Abstract
In this paper we study the use of polyinstantiation, for the purpose of implementing cover stories in multilevel secure relational database systems. We define a particular semantics for polyinstantiation called PCS (i.e., polyinstantiation for cover stories). PCS allows two alternatives for each attribute (or attribute group) of a multilevel entity: (i) no polyinstantiation, or (ii) polyinstantiation at the explicit request of a user to whom the polyinstantiation is visible. PCS strictly limits the extent of polyinstantiation by requiring that each entity in a multilevel relation has at most one tuple per security class. We demonstrate that PCS provides a natural, intuitive and useful technique for implementing cover stories. A particularly attractive feature of PCS is its run-time flexibility regarding the use of cover stories. A particular attribute may have cover stories for some entities and not for others. Even for the same entity, a particular attribute may be polyinstantiated at some time and not at other times.
The work of both authors was partially supported by the U.S. Air Force, Rome Air Development Center through contract #F-30602-92-C-002. We are indebted to Joe Giardono for making this work possible.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Rae K. Burns, “Referential Secrecy.” Proc. IEEE Symposium on Security and Privacy, Oakland, California, May 1990, pages 133–142.
F. Cuppens and K. Yazdanian, “A “natural” decomposition of multi-level relations,” Proc. IEEE Symposium on Security and Privacy, May 1992, pages 273–284.
Dorothy E. Denning, Teresa F. Lunt, Roger R. Schell, Maik Heckman, and William R. Shockley, “A multilevel relational data model.” Proc. IEEE Symposium on Security and Privacy, April 1987, pages 220–234.
Dorothy E. Denning, Teresa F. Lunt, Roger R. Schell, William R. Shockley, and Mark Heckman, “The SeaView security model.” Proc. IEEE Symposium on Security and Privacy, April 1988, pages 218–233.
Dorothy E. Denning, “Lessons Learned from Modeling a Secure Multilevel Relational Database System.” In Database Security: Status and Prospects, (C. E. Landwehr, editor), North-Holland, 1988, pages 35–43.
Department of Defense National Computer Security Center. Department of Defense Trusted Computer Systems Evaluation Criteria. DoD 5200.28-STD (1985).
Gajnak, G.E. “Some Results from the Entity-Relationship Multilevel Secure DBMS Project.” Aerospace Computer Security Applications Conference, pages 66–71 (1988).
J. Thomas Haigh, Richard C. O'Brien, and Daniel J. Thomsen, “The LDV Secure Relational DBMS Model.” Database Security IV: Status and Prospects, S. Jajodia and C. E. Landwehr (editors), North-Holland, 1991, pages 265–279.
Sushil Jajodia and Ravi S. Sandhu, “Polyinstantiation integrity in multilevel relations.” Proc. IEEE Symposium on Security and Privacy, Oakland, California, May 1990, pages 104–115.
Sushil Jajodia and Ravi S. Sandhu, “A formal framework for single level decomposition of multilevel relations.” Proc. IEEE Workshop on Computer Security Foundations, Franconia, New Hampshire, June 1990, pages 152–158.
Sushil Jajodia and Ravi S. Sandhu, “Polyinstantiation integrity in multilevel relations revisited.” Database Security IV: Status and Prospects, S. Jajodia and C. E. Landwehr (editors), North-Holland, 1991, pages 297–307.
Sushil Jajodia, Ravi S. Sandhu, and Edgar Sibley, “Update semantics of multilevel relations.” Proc. 6th Annual Computer Security Applications Conf., December 1990, pages 103–112.
Sushil Jajodia and Ravi S. Sandhu, “Database security: Current status and key issues,” ACM SIGMOD Record, Vol. 19, No. 4, December 1990, pages 123–126.
Sushil Jajodia and Ravi S. Sandhu, “A novel decomposition of multilevel relations into single-level relations.” Proc. IEEE Symposium on Security and Privacy, Oakland, California, May 1991, pages 300–313.
Sushil Jajodia and Ravi S. Sandhu, “Toward a multilevel secure relational data model,” Proc. ACM SIGMOD Int'l. Conf. on Management of Data, Denver, Colorado, May 29–31, 1991, pages 50–59.
Sushil Jajodia and Ravi S. Sandhu, “Enforcing Primary Key Requirements in Multilevel Relations,” Proc. 4th RADC Workshop on Multilevel Database Security, Rhode Island, April 1991.
Teresa F. Lunt, Dorothy E. Denning, Roger R. Schell, Mark Heckman, and William R. Shockley, “The SeaView security model.” IEEE Transactions on Software Engineering, Vol. 16, No. 6, June 1990, pages 593–607.
Teresa F. Lunt and Donovan Hsieh, “Update semantics for a multilevel relational database.” Database Security IV: Status and Prospects, S. Jajodia and C. E. Landwehr, (editors), North-Holland, 1991, pages 281–296.
Teresa F. Lunt, “Polyinstantiation: an inevitable part of a multilevel world.” Proc. IEEE Workshop on Computer Security Foundations, Franconia, New Hampshire, June 1991, pages 236–238.
Ravi S. Sandhu, “The Schematic Protection Model: Its Definition and Analysis for Acyclic Attenuating Schemes.” Journal of ACM 35(2):404–432 (1988).
Ravi S. Sandhu, Sushil Jajodia, and Teresa F. Lunt, “A new polyinstantiation integrity constraint for multilevel relations.” Proc. IEEE Workshop on Computer Security Foundations, Franconia, New Hampshire, June 1990, pages 159–165.
Ravi S. Sandhu and Sushil Jajodia, “Integrity Mechanisms in Database Management Systems.” Proc. 13th NIST-NCSC National Computer Security Conference, Washington, D.C., October 1990, pages 526–540.
Ravi S. Sandhu and Sushil Jajodia, “Honest Databases That Can Keep Secrets.” Proc. 14th NIST-NCSC National Computer Security Conference, Washington, D.C., October 1991, pages 267–282.
Ravi S. Sandhu, “The Typed Access Matrix Model.” Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1992, pages 122–136.
Simon R. Wiseman, “On the Problem of Security in Data Bases.” In Database Security III: Status and Prospects, (Spooner, D.L. and Landwehr, C.E., editors), North-Holland, 1990, pages 143–150.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Sandhu, R.S., Jajodia, S. (1992). Polyinstantiation for cover stories. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013905
Download citation
DOI: https://doi.org/10.1007/BFb0013905
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive