Abstract
We describe the design environment AMAC which may be used as an aid for the construction of multilevel secure databases. The technique proposed consists of high-level data and security modeling using entity-relationship techniques, a decomposition approach for the construction of single level fragments from multilevel base relations, a supporting policy for the automated determination of labels for security objects and subjects, and security enforcement by using database triggers. As in most security critical civil database applications labeled data items are not available the proposed approach serves well as an underlying basis for the construction of a computerized design tool that aids a human database or security administrator during the different phases of the construction of a MLS database.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
D. E. Bell, L. J. LaPadula. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997. MITRE Corp. Bedford, Mass, 1976.
Trusted Computer System Evaluation Criteria. US National Computer Security Center. 1985. DoD 5200.28-STD.
Trusted Database Management Interpretation of the Trusted Computer System Evaluation Criteria. US National Computer Security Center, August 1990, NCSC-TG-021, Version 1.
IT — Security Criteria. Criteria for the Evaluation of Thrustworthiness of Information (IT) Systems. Bundesanzeiger, German Information Security Agency, 1st Version 1989.
The Canadian Trusted Computer Product Evaluation Criteria. Canadian System Security Centre, Version 2.1e, July 1991.
Information Technology Evaluation Criteria (ITSEC). Provisional Harmonised Criteria, Commission of the European Communities, June 1991.
C. Garvey, A. Wu. ASD Views. Proc. 1988 IEEE Symposium on Research in Security and Privacy, 85–95.
T. F. Lunt, D. Denning, R. R. Schell, M. Heckman, W. R. Shockley. The SeaView Security Model. IEEE Trans. on Software Engineering (TOSE), Vol. 16, No. 6 (1990), 593–607.
P. D. Stachour, M. B. Thuraisingham. Design of LDV: A multilevel secure relational database management system. IEEE Trans. on Knowledge and Data Engineering (TKDE), Vol. 2, No. 2, (1990), 190–209.
S. Jajodia, R. Sandhu. Toward a multilevel secure relational data model. Proc. of the 1991 ACM SIGMOD Conf., Denver, CO, 50–59, May 1991.
J. Biskup, H. H. Brüggemann. The Personal Model of Data: Towards a Privacy-Oriented Information System. Computers & Security, Vol. 7, North Holland (Elsevier) 1988.
J. Biskup, H. H. Brüggemann. The Personal Model of Data: Towards a Privacy Oriented Information System (extended abstract). Proc. of the 5th Int'l. Conf. on Data Engineering (DE), 348–355, IEEE Computer Society Press 1989.
D. D. Clark, D. R. Wilson. A Comparison of Commercial and Military Computer Security Policies. Proc. 1987 IEEE Symposium on Research in Security and Privacy.
S. B. Navathe, G. Pernul. Conceptual and Logical Design of Relational Databases. Advances in Computers, Vol. 35, (M. C. Yovits, ed.), Academic Press, 1992.
P. P. Chen. The Entity-Relationship Model: Towards a Unified View of Data. ACM Trans. on Database Systems (TODS), Vol. 1, No. 1, 1976.
G. W. Smith. Modeling Security Relevant Data Semantics. Proc. 1990 IEEE Symposium on Research in Security and Privacy, 384–391.
G. W. Smith. The Semantic Data Model for Security: Representing the Security Semantics of an Application. Proc. of the 6th Int. Conf. on Data Engineering (DE), 322–329.
B. H. Patkau, D. L. Tennenhouse. The Implementation of Secure Entity-Relationship Databases. Proc. 1985 IEEE Symposium on Research in Security and Privacy, 230–236.
G. E. Gajnak. Some Results from the Entity-Relationship Multilevel Secure DBMS Project. Proc. 4th Aerospace Computer Security Conference, 66–71. IEEE Computer Society Press 1988.
G. Pernul, A M. Tjoa. A View Integration Approach for the Design of Multilevel Secure Databases. Proc. 10th Int'l. Conf. on the Entity-Relationship Approach, San Mateo, CA, Oct. 1991.
D. E. Denning, T. F. Lunt, R. R. Schell, W. R. Shockley, M. Heckaman. The SeaView Security Model. Proc. 1988 IEEE Symposium on Research in Security and Privacy, 218–233.
S. Jajodia, R. S. Sandhu. Polyinstantiation Integrity in Multilevel Relations. Proc. 1990 IEEE Symposium on Research in Security and Privacy.
S. Jajodia, R. S. Sandhu. A novel decomposition of Multilevel Relations into Single-level Fragments. Proc. 1991 IEEE Symposium on Research in Security and Privacy.
J. P. L. Woodward. Exploiting the dual nature of sensitivity lables. Proc. 1987 IEEE Symposium on Research in Security and Privacy, 23–30.
G. Pernul, G. Luef. A Multilevel Secure Relational Data Model Based on Views. Proc. 7th Annual Computer Security Application Conference, San Antonio, TX, Dec. 1991.
V. M. Markowitz. Safe Referential Integrity Structures in Relational Databases. Proc. of the 17th Int'l. Conf. on Very Large Databases, 123–132, Barcelona, Spain. Sept. 1991.
G. Pernul, K. Karlapalem, S. B. Navathe. Relational Database Organization based on Views and Fragments. Proc. of the 2nd Conf. on Database and Expert Systems Applications (DEXA), 380–386. Berlin, Germany, August 1991, Springer Verlag.
J. Biskup. A General Framework for Database Security. Proc. European Symposium on Research in Computer Security, Toulouse, Oct. 1990, 35–41.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Pernul, G. (1992). Security constraint processing in multilevel secure AMAC schemata. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013907
Download citation
DOI: https://doi.org/10.1007/BFb0013907
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive