Database Reference
In-Depth Information
7
C
onCurrenCy
C
ontrol
in
M
ultile vel
r
el ational
D
atabases
7.1 Introduction
Most of the multilevel relational databases use the mandatory access
control mechanism that is based on the Bell-LaPadula model [84].
This model depends on the terms of the subjects and the data. The data
may be a relation, a tuple, or an attribute within a tuple. The sub-
ject is the active process that needs to access some data. Every datum
can be associated with a classification level (such as U = unclassified,
C = confidential, S = secret, and TS = top secret). Every subject also
is associated with a classification level (such as U = unclassified,
C = confidential, S = secret, and TS = top secret). Classification levels
are partially ordered. The access control in multilevel security is based
on the Bell-LaPadula model, which has the following properties:
• Simple security property: The subject can have a read access to
data only if his classification level is identical to or higher than
the classification level of the data.
• The *-property: The subject can have a write access to data
only if his classification level is identical to or lower than the
classification level of the data.
• The strong *-property: The subject can have a write access to
data only if his classification level is identical to the classifica-
tion level of the data.
In multilevel relational databases, concurrency control manages the
concurrent execution of data manipulation language operations (such
as SELECT, INSERT, UPDATE, and DELETE) that are per-
formed by different users on the same data at the same time [85]. There
are many concurrency control models that are implemented to produce
13 3
Search WWH ::
Custom Search