\begin{thebibliography}{DRKJ85}

\bibitem[AB87]{AtBu86}
M.P. Atkinson and P.~Bunemann.
\newblock Types and persistence in database programming languages.
\newblock {\em ACM Computing Surveys}, 19(2), June 1987.

\bibitem[BAN89]{BAN89}
M.~Burrows, M.~Abadi, and R.~Needham.
\newblock A logic of authentication.
\newblock Technical report, DEC System Research Center, 1989.

\bibitem[BL73]{BeLa73}
D.E. Bell and L.J. LaPadula.
\newblock Secure computer systems: Mathematical foundations.
\newblock Technical Report ESD-TR-73-278, Vol. 1, The MITRE Corporation,
  Bedford, Massachusetts, 1973.

\bibitem[BL84]{BuLa84}
R.~Burstall and B.~Lampson.
\newblock A kernel language for abstract data types and modules.
\newblock In {\em Semantics of Data Types}, volume 173 of {\em Lecture Notes in
  Computer Science}. Springer-Verlag, 1984.

\bibitem[BN89]{BrNa89}
D.F.C. Brewer and J.W. Nash.
\newblock The chinese wall security policy.
\newblock In {\em Proceedings 1989 IEEE Symposium on Security and Privacy},
  Oakland, California, 1989. IEEE Computer Society Press.

\bibitem[Car88]{Card88c}
L.~Cardelli.
\newblock Structural subtyping and the notion of power type.
\newblock In {\em Proceedings of the Fifteenth ACM Symposium on Principles of
  Programming Languages, San Diego, California}, 1988.

\bibitem[Car89]{Card89}
L.~Cardelli.
\newblock Typeful programming.
\newblock Technical Report~45, Digital Equipment Corporation, Systems Research
  Center, Palo-Alto, California, May 1989.

\bibitem[DES77]{DES77}
Data encryption standard.
\newblock Federal Information Processing Standards, no. 46, National Bureau of
  Standards, U.S. Department of Commerce, 1977.

\bibitem[DRKJ85]{DRKJ85}
D.D. Downs, J.R. Rub, C.K. Kung, and C.S. Jordan.
\newblock Issues in discretionary access control.
\newblock In {\em Proceedings 1985 IEEE Symposium on Security and Privacy},
  pages 208--218, April 1985.

\bibitem[FL93]{FuLa93}
W.~Fumy and P.~Landrock.
\newblock Principles of key management.
\newblock {\em IEEE Journal on Selected Areas in Communications},
  11(5):785--793, May 1993.

\bibitem[GM94]{GaMa94}
A.~Gawecki and F.~Matthes.
\newblock The {Tycoon} machine language {TML}: An optimizable persistent
  program representation.
\newblock FIDE Technical Report FIDE/94/100, Fachbereich Informatik,
  Universit\"at Hamburg, Germany, August 1994.

\bibitem[Lin93]{Linn90}
J.~Linn.
\newblock Practical authentication for distributed computing.
\newblock In {\em Proceedings 1990 IEEE Symposium on Research in Security and
  Privacy}, pages 31--40. IEEE Computer Society Press, 1993.

\bibitem[Mat93]{Matt93}
F.~Matthes.
\newblock {\em Persistente Objektsysteme: Integrierte Datenbankentwicklung und
  Programmerstellung}.
\newblock Springer-Verlag, 1993.
\newblock (In German.).

\bibitem[Mil89]{Mille89}
J.K. Millen.
\newblock Models of multilevel computer security.
\newblock {\em Advances in Computers}, 29:1--45, 1989.

\bibitem[MS93]{MaSc93b}
F.~Matthes and J.W. Schmidt.
\newblock System construction in the {Tycoon} environment: Architectures,
  interfaces and gateways.
\newblock In P.P. Spies, editor, {\em Proceedings of Euro-Arch'93 Congress},
  pages 301--317. Springer-Verlag, October 1993.

\bibitem[MS94]{MaSc94}
F.~Matthes and J.W. Schmidt.
\newblock Persistent threads.
\newblock To appear in the Proceedings of the Twentieth Conference on Very
  Large Databases, VLDB, 1994, Santiago, Chile, 1994.

\bibitem[Mul91]{Mull91}
S.J. Mullender.
\newblock Protection.
\newblock In S.J. Mullender, editor, {\em Distributed Systems}, chapter~7,
  pages 117--132. ACM Press, 1991.

\bibitem[RSA78]{RSA78}
R.~Rivest, A.~Shamir, and L.~Adleman.
\newblock A method for obtaining digital signatures and public key
  cryptosystems.
\newblock {\em Communications of the ACM}, 21(2), 1978.

\bibitem[SM93]{ScMa93}
J.W. Schmidt and F.~Matthes.
\newblock Lean languages and models: Towards an interoperable kernel for
  persistent object systems.
\newblock In {\em Proceedings of the IEEE International Workshop on Research
  Issues in Data Engineering}, pages 2--16, April 1993.

\bibitem[SNS88]{SNS88}
J.G. Steiner, B.C. Neumann, and J.I. Schiller.
\newblock Kerberos: An authentication service for open network systems.
\newblock In {\em Proceedings of the Winter 1988 Usenix Conference}, February
  1988.

\bibitem[TCS85]{TCSEC}
Trusted computer system evaluation criteria.
\newblock Department of Defense, DOD 5200.28-STD, 1985.

\bibitem[Vin85]{Vint88}
S.T. Vinter.
\newblock Extended discretionary access controls.
\newblock In {\em Proceedings 1988 IEEE Symposium on Security and Privacy},
  pages 39--49, April 1985.

\bibitem[YS93]{YaSn93}
M.~Yap and D.~Sng.
\newblock Building public concurrent engineering frameworks on a national
  information infrastructure.
\newblock In {\em Proceedings of 2nd IEEE Workshop on Enabling Technologies
  Infrastructure for Collaborative Enterprises}, West Virginia, U.S.A., April
  1993.

\end{thebibliography}