Database Reference
In-Depth Information
Table 8.3
Three Tuples Belong to Three Levels in BCMLS
EMPLOYEE
DEPARTMENT
SALARY
TC
Ahmed U S TS
Accounting U -S -TS
7,000 U S -TS
-U S TS
Ahmed U S TS
Sales -U S TS
7,000 -U -S -TS
S -TS
Ahmed U S TS
Sales U -S TS
7,000 S TS
S TS
Table 8.4( a)
The Inference Problem
EMPLOYEE
DEPARTMENT
SALARY
Ahmed U
Sales U
7,000 U
Ahmed U
Account S
8,000 U
Table 8.4(b )
The Inference Problem
EMPLOYEE
DEPARTMENT
SALARY
Ahmed U
Sales U
7,000 U
Ahmed U
Null
8,000 U
• The problem of the sensitive key value: The polyinstantiation
integrity rule in the multilevel relational security models is
intended to ensure the security of the data from the lower
classification level users by allowing only nonkey attributes
to access various values at various classification levels [101].
Since the multilevel relational database model uses the key
attributes to define the tuples, the polyinstantiation integrity
policy should be disallowed and then cannot prevent the risk
on the data.
Table  8.5 presents the problem of the sensitive key value. In the
employee table, the attribute employee is the primary key attribute.
Three tuples have various classification levels. The first contains the value
“Ahmed” in the employee attribute, which has the unclassified classifi-
cation level (U). The second tuple still has the value Ahmed for classi-
fication level (S). In the third tuple, the value for the employee attribute
has been modified to “Ali” and has the top classification level (T).
Suppose that the three tuples represent the same thing. The
highest classification level user with the classification level (TS) will
access all three tuples as in Table 8.5 and will not know that the
first two tuples are used to protect the third tuple from the lower
classification level users.
Search WWH ::




Custom Search