A Mathematical Programming Model for the Location of Access Controls in a Distributed Data Base Environment

Advances in data bases and distributed processing are resulting in the development of distributed data bases that store data bases at several, distinct computer systems connected by a communication network. Although distributed data bases enable sharing of data resources by users from various nodes of the network, they present many design and control issues. Data must be efficiently stored and accessed by all users from all nodes, and yet be secured against unauthorized use. Considerable research has been devoted to physical data base design and its effects on storage and retrieval, and to security controls in data bases. On the other hand, the mutual relations of physical design and data base security and, in particular, the placement of security controls in a distributed environment has hardly been addressed. This paper fills this gap, in part, by explicitly modeling security control location and cost as part of the physical design of a distributed data base. These considerations result in the introduction of a “restricted access” design methodology, which simplifies the security control. Experimental results reported here concentrate on reducing the data transfer load of the communication network by using the restricted access method compared to more standard schemes. Suggestions are made for development of optimization algorithms for the models presented here.