Models of multilevel databases security

Authors

  • Михаил Владимирович Коломыцев NTUU "KPI"
  • Светлана Александровна Носок NTUU "KPI"
  • Анастасия Евгениевна Мазуренко NTUU "KPI"

DOI:

https://doi.org/10.18372/2410-7840.20.12451

Keywords:

database, data protection, access control, multi-level security, multilevel security models

Abstract

Multilevel security - is a security policy that allows to classify objects and users based on a system of hierarchical security levels and use this classification to organize an access control system. In relational data bases with multi-level security, any user reading or updating data in a table should be allowed to process only those lines that allow its access level represented by the security label. For each row in the table (or row attrib-ute), the privacy level is set by assigning a security label. The user can read or modify the row only if its label dominates over the label of the row. This requirement leads to the fact thatthe same domain object can be represented in the table by several records, each accessible only to users with the corre-sponding security label (the property of multi-valued rela-tions). Whereas the fundamental principles of relational data-bases building require the uniqueness of each tuple relation-ship. The way to resolve this contradiction is determined by the security model used. In addition, the multi-valued rela-tionship leads to the emergence of vulnerabilities in the form of hidden channels (covert channels), obtaining information through inference channels, semantic ambiguity and others. As an investigation direction in the field of database security, the technology of a multilevel secure database is developing rapidly. Many models of multilevel security in RDBMSs have been developed based on the Bell-Lapadul model, such as the SeaView model, the Jajodia-Sandhu model, the Smith-Wins-lett model and others that would completely or partially solve arising problems like hidden channels, semantic ambiguity, and others. However, no flawless solution or model has been proposed to date. Objective: SeaView, Jajodia-Sandhu, Smith-Winslett models analysis, identification of their advantages and disadvantages.

Author Biographies

Михаил Владимирович Коломыцев, NTUU "KPI"

candidate of technical sciences, associate professor of Institute of Physics and Technologies of the NTUU "KPI"

Светлана Александровна Носок, NTUU "KPI"

candidate of technical sciences, associate professor of Institute of Physics and Technologies of the NTUU "KPI"

Анастасия Евгениевна Мазуренко, NTUU "KPI"

student of the Institute of Physics and Technologies of the NTUU "KPI"

References

Д. Зегжда, А. Ивашко, Основы безопасности информа-ционных систем, М.: Горячая линия, Телеком, 2000, 452 с.

W. Rjaibi, P. Bird, "A multi-purpose implementation of mandatory access control in relational database management systems", Proceedings of the 30th VLDB Conference, Toronto, Canada, pp. 1010-1020, 2004.

I. Ray, W. Huang, "Event detection in multilevel secure active databases", Proceedings of the International Conference ICISS 2005, pp. 177-190, 2005.

R. S. Sandhu, S. Jajodia, "Polyinstantiation for cover stories", Proceedings of Second European Symposium on Research in Computer Se-curity, Toulouse, France, pp. 307-328, 1992.

S. Jajodia, R. S. Sandhu, B. T. Blaustein, "Solutions to the polyinstantiation problem, in information securi-ty", An integrated collection of essays, ed. M. Abrams, IEEE Computer Society Press, pp. 493-529, 1995.

A. Galinovi and V. Anton, "Polyinstantiation in rela-tional databases with multilevel security", Proceedings of the ITI 2007 29th International Conference on Information Technology Interfaces, pp. 128-132, 2007.

D. Nelson, C. Paradise, "Using polyinstantiation to develop an MLS application", Proceedings of the Seventh Annual Computer Secu-rity Applications Conference, pp. 12-22, 1991.

M. Heckman, W. R. Shockley, "Te SeaView security model", IEEE Transactions on Software Engineering, no. 6 (6), pp. 593-607, 1990.

S. Jajodia, R. S. Sandhu, "A novel decomposition of multilevel relations into single-level relations", IEEE Symposium on Security and Privacy, Oakland, California, pp. 300-313, 1991.

S. Jajodia, R. Sandhu, "Toward a multilevel secure relational data model", Proceedings of ACM SIGMOD International Conference on Management Data, Denver, Colorado, pp. 50-59, 1991.

J. Biskup, L. Wiese, "Combining consistency and confdentiality requirements in frst-order databases", Proceedings of International Conference ISC 2009, pp. 121-134, 2009.

R. Sandhu, F. Chen, "Te multilevel relational (MLR) data model", ACM Transactions on Information and Sys-tem Security, no. 1 (1), pp. 93-132, 1998.

N. Jukic, S. V. Vrbsky, A. Parrish, B. Dixon, B Jukic, "A belief-consistent multilevel secure relational data model", Information Systems, no. 24 (5), pp. 377-402.

P. Chen, L. Wang, "The Multilevel Relational Data Model Based on Trust-label Semantics", Journal of Computational Information Systems, no. 11, pp. 3949-3956, 2015.

S.Jajodia, C. Meadows, "Inference Problems in Multilevel Secure Database Management Systems", DRAFT, The MITRE Corporation, McLean, june 1992.

V. Atluri, S. Jajodia, E. Bertino, "Transaction processing in multilevel secure databases with kernelized architecture: Challenges and solutions", IEEE Transactions on Knowledge and Data Engineering, no. 9 (5), pp. 697-708, 1997.

Published

2018-03-27

Issue

Section

Articles