An axiomatic interpretation of confidentiality demands in logic-based relational databases

  • Adrian Spalka
  • Armin B. Cremers
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1154)


Secure multilevel relational database models based on Bell and La Padula's interpretation of mandatory security policies suffer from severe semantic problems. We claim that the intention of these policies can be reduced to a single generic confidentiality demand. We interpret it in the context of a logic-based database as a distortion of the intended model and state it as an axiom in addition to the axioms of a relational database. We then show that many security properties can already be proved from these few axioms. These properties characterise a mandatory-security-policy-conforming database with an unequivocal semantics of the data and a notion of integrity identical to that of relational databases.


Relational Database Security Level Integrity Constraint Intended Model Database Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Bell, David Elliott, and Leonard J. La Padula. (1975) Secure computer system: Unified exposition and multics interpretation. MITRE Technical Report 2997. MITRE Corp, Bedford, MAGoogle Scholar
  2. Bonatti, Piero, Sarit Kraus and V.S. Subrahmanian. (1992) ‘Declarative Foundations of Secure Deductive Databases'. Ed Joachim Biskup and Richard Hull. 4th International Conference on Database Theory — ICDT'92. LNCS, vol 646. Berlin, Heidelberg: Springer-Verlag. pp 391–406. [Also in: IEEE Transactions on Knowledge and Data Engineering 7.3 (1995):406–422.]Google Scholar
  3. Bonyun, David A. (1980) ‘The Secure Relational Database Management System Kernel: Three Years After'. 1980 IEEE Symposium on Security and Privacy. IEEE Computer Society Press. pp 34–37.Google Scholar
  4. Bourbaki, Nicolas. (1968) Theory of Sets. Paris: Hermann.Google Scholar
  5. Cremers, Armin B., Ulrike Griefahn and Ralf Hinze. (1994) Deduktive Datenbanken. Braunschweig: Vieweg.Google Scholar
  6. Denning, Dorothy E., Teresa F. Lunt, Roger R. Schell, Mark Heckman and William R. Shockley. (1987) ‘A Multilevel Relational Data Model'. 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society Press. pp 220–234.Google Scholar
  7. -,-,-, William R. Shockley and Mark Heckman. (1988) ‘The SeaView Security Model'. 1988 Symposium on Security and Privacy. IEEE Computer Society Press. pp 218–233.Google Scholar
  8. Feiertag, R.J., K.N. Levitt and L. Robinson. (1977) ‘Proving multilevel security of a system design'. 6th ACM Symposium on Operating System Principles. ACM SIGOPS Operating System Review 11.5:57–65.Google Scholar
  9. Graubart, Richard D., and John P.L. Woodward. (1982) ‘A Preliminary Naval Surveillance DBMS Security Model'. 1982 IEEE Symposium on Security and Privacy. IEEE Computer Society Press. pp 21–37.Google Scholar
  10. Landwehr, Carl E. (1981) ‘Formal Models for Computer Security'. ACM Computing Surveys 13.3:247–278.Google Scholar
  11. Qian, Xiaolei. (1994) ‘Inference Channel-Free Integrity Constraints in Multilevel Relational Databases'. 1994 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press. pp 158–167.Google Scholar
  12. -and Teresa F. Lunt. (1992) ‘Tuple-level vs. element-level classification'. Ed Bhavani M. Thuraisingham and Carl E. Landwehr. Database Security VI. IFIP WG11.3 Workshop on Database Security 1993. Amsterdam: North-Holland, 1993. pp 301–315.Google Scholar
  13. Sicherman, George L., Wiebren de Jonge and Reind P. van de Riet. (1983) ‘Answering Queries Without Revealing Secrets'. ACM Transactions on Database Systems 8.1:41–59.Google Scholar
  14. Spalka, Adrian. (1994) ‘Secure Logic Databases Allowed to Reveal Indefinite Information on Secrets'. Ed Joachim Biskup, Matthew Morgenstern and Carl E. Landwehr. Database Security VIII. IFIP WG11.3 Working Conference on Database Security 1994. Amsterdam: North-Holland. pp 297–316.Google Scholar
  15. -. (1996a) A Study of the Extensibility of Logic-Based Databases with Confdentiality Capabilities. PhD Thesis. Universtity of Bonn, Germany.Google Scholar
  16. -. (1996b) ‘The Non-Primitiveness of the Simple-Security Property and its Non-Applicability to Relational Databases'. 9th IEEE Computer Security Foundations Workshop 1996. IEEE Computer Society Press.Google Scholar
  17. Winslett, Marianne, Kenneth Smith and Xiaolei Qian. (1994) ‘Formal Query Languages for Secure Relational Databases'. ACM Transactions on Database Systems 19.4:626–662.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Adrian Spalka
    • 1
  • Armin B. Cremers
    • 1
  1. 1.Department of Computer Science IIIUniversity of BonnBonnGermany

Personalised recommendations