Database Reference
In-Depth Information
8
t
he
i
nstanCe
-
b
aseD
M
ultile vel
s
eCurit y
M
oDel
8.1 Introduction
Most multilevel relational databases use the mandatory access
control mechanism that is based on the Bell-LaPadula model [98].
This model depends on the terms of the subjects and the objects.
The object may be a relation, a tuple, or an attribute within a
tuple. he subject is the active process that needs to access some
objects. Every object can be associated with a classification level
such as U (unclassified), C (confidential), S (secret), or TS (top
secret). Every subject also is associated with a classification level
(unclassified, confidential, secret, or top secret). Classification
levels are partially ordered.
There are many challenges that face multilevel relational database
systems. The multilevel relational database system is restricted by the
security requirements in the Bell-LaPadula model, which prevent
covert channels [99] among the different classification levels. When
applying the security requirements in the multilevel relational data-
base, security should be ensured. As a result, some problems will be
raised and will be described as follows:
• The redundancy of the data: The SeaView model defines a
rule called the entity polyinstantiation integrity [100], which
provides the multilevel relational database system to save the
same tuple with various classification levels to protect the
higher classification level data.
Table 8.1 illustrates an example for the entity polyinstantiation
in the multilevel relational database. The primary key of the multi-
level relation is the employee attribute and the classification levels are
147
Search WWH ::
Custom Search