Database Reference
In-Depth Information
2
b
asiC
C
onCept
of
M
ultile vel
D
atabase
s
eCurit y
2.1 Introduction
Mandatory access control (MAC) is a method of restricting
unauthorized users from accessing objects that contain some sensi-
tive information. An implementation of MAC is multilevel security
(MLS), which has been developed mainly for computer and data-
base systems at highly sensitive government organizations such as
the intelligence community or the U.S. Department of Defense.
In multilevel security, each datum is defined as an object and has a
security class level (classification), and each user is defined as a subject
and has a security class level (clearance). The class level of an object or
a subject A is called a label and is denoted as L (A). The access con-
trol in multilevel security is based on the Bell-LaPadula model [16],
which has the following properties:
• The simple security property: A user, s, is allowed a read access
to an object, o, only if L (s) is higher than or identical to L (o).
• The *-property: A user, s, is allowed a write access to an
object, o, only if L (s) is identical to or lower than L (o).
• The strong * property: A user, s, is allowed a write access to an
object, o, only if L (s) is identical to L (o).
The goal of the simple security property is to prevent a subject with
low clearance from accessing a higher object (that is, no read-up),
while the goal of the *-property, as shown in Figure 2.1, is to prevent
a subject with a high clearance from writing data to a subject that is
cleared at a lower level (that is, no write-down).
17
Search WWH ::
Custom Search