This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A MAC Policy Framework for Multilevel Relational Databases
February 1996 (vol. 8 no. 1)
pp. 3-15

Abstract—We develop a formal framework of MAC policies in multilevel relational databases. We identify the important components of MAC policies and their desirable properties. The framework provides a basis for systematically specifying MAC policies and characterizing their potential mismatches. Based on the framework, we compare and unify the MAC policies and policy components that are proposed in the literature or imposed in existing systems. Our framework could be used to capture and resolve MAC policy mismatches in the trusted interoperation of heterogeneous multilevel relational databases.

[1] R.K. Burns,"Integrity and secrecy: Fundamental conflicts in the databaseenvironment," Proc. Third RADC Database Security Workshop, pp. 37-40. The MITRE Corporation, 1990.
[2] F. Chen and R.S. Sandhu,"The semantics and expressive power of the MLRdata model," Proc. 1995 IEEE Symp. Security and Privacy, pp. 128-142, 1995.
[3] D.E.R. Denning, Cryptography and Data Security. Addison-Wesley, 1983.
[4] C. Garvey and A. Wu,"ASD views," Proc. 1988 IEEE Symp. Security and Privacy, pp. 85-95, 1988.
[5] J. Glasgow, G. MacEwen, and P. Panangaden, "A Logic for Reasoning about Security," ACM Trans. Computer Systems, vol. 10, no. 3, pp. 226-264, Aug. 1992.
[6] L. Gong and X. Qian, "The complexity and composability of secure interoperation," Proc. IEEE Symp. Research in Security and Privacy,Oakland, Calif., pp. 190-200, May 1994.
[7] J.T. Haigh,R.C. O'Brien, and D.J. Thomsen,"The LDV secure relational DBMS model," Database Security, IV: Status and Prospects, S. Jajodia and C.E. Landwehr, eds., pp. 265-279. North-Holland, 1991.
[8] H.H. Hosmer,"Integrating security policies," Proc. Third RADC Database Security Workshop, pp. 169-173. The MITRE Corporation, 1990.
[9] S. Jajodia and R. Sandhu, "Polyinstantiation Integrity in Multilevel Relations," Proc. IEEE Symp. Research Security and Privacy, pp. 104-115, 1990.
[10] S. Jajodia and R. Sandhu,"A novel decomposition of multilevel relations into single-level relations," Proc. 1991 IEEE Symp. Research in Security and Privacy, pp. 300-313, 1991.
[11] C.E. Landwehr, "Formal models for computer security," ACM Computing Survey, vol. 13, no. 3, pp. 247-278, Sept. 1981.
[12] T.F. Lunt, D.E. Denning, R.R. Schell, M. Heckman, and W.R. Shockley, "The Seaview Security Model," IEEE Trans. Software Eng., vol. 16, no. 6, pp. 593-607, June 1990.
[13] T.F. Lunt,P.G. Neumann,D.E. Denning,R.R. Schell,M. Heckman, and W.R. Shockley,"Secure distributed data views: Security policy andinterpretation for DBMS for a class A1 DBMS," Technical Report RADC-TR-89-313, vol. 1, Rome Air Development Center, Air Force Systems Command, Dec. 1989.
[14] C. Meadows and S. Jajodia, "Integrity vs. Security in Multi-Level Secure Databases," C.E. Landwehr, ed., Database Security, Status, and Prospects, pp. 89-101.Amsterdam: North-Holland, 1988.
[15] J.B. Michael,E.H. Sibley,R.F. Baum, and F. Li,"On the axiomatization of security policy:Some tentative observations about logic representation," Database Security, VI: Status and Prospects, B.M. Thuraisingham and C.E. Landwehr, eds., pp. 367-386. North-Holland, 1993.
[16] P. Morris and J. McDermid,"The structure of permissions: A normativeframework for access rights," Database Security, V: Status and Prospects, C.E. Landwehr and S. Jajodia, eds., pp. 77-97. North-Holland, 1992.
[17] J.-M. Nicolas and H. Gallaire,"Data base: Theory vs. interpretation," Logic and Databases, H. Gallaire and J. Minker, eds., pp. 33-54. Plenum Press, 1978.
[18] G. Pernul, "Canonical security modeling for federated databases," Proc. IFIP TC2/WG2.6 Conf. Semantics of Interoperable Database Systems, Nov. 1992.
[19] X. Qian, "Inference Channel-Free Integrity Constraints in multilevel Relational Databases," Proc. IEEE Symp. Research Security and Privacy, pp. 158-167, May 1994.
[20] X. Qian and T.F. Lunt, "Tuple-Level vs. Element-Level Classification," B.M. Thuraisingham and C.E. Landwehr, eds., Database Security, VI: Status and Prospects, pp. 301-315. North-Holland, 1993.
[21] X. Qian and T.F. Lunt,"A semantic framework of the multilevel secure relational model," IEEE Trans. Knowledge and Data Engineering, to appear.
[22] R. Sandhu and S. Jajodia, "Eliminating Polyinstantiation Securely," Computers and Security, vol. 11, pp 547-562, 1992.
[23] R. Sandhu, S. Jajodia, and T.F. Lunt, "A New Polyinstantiation Integrity Constraint for Multilevel Relations," Proc. Third IEEE Workshop Computer Security Foundations, pp. 159-165, 1990.
[24] E. Sibley, J. Michael, and R. Wexelblat, “Use of an Experimental Policy Workbench: Description and Preliminary Results,” Database Security V: Status and Prospects, C. Landwehr and S. Jajodia, eds., pp. 47-76, Elsevier Science, 1992.
[25] G. Smith,"Modeling security-relevant data semantics," IEEE Trans. Software Engineering, vol. 17, no. 11, pp. 1,195-1,203, Nov. 1991.
[26] K. Smith and M. Winslett, "Entity Modeling in the MLS Relational Model," Proc. 18th Int'l Conf. Very Large Data Bases, pp. 199-210, 1992.
[27] G. Steinke and M. Jarke,"Support for security modeling in information systems design," Database Security, VI: Status and Prospects, B.M. Thuraisingham and C.E. Landwehr, eds., pp. 125-141. North-Holland, 1993.
[28] B.M. Thuraisingham, "A Nonmonotonic Typed Multilevel Logic for Multilevel Secure Database/Knowledge-Base Management Systems," Proc. Fourth IEEE Workshop Computer Security Foundations, pp. 127-138, 1991.
[29] J. Ullman, Principles of Database and Knowledge-Base Systems, vol. 1. Computer Science Press, 1988.
[30] S.R. Wiseman, "Control of Confidentiality in Databases," Computers and Security, vol. 9, no. 6, pp. 529-537, Oct. 1990.

Index Terms:
Inference channel, integrity constraints, mandatory access control, multilevel databases, security label semantics, security policy
Citation:
Xiaolei Qian, Teresa F. Lunt, "A MAC Policy Framework for Multilevel Relational Databases," IEEE Transactions on Knowledge and Data Engineering, vol. 8, no. 1, pp. 3-15, Feb. 1996, doi:10.1109/69.485625
Usage of this product signifies your acceptance of the Terms of Use.