Abstract
This paper develops a framework for assessing the security cost of implementations of a class of distributed database architectures, a framework which has previously been lacking in the literature. The value of information in a relational database is first introduced, i.e. a value is ascribed to the thing the security is to protect. In identifying sources of security costs, both the hiding of information from authorised users and the disclosure of information to unauthorised users are considered. Parameters which describe the effects of implementation and system usage on the security of the architecture are then determined. Finally, guidelines for estimating the information values and the implementation parameters required in calculating the security cost model are provided.
For simplicity only two security classes are considered, although the method would extend to any access control policies based on hierarchical classes. The cost model assumes nothing about the assurance of the implementation of the access control policy, and so applies equally to privacy considerations in the design of health care database systems or to national security considerations in military databases.
Chapter PDF
Similar content being viewed by others
References
Aisbett, J. and Gibbon, G. (1996), A practical measure of the information in a logical theory. Submitted to J. Exp and Theoretical AI.
Codd, E. (1990) The relational model for database management Version 2. Addison Wesley.
Carnap, R. (1963) Logical foundations of probability. University Chicago Press.
Demski, J. (1980) Information Analysis. Addison Wesley.
Devlin, K. (1992) Information and Logic. Cambridge Univ. Press.
Duzi, M. (1992) Semantic information connected with data. Lecture Notes in Computer Science, 646, 376–90.
Hintikka, J. and Suppes, P. (ed.) (1970) Information and Inference. D. Riedel., Dordrecht.
Hull, R. (1986) Relative information capacity of simple relational database schemata. SIAM J. Computing, 15 (3), 856–85.
Jajodia, S., Sandhu, S. and R. (1991) Toward a multilevel secure relational data model. ACM SIGMOD, 50–59.
Jajoida, S. and Mukkamala, R. (1993) Effects of Sea View decomposition of multilevel relations on database performance, in Database Security (ed. Landwehr, C. and Jajoida, S. ), North Holland.
Kang, M.H., Froscher, J., McDermott, J., Costich, O., and Peyton, R. (1994) Achieving database security through data replication: the SINTRA prototype. Proceedings of the 17th National Computer Security Conference, September 1994.
Lozinskii, E., (1994) Information and evidence in logic systems, J. Exp and Theoretical AI., 6, 163–93.
Mackay, D. (1969) Information, mechanism and meaning. MIT Press.
Papoulis, A. (1965) Probability, random variables and stochastic processes. McGraw-Hill.
Reiter, R. (1984) Towards a logical reconstruction of relational database theory, in On Conceptual Modelling, (ed. Brodie, M., Myopoulos, J. and Schmidt, J. ), Springer-Verlag, New York.
Shannon, C. and Weaver, W. (1949) The mathematical theory of communication. University of Illinois Press.
Smith, G. (1992) Classifying and downgrading: is a human needed in the loop?, in Research Directions in Database Security, (ed. Lunt, T. ), Springer Verlag.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Aisbett, J.E. (1997). An information theoretic analysis of architectures for multilevel secure databases. In: Samarati, P., Sandhu, R.S. (eds) Database Security. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35167-4_13
Download citation
DOI: https://doi.org/10.1007/978-0-387-35167-4_13
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2900-8
Online ISBN: 978-0-387-35167-4
eBook Packages: Springer Book Archive