Models of multilevel databases security
DOI:
https://doi.org/10.18372/2410-7840.20.12451Keywords:
database, data protection, access control, multi-level security, multilevel security modelsAbstract
Multilevel security - is a security policy that allows to classify objects and users based on a system of hierarchical security levels and use this classification to organize an access control system. In relational data bases with multi-level security, any user reading or updating data in a table should be allowed to process only those lines that allow its access level represented by the security label. For each row in the table (or row attrib-ute), the privacy level is set by assigning a security label. The user can read or modify the row only if its label dominates over the label of the row. This requirement leads to the fact thatthe same domain object can be represented in the table by several records, each accessible only to users with the corre-sponding security label (the property of multi-valued rela-tions). Whereas the fundamental principles of relational data-bases building require the uniqueness of each tuple relation-ship. The way to resolve this contradiction is determined by the security model used. In addition, the multi-valued rela-tionship leads to the emergence of vulnerabilities in the form of hidden channels (covert channels), obtaining information through inference channels, semantic ambiguity and others. As an investigation direction in the field of database security, the technology of a multilevel secure database is developing rapidly. Many models of multilevel security in RDBMSs have been developed based on the Bell-Lapadul model, such as the SeaView model, the Jajodia-Sandhu model, the Smith-Wins-lett model and others that would completely or partially solve arising problems like hidden channels, semantic ambiguity, and others. However, no flawless solution or model has been proposed to date. Objective: SeaView, Jajodia-Sandhu, Smith-Winslett models analysis, identification of their advantages and disadvantages.References
Д. Зегжда, А. Ивашко, Основы безопасности информа-ционных систем, М.: Горячая линия, Телеком, 2000, 452 с.
W. Rjaibi, P. Bird, "A multi-purpose implementation of mandatory access control in relational database management systems", Proceedings of the 30th VLDB Conference, Toronto, Canada, pp. 1010-1020, 2004.
I. Ray, W. Huang, "Event detection in multilevel secure active databases", Proceedings of the International Conference ICISS 2005, pp. 177-190, 2005.
R. S. Sandhu, S. Jajodia, "Polyinstantiation for cover stories", Proceedings of Second European Symposium on Research in Computer Se-curity, Toulouse, France, pp. 307-328, 1992.
S. Jajodia, R. S. Sandhu, B. T. Blaustein, "Solutions to the polyinstantiation problem, in information securi-ty", An integrated collection of essays, ed. M. Abrams, IEEE Computer Society Press, pp. 493-529, 1995.
A. Galinovi and V. Anton, "Polyinstantiation in rela-tional databases with multilevel security", Proceedings of the ITI 2007 29th International Conference on Information Technology Interfaces, pp. 128-132, 2007.
D. Nelson, C. Paradise, "Using polyinstantiation to develop an MLS application", Proceedings of the Seventh Annual Computer Secu-rity Applications Conference, pp. 12-22, 1991.
M. Heckman, W. R. Shockley, "Te SeaView security model", IEEE Transactions on Software Engineering, no. 6 (6), pp. 593-607, 1990.
S. Jajodia, R. S. Sandhu, "A novel decomposition of multilevel relations into single-level relations", IEEE Symposium on Security and Privacy, Oakland, California, pp. 300-313, 1991.
S. Jajodia, R. Sandhu, "Toward a multilevel secure relational data model", Proceedings of ACM SIGMOD International Conference on Management Data, Denver, Colorado, pp. 50-59, 1991.
J. Biskup, L. Wiese, "Combining consistency and confdentiality requirements in frst-order databases", Proceedings of International Conference ISC 2009, pp. 121-134, 2009.
R. Sandhu, F. Chen, "Te multilevel relational (MLR) data model", ACM Transactions on Information and Sys-tem Security, no. 1 (1), pp. 93-132, 1998.
N. Jukic, S. V. Vrbsky, A. Parrish, B. Dixon, B Jukic, "A belief-consistent multilevel secure relational data model", Information Systems, no. 24 (5), pp. 377-402.
P. Chen, L. Wang, "The Multilevel Relational Data Model Based on Trust-label Semantics", Journal of Computational Information Systems, no. 11, pp. 3949-3956, 2015.
S.Jajodia, C. Meadows, "Inference Problems in Multilevel Secure Database Management Systems", DRAFT, The MITRE Corporation, McLean, june 1992.
V. Atluri, S. Jajodia, E. Bertino, "Transaction processing in multilevel secure databases with kernelized architecture: Challenges and solutions", IEEE Transactions on Knowledge and Data Engineering, no. 9 (5), pp. 697-708, 1997.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
