The workshop consisted of five sessions - the invited talk session and four regular paper sessions. It was opened by Guenther Pernul (University of Essen, Germay) followed by the invited talk given by Eduardo B. Fernandez (Florida Atlantic University, USA) on "The need for a high-level look at Internet security" Eduardo argued that most of the security of the Internet is based on cryptographic approaches. While valuable, these methods suffer from a basic flaw: they can only be applied at the lower levels of the system, where semantic aspects of the data are not explicit. He stressed that we need to define security policies and mechanisms at a higher level so access can be decided on the basis of semantic restrictions and he outlined how such a high level security model has to look like. The invited talk was very well received by all workshop participants.
The first regular paper session was entitled with "Organizational Security Issues" and consisted of four presentations. The paper "Computing Conspiracies" authored by Ph. I. Elsas, P.M. Ott de Vries, and R.P. van de Riet addressed the concept of segregation of duties. The authors complain, that there are no guidelines on how to distinguish a proper policy from an improper one. For this they use a model that allows quantification of and reasoning about audit technical segregation of duties. The approach is based on normative (Soll) and actual (Ist) specifications of a companys circular flow of business values in terms of enriched Petri nets. The paper "Enterprise-Wide Security Administration" by W. Essmayr, E. Kapsammer, R. R. Wagner, G. Pernul and A M. Tjoa gives an overview of OASIS (open architecture security for information systems), which has been designed as an enterprise-wide security system. It contains a trust center to administrate a public key infrastructure and a component for access control. The third presentation "Security moving from Database Systems to ERP systems" by R. van de Riet, W. Janssen and P. de Gruijter also considered the security of enterprise-wide information systems. Traditionally, access control for providing security is done by the operating systems. With the coming of database systems the security rules were defined in the data model and are centrally maintained. Now security is moving from database systems to ERP systems (Enterprice Resource Planning). The paper presents how security is handled by SAP R/3 and compares it with role-based systems. Moreover, the authors show how the specification of security rules can be done using a Work-Flow-Management specification technique. The final presentation of the first session was the paper authored by E. Hildebrandt and G. Saake entitled "User Authentication in Multidatabase Systems". E. Hildebrandt argued that the aspect of security needs more consideration in architectures for multidatabase systems. Especially user authentication is neglected in current architectures. Due to inherent properties of multidatabase systems, like autonomy and heterogeneity, the problem of authentication is more complex than in traditional database systems. The paper discusses the foundations and prerequisites for architectures of authentication in multidatabase systems, presents several approaches developed in the past and compares them with own solutions of the authors.
The second paper session was entitled with "Implementation Aspects, Prototype Systems" and was started by a contribution of S. Gritzalis and J. Iliadis who addressed the security problems associated with the JAVA, Safe-Tcl and ActiveX programming languages. Their work is a comparative evaluation of the methods used in these programming languages in order to confront with security issues like system integrity, user privacy, resource availability and user annoyance. The second paper "Avoiding Inference Problem Using Page Level Security Classification" by Y.-C. Oh and S. B. Navathe contains a technique of how to avoid the inference problems involving the directories and catalogs in multilevel secure database management systems. The paper summarizes the previous efforts and proposes a solution without having a large decrease of the performance. The final presentation in this session was a paper on "A Prototype Model for Data Warehouse Security Based on Metadata" by N. Katic, G. Quirchmayr, J. Schiefer, M. Stolba and A M. Tjoa. It provides an overview of security relevant aspects of existing OLAP/Data Warehouse solutions - an issue which has been not considered sufficiently in practice and which is only beginning to be discussed in the research community. Distributed systems and data warehouse environments have many security requirements in common but a data warehouse by nature is an open, accessible system to support managerial decision-making. Restricted access to the data warehouse may lead to unsuitable information.
The next session was a session on "Security for Structured Documents". The first paper "An abstract authorization system for the internet" by E. B. Fernandez and K. R. Nair pointed out that cryptography is mainly used to control the secrecy and authentication but cannot handle different types of access by different users, access to portions of documents, and other content based restrictions. The authors present an authorization model for hypertext documents based on the access matrix. Different types of documents are classified, these documents are modeled using object-oriented approaches, and access policies are defined that specify access to those types of documents. The second paper of the session by U. Kohl, J. Lotspiech and St. Nusser focused on the "Security for the Digital Library". It has the subtitle "Protecting Documents rather than Channels" and describes the mechanisms necessary to put a security architecture for digital libraries in place. They include protection of the content, feasibility of payment and assertion of copy- and usage rights. The paper also deals with the concepts of secure containers using the IBM Cryptolope technology as an example. The third paper presented in this session was "Towards Access Control for Logical Document Structures". It is jointly authored by F. Dridi and G. Neumann. The authors focus on the ease of administration to allow users to share information in a controlled way. For this a dual abstraction is presented where roles are used to abstract from subjects and security levels are used to abstract from objects. A lattice is used to define a partial order over the classifications of the documents.
The concluding session was on "Privacy, Workflow, and Security Mediation". It was started by a presentation of G. Wiederhold who talked about joint work with M. Bilello on "Protecting Inappropriate Release of Data from Realistic Databases". He argued that when collaboration with external customer is required common tools for authentication, authorization, and secure transmission are inadequat. The approach used to overcome these problems in the TIHI/SAW projects at Stanford University is to add a release filter. By driving the filtering primitives through simple rules they allow a security officer to manage the institution policy and thus to balance manual effort and complexity. The next talk was abaout a paper by L. C. J. Dreyer and M. S. Olivier who described the "Dynamic Aspects of the InfoPriv Model" for information privacy. In this paper the authors are concerned with the actual information flow as well as the change of the privacy policy over time. The static aspects of the information involved in a flow between entities are represented in a can-flow graph. The dynamic aspects are divided into two categories: dynamic information flow and dynamic evolution of static aspects. An algorithm is presented that extends the can-flow graph without introducing unauthorized information flow. The closing talk at the workshop was a paper jointly authored by M.S. Olivier, R. P. van de Riet and E. Gudes on "Specifying Application-level Security in Workflow Systems". It addresses the problem that the activities in a workflow possibly may only be performed by authorized subjects. In order to enforce such requirements, the authors divided the security mechanisms in three levels. Level 1 contains the controlled access to the underlying data objects. Level 2 is responsible that access is limited to the time that the activity is being performed. Finally, application-oriented security requirements are referred to in level 3. The paper assumes that level 1 and level 2 mechanisms are in place and focuses on level 3 security mechanisms.
The 13 papers presented at the workshop were selected by the program committee: E. Bertino, E. B. Fernandez, D. Gritzalis, S. Jajodia, S. Katsikas, G. Neumann, G. Pernul (chair), P. Samarati, R. Sandhu, A. Spalka, and V. Varadharajan. All papers are published in the Proc. of the 9th Int. Workshop on Database and Expert Systems Applications (R. Wagner, ed.). IEEE Computer Society, 1998. ISBN: 0-8186-8353-8 (IEEE order number: PR08353). There will be a continuation of the DEXA security workshop in 1999 (DEXA'99 is at the University of Firenze, Italy, Aug. 30 - Sept. 3, 1999). The general theme of the workshop will be "Security and Electronic Commerce". Submission deadline is end of February 1999 and the CfP is available at: http://www.wi-inf.uni-essen.de/~dexa99ws/