The entity-relationship model for multilevel security

  • Günther Pernul
  • Werner Winiwarter
  • A. Min Tjoa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 823)


A design environment for security critical database applications that should be implemented by using multilevel technology is proposed. For this purpose, the Entity-Relationship model is extended to capture security semantics. Important security semantics are defined and a language to express them in an ER model by means of security constraints is developed. The main contribution consists of the development and implementation of a rule-based system with which security semantics specified may be checked for conflicting constraints. The check involves application independent as well as application dependent integrity constraints and leads to a non conflicting conceptual representation of the security semantics of a multilevel secure database application.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    P. Chen. The Entity-Relationship Model: Towards a Unified View of Data. ACM Trans. on Database Systems (ToDS). Vol. 1, No. 1, 1976.Google Scholar
  2. 2.
    D. E. Bell, L. J. LaPadula. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997. MITRE Corp. Bedford, Mass, 1976.Google Scholar
  3. 3.
    S. Jajodia, R. S. Sandhu. Toward a Multilevel Secure Relational Data Model. Proc. 1991 ACM Int'l. Conf. on Management of Data (SIGMOD'91), 50–59.Google Scholar
  4. 4.
    K. Smith, M. Winslett. Entity Modeling in the MLS Relational Model. Proc. 18th Conf. on Very Large Databases (VLDB'92), Vancouver, BC, 1992.Google Scholar
  5. 5.
    D. E. Denning, T. F. Lunt, R. R. Schell, W. R. Shockley, M. Heckaman. The SeaView Security Model. Proc. 1988 IEEE Symposium on Research in Security and Privacy, 218–233.Google Scholar
  6. 6.
    T. F. Lunt, D. Denning, R. R. Schell, M. Heckman, W. R. Shockley. The SeaView Security Model. IEEE Trans. on Software Engineering (TOSE), Vol. 16, No. 6 (1990), 593–607.CrossRefGoogle Scholar
  7. 7.
    G. W. Smith. The Semantic Data Model for Security: Representing the Security Semantics of an Application. Proc. of the 6th Int. Conf. on Data Engineering (ICDE'90), 322–329, IEEE Computer Society Press 1990.Google Scholar
  8. 8.
    G. W. Smith. Modeling Security Relevant Data Semantics. Proc. 1990 IEEE Symposium on Research in Security and Privacy, 384–391.Google Scholar
  9. 9.
    S. D. Urban. ‘ALICE': an assertion language for integrity constraint expression. Proc. Computer Software and Appl. Conf., Sept. 1989.Google Scholar
  10. 10.
    S. Wiseman. Abstract and Concrete Models for Secure Database Applications. Proc. 5th IFIP WG 11.3. Working Conf. on Database Security. Shepherdstown, WV, Nov. 1991.Google Scholar
  11. 11.
    P. J. Sell. The SPEAR Data Design Method. Proc. 6th IFIP WG 11.3. Working Conf. on Database Security. Burnaby, BC, Aug. 1992.Google Scholar
  12. 12.
    J. M. Spivey. The Z-Notation: A Reference Manual. Prentice Hall International, 1989.Google Scholar
  13. 13.
    R. K. Burns. A Conceptual Model for Multilevel Database Design. Proc. 5th Rome Laboratory Database Security Workshop, Oct. 1992.Google Scholar
  14. 14.
    G. Pernul. Security Constraint Processing During MLS Database Design. Proc. 8th Ann. Computer Security Applications Conf. (ACSAC'92). IEEE Computer Society Press.Google Scholar
  15. 15.
    M. Collins, W. Ford, B. Thuraisingham. Security Constraint Processing During the Update Operation in a MLS DBMS. Proc. 7th Annual Computer Security Applications Conf. (ACSAC'91). IEEE Computer Society Press.Google Scholar
  16. 16.
    G. Pernul, W. Winiwarter, A. M. Tjoa. The Deductive Filter Approach to MLS Database Prototyping. Proc. 9th Annual Computer Security Applications Conference (ACSAC'93), Orlando, FL, Dec. 1993. IEEE Computer Society Press.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Günther Pernul
    • 1
  • Werner Winiwarter
    • 1
  • A. Min Tjoa
    • 1
  1. 1.Institute of Applied Computer Science and Information SystemsUniversity of ViennaAustria

Personalised recommendations