A model for specifying multi-granularity integrity policies

Abstract

Systems which provide integrity controls are presented in terms of a request-response paradigm. This paradigm involves modeling the manner in which valid requests are made, a system's method of deciding whether or not to service a request, and the manner in which a system state are performed only in authorized ways. A novel feature of the model is that integrity policies, which are restrictions on how data may be modified, are defined at multiple levels of granularity. At the finest and lowest level of granularity, restrictions are placed directly on how data items may be modified; at successive and more coarse levels of granularity, restrictions are defined in terms provided by lower levels. A hierarchical technique for organizing computations, nested transactions, is adapted for this purpose. Integrity policies expressed in this framework are properties of computations which can be specified and related to other desirable properties, such as concurrent execution and fault tolerance.<>