Abstract
We discuss the support of high-assurance write-up actions in multilevel secure object-oriented databases under the replicated architecture. In this architecture, there exists a separate untrusted singlelevel database for each security level. Data is replicated across these databases (or containers), as each database stores a copy of all the data whose class is dominated by that of the database. Our work utilizes an underlying message filter based object-oriented security model. Supporting message-based write-up actions with synchronous semantics directly impacts condidentiality, integrity, and performance issues. Also, an important concern in the replicated architecture is the maintenance of the mutual consistency of the replicated data. In this paper we offer solutions to support write-up actions while preserving the conflicting goals of confidentiality, integrity, and efficiency and at the same time demonstrate how the effects of updates arising from write-up actions are replicated correctly to guarantee such mutual consistency. Finally, we wish to emphasize that our elaboration of the message filter model demands minimum functionality from the TCB that is hosted within the trusted front end (TFE), and further requires no trusted subjects (i.e. subjects who are exempted, perhaps partially, from the usual mandatory controls). Collectively, these make verification of our solutions easier, since we have the assurance that covert channels cannot be introduced through the TFE.
The work of both authors was partially supported by the National Security Agency through contract MDA904-92-C-5140. We are indebted to Pete Sell, Howard Stainer and Mike Ware for their support and encouragement in making this work possible.
Chapter PDF
Similar content being viewed by others
Keywords
References
P. Ammann and S. Jajodia. Planar lattice security structures for multi-level replicated databases. Proc. of the Seventh IFIP 11.3 Workshop on Database Security, Vancouver, Huntsville, Alabama, September 1993.
P.A. Bernstein, V. Hadzilacos, and N. Goodman. Concurrency Control and Recovery in Database Systems, Addison-Wesley Publ. Co., Inc., Reading, MA, 1987.
B. Blaustein, S. Jajodia, C.D. McCollum, and L. Notargiacomo. A model of atomicity for multilevel transactions. Proc. of the 1993 IEEE Symposium on Security and Privacy, pp. 120–134, May 1993.
O. Costich. Transaction processing using an untrusted scheduler in a multilevel database with replicated architecture, Database Security V, Status and Prospects, C.E. Landwehr and S. Jajodia (Editors), Elsevier Science Publishers B.V. (North-Holland), Amsterdam, 1992.
O. Costich and J. McDermott. A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture. Proc. of the 1992 IEEE Symposium on Security and Privacy, pp. 192–203, May 1992.
S. Jajodia and B. Kogan. Integrating an object-oriented data model with multilevel security. Proc. of the 1990 IEEE Symposium on Security and Privacy, pp. 76–85, May 1990.
Sushil Jajodia and Boris Kogan, “Transaction processing in multilevel-secure databases using replicated architecture.” Proc. IEEE Symposium on Security and Privacy, Oakland, California, May 1990, pages 360–368.
T.F. Keefe and W.T. Tsai. Prototyping the SODA security model. Proc. 3rd IFIP WG 11.3 Workshop on Database Security, September 1989.
T.F. Keefe, W.T. Tsai, and M.B. Thuraisingham. A multilevel security model for object-oriented systems. Proc. 11th National Computer Security Conference, pp. 1–9, October 1988.
A.G. Mathur and T.F. Keefe. The concurrency control and recovery problem for multilevel update transactions in MLS systems. To appear in the Proc. of the Computer Security Foundations Workshop, Franconia, New Hampshire, 1993.
J. McDermott, S. Jajodia, and R. Sandhu. A single-level scheduler for the replicated architecture for multilevel-secure databases. Proc. of the Seventh Annual Computer Security Applications Conference, San Antonio, TX, 1991.
J.K. Millen and T.F. Lunt. Security for object-oriented database systems. In Proc. of the 1992 IEEE Symposium on Security and Privacy, pp 260–272, May 1992.
M. Morgenstern A security model for multilevel objects with bidirectional relationships. Database Security IV, Status and Prospects, S. Jajodia and C.E. Landwehr (Editors), Elsevier Science Publishers B.V. (North-Holland)
R.S. Sandhu, R. Thomas, and S. Jajodia. A Secure Kernelized Architecture for Multilevel Object-Oriented Databases. Proc. of the IEEE Computer Security Foundations Workshop IV, pp. 139–152, June 1991.
R.S. Sandhu, R. Thomas, and S. Jajodia. Supporting timing-channel free computations in multilevel secure object-oriented databases. Proc. of the IFIP 11.3 Workshop on Database Security, Sheperdstown, West Virginia, November 1991.
R.K. Thomas and R.S. Sandhu. Implementing the message filter object-oriented security model without trusted subjects. Proc. of the IFIP 11.3 Workshop on Database Security, Vancouver, Canada, August 1992.
R.K. Thomas and R.S. Sandhu. A Kernelized Architecture for Multilevel Secure Object-oriented Databases Supporting Write-up. Journal of Computer Security, Volume 2, No. 3, IOS Press, Netherlands, 1994.
M.B. Thuraisingham. A multilevel secure object-oriented data model. Proc. 12th National Computer Security Conference, pp. 579–590, October 1989.
Multilevel data management security. Committee on Multilevel Data Management Security, Air Force Studies Board, National Research Council, Washington, D.C., 1983.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Thomas, R.K., Sandhu, R.S. (1994). Supporting object-based high-assurance write-up in multilevel databases for the replicated architecture. In: Gollmann, D. (eds) Computer Security — ESORICS 94. ESORICS 1994. Lecture Notes in Computer Science, vol 875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58618-0_76
Download citation
DOI: https://doi.org/10.1007/3-540-58618-0_76
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58618-0
Online ISBN: 978-3-540-49034-0
eBook Packages: Springer Book Archive