thus provides a uniform data model interface and allows the mapping between restrictions stated by the different security policies. We describe the practical application of these ideas to the problem of trusted interoperation of health care databases, targeted to enforcing security in distributed applications referring to independent heterogeneous sources protected by mandatory policy restrictions. We describe the architecture and operation of the system developed, and describe the tasks of the different components.