Abstract
Information systems are vulnerable to accidental or malicious attacks. Security models for commercial computer systems exist, but information systems security is often ignored or added at or after implementation. The paper explores common security models, and their relevance to databases. It demonstrates how security-relevant concepts can be extracted during a conventional database development.
Chapter PDF
Similar content being viewed by others
References
Abrams, M., Amoroso, E., LaPadula, L., Lunt, T., Williams, J.: Report of an integrity research study group. Computers and Security 12, 679–689 (1993)
Amoroso, E.: Fundamentals of Computer Security Technology. Prentice-Hall, Englewood Cliffs (1994)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations and model. Technical Report MTR 2547 v2, MITRE Corporation (1973)
Biba, K.J.: Integrity constraints for secure computer systems. Technical Report EST TR-76-372, Hanscom AFB (1977)
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley, Reading (1994)
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: IEEE Symposium on Security and Privacy, Oakland, April 1987, pp. 184–194 (1987)
Cuppens, F.: Modélisation formelle de la sécurité des systèmes d’informations. Habilitation, Paul Sabatier University, Toulouse, France (2000)
Cuppens, F., Saurel, C.: A logical formalization of integrity policies for database management systems. In: Jajodia, S., List, W., McGregor, G.W., Strous, L. (eds.) Integrity and Internal Control in Information Systems, Kluwer, Dordrecht (1998)
DOD. TCSEC: Trusted computer system evaluation criteria. Technical Report 5200.28-STD, U.S. Department of Defense (1985)
Elmasri, R., Navathe, S.B.: Fundamentals of Database Systems, 2nd edn. Benjamin Commings (1994)
Foley, S.N.: The specification and implementation of “commercial” security requirements including dynamic segregation of duties. In: 4th ACM Conf. on Computer and Communications Security, April 1997, pp. 125–134. ACM Press, New York (1997)
IBM. DB2 universal database: SQL reference, release 7. IBM Corporation (2000)
ISO. International standard – SQL. Technical report, ISO/IEC 9075-1 (19990
Jürjens, J.: Towards development of secure systems using UML. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 187–201. Springer, Heidelberg (2001)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Lee, T.M.P.: Using mandatory integrity to enforce “commercial” security. In: IEEE Symposium on Security and Privacy, Oakland, April 1988, pp. 140–146 (1988)
Lipner, S.B.: Non-discrentionary controls for commercial applications. In: IEEE Symposium on Security and Privacy, Oakland, May 1982, pp. 2–10 (1982)
Microsoft. SQL server, version 7.0. Microsoft Corporation (1999)
Oracle. Oracle8i SQL reference, release 8.1.6. Oracle Corporation (1999)
Pernul, G., Winiwarter, W., Min Tjoa, A.: The entity-relationship model for multilevel security. In: Int. Conf. on Conceptual Modeling / the Entity Relationship Approach, pp. 166–177 (1993)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 3rd edn. Prentice-Hall, Englewood Cliffs (2003)
Polack, F., Laleau, R.: A rigorous metamodel for UML static conceptual modelling of information systems. In: Dittrich, K.R., Geppert, A., Norrie, M.C. (eds.) CAiSE 2001. LNCS, vol. 2068, pp. 402–416. Springer, Heidelberg (2001)
Shockley, W.R.: Implementing the Clark/Wilson integrity policy using current technology. In: 11th National Computer Security Conference, Baltimore, October 1988, pp. 29–37 (1988)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ge, X., Polack, F., Laleau, R. (2004). Secure Databases: An Analysis of Clark-Wilson Model in a Database Environment. In: Persson, A., Stirna, J. (eds) Advanced Information Systems Engineering. CAiSE 2004. Lecture Notes in Computer Science, vol 3084. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25975-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-25975-6_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22151-7
Online ISBN: 978-3-540-25975-6
eBook Packages: Springer Book Archive