Abstract
This paper investigates the problem of providing high levels of assurance for view-based discretionary access control mechanisms in multilevel DBMS. Assurance is considered from the effectiveness and correctness perspectives, and the gained insight is used to revisit issues of requirements, safety, policy, and mechanism. Three distinct view-based policies are introduced, and two should satisfy B2, B3 and Al TCSEC requirements.
Research presented in this paper was performed by Arca Systems, Inc. under contract to Rome Laboratory through Infosystems Technology, Inc.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Schaefer, Ed., Committee on Multilevel Data Management Security, Multilevel Data Management Security, Technical Report, Air Force Studies Board, National Research Council, National Academy Press, 1983
Claybrook, BAG., “Using Views in a Multilevel Secure Database Management System”, Proceedings of the 1983 Symposium on Security and Privacy, IEEE Computer Society, April 1983, pp. 4–17.
Codd, E. F., A Relational Model of Data for Large Shared Data Banks, Communications of the ACM, June, 1970, pp. 377–387.
Denning, Dorothy E., Schell, Roger R. et al., Views for Multilevel Database Security, IEEE Transactions on Software Engineering, 1986.
Garvey C. and Wu, A., ASD-Views, Proceedings of the 1988 IEEE Symposium on Security and Privacy, April, 1988
Graubart, R., “On the Need for a Third Form of Access Control,” Proceedings of the XIIth National Computer Security Conference, October 1989, pp. 296–303.
Harrison, M.H., Ruzzo, W.L. and Ullman, J.D., “Protection in Operating Systems,” Communications of the ACM 19 (8): 461–471 (1976).
Irvine, C. E., Schell, R. R., Thompson, M. F., Using TNI Concepts for the Near Term Use of High Assurance Database Management Systems, Proceedings of the Fourth Rome Laboratory Multilevel Database Security Workshop, Research Directions in Database Security I V, June 1993.
Lunt, T. F., Schell, R.R., Shockley, W. R., Heckman, M., and Warren, D, A Near-Term Design for the SeaView Multilevel Database System, Proceedings of the 1988 IEEE Symposium on Security and Privacy, April 1988, pp. 234–244.
Sandhu, R. S., “The Typed Access Matrix Model,” Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy, May 1992, pp. 122–136.
M. Schaefer, “A Contemporary Survey of Discretionary Access Control Policy Assurance in Commercial Trusted Relational DBMS”, in Database Security, VIII: Status and Prospects, J Biskup, M. Morgenstern, C.E. Landwehr, Eds., IFIP/North Holland, 1994 p. 376.
Schaefer, Marvin., Schell, Roger R., Toward an Understanding of Extensible Architectures for Evaluated Trusted Computer System Products, Proceedings of the 1984 IEEE Symposium on Security and Privacy, May 1994, pp. 41–49.DoD Computer Security Center.
Shockley, W.R., Schell, R.R., TCB Subsets for Incremental Evaluation, Proceedings of the Third Aerospace Computer Security Conference, December, 1987, pp. 131–139.
Stonebraker, M. and Wong, E., Access Control in a Relational Database Management System by Query Modification, Proceedings 1971 ACM.
SYBASE Secure SQL ServerTM Security Administration Guide, (Release 10.0), Document ID: 36051–01–1000–01, Change Level: 1, 20 December 1993.
Tinto, M., The Design and Evaluation of INFOSEC Systems: The Computer Security Contribution to the Composition Discussion, National Computer Security Center, C Technical Report 32–92, June 1992
Walter, K.G., Ogden, W.F., Rounds, W.C., Bradshaw, F.T., Ames, S.R., and Shumway, D.G., “Primitive Models for Computer Security,” Dept. Computing and Information Sciences, Case Western Reserve University, Cleveland, January 1974.
Wilson, Jackson, “Views as the Security Objects in a Multilevel Secure Relational Database Management System,” Proceedings of the 1988 IEEE Symposium on Security and Privacy, April, 1988, pp. 70–84
Zloof, M.M., “Query by Example: a data base language,” IBM Systems Journal, 16: 4, 1977, pp. 324–343.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Schaefera, M., Smithb, G. (1996). Assured Discretionary Access Control for Trusted RDBMS. In: Spooner, D.L., Demurjian, S.A., Dobson, J.E. (eds) Database Security IX. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34932-9_16
Download citation
DOI: https://doi.org/10.1007/978-0-387-34932-9_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2954-1
Online ISBN: 978-0-387-34932-9
eBook Packages: Springer Book Archive