The security problems of object-oriented database system are investigated and security level assignment constraints and an access control mechanism based on the multilevel access control security policy are proposed. The proposed mechanism uses the Trusted Computing Base. A unique feature of the mechanism is that security levels are assigned not only to data items (objects), but also to methods and methods are not shown to the users whose security level is lower than that of the methods. And we distinguish between the security level of a variable in a class and that in an instance and distinguish between the level of an object when it is taken by itself and it is taken as a variable or an element of another complex object. All of this realizes the policy of multilevel access control.

This paper proposes a requirement description and elicitation approach for communication services. Requirements are described in natural language, refined with a knowledge base, and converted to a formal language for program generation. A model for communication services is made as a set of three items: terminal state, terminal action and the response of the communication system to the action. This set, in turn, corresponds to natural language syntax that expresses two conditions (terminal state and action) and their result. These conditions and result are expressed as a sequence of simple sentences that describe the relationship between a terminal and a communication system. Thus, by defining such a description style to reflect the features of communication services, it should be possible to achieve both a high level of description and mechanical processing capabilities at the same time. However, requirement descriptions usually include omission and inconsistency. This problem cannot be solved by merely introducing natural language for the descriptions. Knowledge about the target domain of requirements is needed to resolve it. This paper reports on a knowledge base that stores constraints existing between conditions and results in communication services. This knowledge base is shown to be effective in supplementing omissions and resolving inconsistency. This paper also presents a technique for converting the elicited requirements in natural language to descriptions in a formal language that can be used to generate a program.

A conflict detection support method for combining additional telecommunication services with existing services is proposed. In this method, telecommunication services are described by the STR (State Transition Rule) method which specifies a set of state transition rules. Though conflict detection in the past depended on manual analysis by the designer, with this method, conflict candidates are mechanically narrowed down and indicated to the designer. All conflicts between five actual telecommunication service descriptions are detected in an experiment using a system developed in line with the proposed method.