This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Security Constraint Processing in a Multilevel Secure Distributed Database Management System
April 1995 (vol. 7 no. 2)
pp. 274-293

Abstract—In a multilevel secure distributed database management system, users cleared at different security levels access and share a distributed database consisting of data at different sensitivity levels. An approach to assigning sensitivity levels, also called security levels, to data is one which utilizes constraints or classification rules. Security constraints provide an effective classification policy. They can be used to assign security levels to the data based on content, context, and time. In this paper we extend our previous work on security constraint processing in a centralized multilevel secure database management system by describing techniques for processing security constraints in a distributed environment during query, update, and database design operations.

[1] S. Akl and D. Denning,1987, “On the consistency and completeness of classification constraints,” Proc. IEEE Symp. on Security and Privacy, Oakland, Calif.
[2] D. Bell and L. La Padula,Secure Computer Systems: Unified Exposition and Multics Interpretation, Technical Report NTIS AD-A023588. Bedford, Mass.: MITRE Corporation, July 1975.
[3] S. Ceri and G. Pelagatti, Distributed Databases: Principles and Systems.New York: McGraw-Hill, 1984.
[4] U. Chakravarthy,“Foundations of semantic query optimization,” ed. by J. Minker, Foundations of Deductive Databases and Logic Programming.San Francisco: Morgan Kaufmann, 1988.
[5] M. Collins,Design and Implementation of a Secure Update Processor, Technical Report MTR 10977. Bedford, Mass.: MITRE Corporation, Oct. 1990 (a version also presented at the 7th Computer Security Applications Conf.,1991).
[6] D.E. Denning,S.G. Akl,M. Morgenstern,P.G. Neumann,R.R. Schell,, and M. Heckman,“Views as a mechanism for classification in multilevel secure databasemanagement systems,” Proc. IEEE Symp. Security and Privacy, Oakland, Calif., 1986.
[7] P. Dwyer,G. Jelatis,, and B. Thuraisingham,“Multilevel security in database management systems,” Computers and Security, vol. 6, no. 3, pp. 252-260, June 1987.
[8] W. Ford,J. O’Keeffe,, and B. Thuraisingham,Database Inference Controller: An Overview, Technical Report MTR 10963, vol. 1, MITRE Corporation, Bedford, Mass., Aug. 1990 (a version published in Data and Knowledge Engineering Journal,1993).
[9] H. Gallaire and J. Minker,Logic and Databases.New York: Plenum Press, 1978.
[10] T. Hinke,“Inference aggregation detection in database management systems,” Proc. IEEE Symp. on Security and Privacy, Oakland, Calif., Apr. 1988
[11] Honeywell Inc., Security Policy for Lock Data Views, Interim Report for RADC (E. Boebert, B. Dillaway, P. Dwyer, T. Haigh, and B.Thuraisingham), Mar. 1987
[12] T. Keefe,B. Thuraisingham,, and W. Tsai, “Secure query processing strategies,” Computer, vol. 22, no. 3, pp. 63-70, Mar. 1989.
[13] J.W. Lloyd, Foundations of Logic Programming, Springer Series in Symbolic Computation, second ed. New York: Springer-Verlag, 1987.
[14] T. Lunt,“, Inference and aggregation, facts and fallacies,” Proc. IEEE Symp. on Security and Privacy,Oakland, Calif., May 1989.
[15] H. Rubinovitz and B. Thuraisingham,“Design and implementation of a query processor for a trusted distributeddatabase management system,” J. of Systems and Software, vol. 21, no. 1, Apr. 1993.
[16] G. Smith,“Modeling security-relevant data semantics,” Proc. IEEE Symp. on Security and Privacy,Oakland, Calif., May 1990
[17] P. Stachour and B. Thuraisingham,“Design of LDV—a multilevel secure relational database managementsystem,” IEEE Trans. on Knowledge and Data Eng., vol. 2, no. 2, June 1990.
[18] M. Stonebraker and E. Wong,“Access control in relational database management systems by querymodification,” Proc. ACM National Conf.,New York, 1974
[19] B. Thuraisingham,“Security checking in relational database management systems augmented withinference engines,” Computers and Security, vol. 6, no. 6, Dec. 1987.
[20] B. Thuraisingham,“Towards the design of a secure data/knowledge base managementsystem,” Data and Knowledge Eng. J., vol. 5, no. 1, Mar. 1990.
[21] B., Thuraisingham,Handling Association-based Constraints in Multilevel Database Design, Working Paper. Bedford, Mass: MITRE Corporation (a version presented at the 4th RADC Database SecurityWorkshop, Apr. 1991).
[22] B. Thuraisingham,“Multilevel security issues for distributed database management systemII,” Computers and Security J., vol. 10, Dec. 1991.
[23] S. Walker,“Network security overview,” Proc. IEEE Symp. on Security and Privacy,Oakland, Calif., Apr. 1985.

Index Terms:
Multilevel secure distributed database management system, security constraints, inference problem, security policy, distributed query processing, distributed update processing, multilevel distributed database design.
Citation:
Bhavani Thuraisingham, William Ford, "Security Constraint Processing in a Multilevel Secure Distributed Database Management System," IEEE Transactions on Knowledge and Data Engineering, vol. 7, no. 2, pp. 274-293, April 1995, doi:10.1109/69.382297
Usage of this product signifies your acceptance of the Terms of Use.