This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
The SeaView Security Model
June 1990 (vol. 16 no. 6)
pp. 593-607

A multilevel database is intended to provide the security needed for database systems that contain data at a variety of classifications and serve a set of users having differentclearances. A formal security model for such a system is described. The model is formulated in two layers, one corresponding to a reference monitor that enforces mandatory security, and the second an extension of the standard relational model defining multilevel relations and formalizing policies for labeling new and derived data, data consistency, and discretionary security. The model also defines application-independent properties for entity integrity, referential integrity, and polyinstantiation integrity.

[1] Nat. Comput. Security Center,Dep. Defense Trusted Computer System Evaluation Criteria, Tech. Rep. DOD 5200.28-STD, Dec. 1985.
[2] T. F. Lunt, D. E. Denning, P. G. Neumann, R. R. Schell, M. Heckman, and W. R. Shockley,Final Report Vol. 1: Security Policy and Policy Interpretation for a Class Al Multilevel Secure Relational Database System. Comput. Sci. Lab., SRI International, Menlo Park, CA, Tech. Rep., 1988.
[3] T. F. Lunt and R. A. Whitehurst,Final Report Vol. 3A: The SeaView Formal Top Level Specifications. Comput. Sci. Lab., SRI International, Menlo Park, CA, Tech. Rep., 1989.
[4] T. F. Lunt, R. R. Schell, W. R. Shockley, M. Heckman, and D. Warren, "Toward a multilevel relational data language," inProc. Fourth Aerospace Computer Security Applications Conf., Orlando, FL, IEEE Computer Society Press, Dec. 1988.
[5] J. S. Crow, R. Lee, J. M. Rushby, F. W. von Henke, and R. A. Whitehurst, "EHDM verification environment: An overview," inProc. 11th Nat. Computer Security Conf., Nat. Bureau Standards/ National Computer Security Center, Baltimore, MD, Oct. 1988.
[6] R. A. Whitehurst and T. F. Lunt, "The SeaView verification," inProc. Second Workshop Foundations of Computer Security, Franconia, NH, IEEE Computer Society Press, June 1989.
[7] D.E. Denning,Cryptography and Data Security, Addison-Wesley Publishing Co., Reading, Mass., 1982.
[8] T. F. Lunt, R. R. Schell, W. R. Shockley, M. Heckman, and D. Warren, "A near-term design for the SeaView-Multilevel Database System," inProc. 1988 IEEE Symp. on Security and Privacy, Apr. 1988, pp. 234-244.
[9] T. F. Lunt, "Multilevel database systems: Meeting class Al," inDatabase Security II, Status and Prospects. New York: Elsevier Science, Oct. 1988.
[10] T. H. Hinke and M. Schaefer, "Secure data management system," System Development Corp., Tech. Rep. RADC-TR-75-266, Nov. 1975.
[11] M. J. Grohn, "A model of a protected data management system," I. P. Sharp Associates Ltd., Tech. Rep. ESD-TR-76-289, June 1976.
[12] T. H. Hinke, C. Garvey, N. Jensen, J. Wilson, and A. Wu, "Al secure DBMS design," inPostscript to Proc. 11th Nat. Computer Security Conf., Nat. Bureau Standards/Nat. Comput. Security Center, Baltimore, MD, Oct. 1988.
[13] R. D. Graubart and J. P. L. Woodward, "A preliminary naval surveillance DBMS security model," inProc. 1982 IEEE Symp. Security and Privacy., Oakland, CA. IEEE Computer Society Press, Apr. 1982.
[14] P. A. Dwyer, E. Onuegbe, P. Stachour, and M. B. Thuraisingham, "Query processing in LDV: A multilevel secure relational database management system," inProc. 4th Aerospace Comput. Security Conf., IEEE, Orlando, FL, Dec. 1988, pp. 118-124.
[15] O. S. Saydjari, J. M. Beckman, and J. R. Leaman, "LOCK trek: Navigating uncharted space," inProc. 1989 Symp. Research in Security and Privacy, Oakland, CA, IEEE Computer Society Press, May 1989.
[16] D. E. Bell and L. J. LaPadula, "Secure computer systems: Unified exposition and multics interpretation," MITRE Corp., Bedford, MA, Tech. Rep. ESD-TR-75-306, Mar. 1976.
[17] R. R. Schell, T. F. Tao, and M. Heckman, "Designing the GEMSOS security kernel for security and performance," inProc. 8th Nat. Computer Security Conf., Nat. Bureau Standards/Nat. Comput. Security Center, 1985.
[18] T. F. Lunt, D. E. Denning, R. R. Schell, M. Heckman, and W. R. Shockley, "Final report Vol. 2: The SeaView formal security policy model," Comput. Sci. Lab., SRI International, Menlo Park, CA, Tech. Rep., 1989.
[19] D. E. Denninget al., "The SeaView security model," inProc. 1988 Symp. Security and Privacy, IEEE Computer Society, 1988, pp. 218-233.
[20] S. Jajodia and R. Sandhu, "Polyinstantiation integrity in multilevel relations," Center of Excellence for Command, Contr., Commun., Intell., George Mason Univ., Fairfax, VA, unpublished paper, 1989.
[21] G. E. Gajnak, "Some results from the entity/relationship multilevel secure DBMS Project," inProc. 4th Aerospace Comput. Security Appl. Conf., Dec. 1988, pp. 66-71.
[22] D. E. Denning, T. F. Lunt, R. R. Schell, M. Heckman, and W. R. Shockley, "A multilevel relational data model," inProc. 1987 IEEE Symp. Security and Privacy., Oakland, CA, IEEE Computer Society Press, Apr. 1987.
[23] P. P. Griffiths and B. W. Wade, "An authorization mechanism for a relational database system,"ACM TODS, vol. 1, no. 3, pp. 242-253, Sept. 1976.

Index Terms:
policy formalization; new data; SeaView security model; multilevel database; classifications; users; clearances; formal security model; reference monitor; mandatory security; standard relational model; multilevel relations; labeling; derived data; data consistency; discretionary security; application-independent properties; entity integrity; referential integrity; polyinstantiation integrity; relational databases; security of data; software engineering.
Citation:
T.F. Lunt, D.E. Denning, R.R. Schell, M. Heckman, W.R. Shockley, "The SeaView Security Model," IEEE Transactions on Software Engineering, vol. 16, no. 6, pp. 593-607, June 1990, doi:10.1109/32.55088
Usage of this product signifies your acceptance of the Terms of Use.