Cited By
View all- Worawit Meanrach Suphamit Chittayasothorn (2007)A bitemporal multilevel secure database systemAFRICON 200710.1109/AFRCON.2007.4401491(1-7)Online publication date: Sep-2007
Closing the key loophole in MLS databases
Abstract
There has been an abundance of research within the last couple of decades in the area of multilevel secure (MLS) databases. Recent work in this field deals with the processing of multilevel transactions, expanding the logic of MLS query languages, and utilizing MLS principles within the realm of E-Business. However, there is a basic flaw within the MLS logic, which obstructs the handling of clearance-invariant aggregate queries and physical-entity related queries where some of the information in the database may be gleaned from the outside world. This flaw stands in the way of a more pervasive adoption of MLS models by the developers of practical applications. This paper clearly identifies the cause of this impediment -- the cover story dependence on the value of a user-defined key -- and proposes a practical solution.
References
[1]
V. S. Atluri, S. Jajodia, and E. Bertino, "Transaction Processing in Multilevel Secure Databases with Kernelized Architecture: Challenges and Solutions," IEEE Transactions on Knowledge and Data Engineering, Vol. 9, No. 5, pp. 697--708, 1997.
[2]
D. E. Bell and L. J. LaPadula, "Secure Computer Systems: Mathematical Foundations and Model," Technical Report, MITRE Corporation, 1974.
[3]
D. E. Denning, "The Sea View Security Model", Proceedings: IEEE Symposium on Security and Privacy, Oakland, California, pp. 218--233, 1988.
[4]
T. D. Garvey and T. F. Lunt, "Cover stories for database security," Database Security V: Status and Prospects, edited by S. Jajodia and C. E. Landwehr, North-Holland, 1992.
[5]
J. T. Haigh, R. C. O'Brien, and D. J. Thomasen "The LDV Secure Relational DBMS Model," Database Security IV: Status and Prospects, edited by S. Jajodia and C. E. Landwehr, North-Holland, pp. 265--279, 1991.
[6]
Jamil H. M., "Belief Reasoning in MLS Deductive Databases", Proceedings: ACM SIGMOD, Philadelphia, Pennsylvania, USA, 1999.
[7]
S. Jajodia, and R. Sandhu, "Polyinstantiation Integrity in Multilevel Relations," Proceedings: IEEE Symposium on Security and Privacy, Oakland, California, pp. 104--115, 1990.
[8]
S. Jajodia and R. Sandhu, "Toward a Multilevel Secure Relational Data Model," Proceedings: ACM SIGMOD, Denver, Colorado, pp. 50--59, 1991.
[9]
B. Jukic, N. Jukic, L. Meamber, and G. Nezlek, "Implementing Polyinstantiation as a Strategy for Electronic Commerce Customer Relationship Management," International Journal of Electronic Commerce, Vol. 7, No. 2, pp. 9--30, 2003.
[10]
N. Jukic and S. V. Vrbsky, "Asserting Beliefs in MLS Relational Models," SIGMOD Record, Vol. 26, No. 3, pp. 30--35, 1997.
[11]
N. Jukic, Vrbsky S., Parrish A., Dixon B., and Jukic B. "A Belief-Consistent Multilevel Secure Relational Data Model", Information Systems, Vol. 24, No. 5, pp. 377--402, 1999
[12]
T. F. Lunt, Research Directions in Database Security, Springler-Verlag, 1992.
[13]
S. Nestorov and N. Jukic, "Implementing SEID as a Solution for Connecting NKCS", The University of Chicago, Computer Science Department, Technical Report TR-2003-03, 2003
[14]
R. Sandhu and F. Chen, "The Multilevel Relational (MLR) Data Model," Transactions on Information and System Security, Vol. 1, No. 1, 1998.
[15]
R. S. Sandhu and S. Jajodia, "Polyinstantiation for cover stories," Proceedings European Symposium on Research in Computer Security, Toulouse, France, Springer-Verlag, 1992.
[16]
K. Smith and M. Winslett, "Entity Modeling in the MLS Relational Model," Proceedings: 18th VLDB Conference, Vancouver, B.C., pp. 199--210, 1992.
[17]
K. P. Smith, B. Blaustein, S. Jajodia and L.A. Notargiacomo, "Correctness Criteria for Multilevel Secure Transactions," IEEE Transactions on Knowledge and Data Engineering, Vol. 8 No. 1, pp. 32--45, 1996
- Closing the key loophole in MLS databases
Recommendations
Belief reasoning in MLS deductive databases
It is envisaged that the application of the multilevel security (MLS) scheme will enhance flexibility and effectiveness of authorization policies in shared enterprise databases and will replace cumbersome authorization enforcement practices through ...
Belief reasoning in MLS deductive databases
SIGMOD '99: Proceedings of the 1999 ACM SIGMOD international conference on Management of dataIt is envisaged that the application of the multilevel security (MLS) scheme will enhance flexibility and effectiveness of authorization policies in shared enterprise databases and will replace cumbersome authorization enforcement practices through ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2003 Authors.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 June 2003
Published in SIGMOD Volume 32, Issue 2
Check for updates
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 599Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 28 Nov 2024
Other Metrics
Citations
Cited By
View all- Worawit Meanrach Suphamit Chittayasothorn (2007)A bitemporal multilevel secure database systemAFRICON 200710.1109/AFRCON.2007.4401491(1-7)Online publication date: Sep-2007
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in