Abstract
Any multilevel-secure (MLS) database management system (DBMS) requires a security policy that is sufficiently flexible to support the security requirements of a range of database applications. In general, the currently proposed DBMS security policies do not provide the types of features that are required by typical database applications. This paper discusses four major problems with current DBMS security policies:
-
1.
Automatic polyinstantiation
-
2.
Simplistic Bell-LaPadula interpretation
-
3.
View-based controls and constraints
-
4.
Lack of transaction authorization controls.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D.E. Bell and L.J. LaPadula. Secure computer systems: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, The MITRE Corporation, Bedford, Massachusetts, March 1976.
D.D. Clark and D.R. Wilson. A comparison of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, 1987.
G.E. Gajnak. Some results from the entity relationship multilevel secure DBMS project. In Research Directions in Database Security (T. F. Lunt, ed.), this volume.
T.H. Hinke and M. Schaefer. Secure data management system. Technical Report RADC-TR-75-266, System Development Corporation, November 1975.
[LDN+88]_T.F. Lunt, D.E. Denning, P.G. Neumann, R.R. Schell, M. Heckman, and W.R. Shockley. Final report vol. 1: Security policy and policy interpretation for a class A1 multilevel secure relational database system. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California, 1988.
[LSS+88]_T.F. Lunt, R.R. Schell, W.R. Shockley, M. Heckman, and D. Warren. A near-term design for the SeaView multilevel database system. In Proceedings of the 1988 IEEE Symposium on Security and Privacy, April 1988.
W.H. Murray. Data integrity in a business data processing system. In Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (Appendix 6), October 1987.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1992 Springer-Verlag New York, Inc.
About this chapter
Cite this chapter
Burns, R.K. (1992). An Application Perspective on DBMS Security Policies. In: Lunt, T.F. (eds) Research Directions in Database Security. Springer, New York, NY. https://doi.org/10.1007/978-1-4612-2870-7_19
Download citation
DOI: https://doi.org/10.1007/978-1-4612-2870-7_19
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-97736-2
Online ISBN: 978-1-4612-2870-7
eBook Packages: Springer Book Archive