Abstract
This paper describes a model of an X.500 directory augmented with replication for the introduction of multiple sensitivity levels. Semantic tags are applied to attributes to support consistent polyinstantiation and cover stories. Secure state and initial state are defined for the model, as well as the semantics of the operations that change the state. The model demonstrates that a coherent set of semantics can be constructed for such a system that preserve intra-level consistency as well as multilevel access control can be constructed for such a system.
This paper is based on work funded by Rome Laboratories under contract number F30602-95-C-0191.
Chapter PDF
Similar content being viewed by others
Bibliography
Arca Systems, Trusted MLS Directory Service Phase I Final Report January 1996.
Bell, D.E. and La Padula, L.J., Secure Computer System: Unified Exposition and Multics Interpretation, MTR-2997 Rev. 1, The MITRE Corporation, Bedford MA, 1976.
Chadwick, D., Understanding X.500: The Directory, Chapman and Hall, 1994.
Denning, D.E., Lunt, T.F., Schell, R.R., Heckman, M., and Schockley, W.R., “A Multilevel Relational Data Model”, Proceedings of the IEEE Symposium on Security and Privacy. April 1987.
ISO/IEC 9594–1, Information technology—Open Systems Interconnection — The Directory: Overview of concepts, models and services 1995.
ISO/IEC 9594–2, Information technology—Open Systems Interconnection —The Directory: Models 1995.
ISO/IEC 9594–3, Information technology—Open Systems Interconnection—The Directory: Abstract service definition 1995.
ISO/IEC 9594–4, Information technology—Open Systems Interconnection —The Directory: Procedures for distributed operation 1995.
ISO/IEC 9594–5, Information technology—Open Systems Interconnection—The Directory: Protocol specifications 1995.
ISO/IEC 9594–6, Information technology—Open Systems Interconnection—The Directory: Selected attribute types 1995.
ISO/IEC 9594–7, Information technology—Open Systems Interconnection —The Directory: Selected object classes 1995.
ISO/IEC 9594–8, Information technology—Open Systems Interconnection—The Directory: Authentication framework 1995.
ISO/IEC 9594–9, Information technology—Open Systems Interconnection—The Directory: Replication 1995.
Kang, M. H. Froscher, J.N., McDermott, J.P. Costich, O.L., and Peyton, R. “Achieving database security through data replication: the SINTRA prototype”. Proceedings of the 17th National Computer Security Conference, Baltimore, MD, September 1994.
Kang, M.H., Froscher, J.N., McDermott, J.P., Costich, O.L., and Landwehr, C.E., “A Practical Approach to High Assurance Multilevel Secure Computing Service”, Proceedings of the 10th Annual Computer Security Applications Conference, Orlando, FL, December 1994.
Schaefer, M., Martel, P., Kanawati, T., and Lyons, V., “Multilevel Data Model for Trusted ONTOS Prototype ”, Proceedings of IFIP WG 11.3 9th WC on Database Security. Rensselaerville, NY, 13–16 August 1995.
Steedman, D., X.500: The directory standard and its application, Technology Appraisals, 1993.
Waugh, A., X.500 and the 1993 Standard TR-SA-94–03, CSIRO Australia, March 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Grossman, G., Schaefer, M. (1997). A Data Model for a Multilevel Replicated X.500 Server. In: Samarati, P., Sandhu, R.S. (eds) Database Security. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35167-4_12
Download citation
DOI: https://doi.org/10.1007/978-0-387-35167-4_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2900-8
Online ISBN: 978-0-387-35167-4
eBook Packages: Springer Book Archive