Database Reference
In-Depth Information
In the multilevel relational database, the relation can be polyin-
stantiated when it contains two or more tuples with the same primary
key values. Polyinstantiation occurs in the following two situations:
•
Invisible polyinstantiation
can occur when a user with a low
security level inserts data in an attribute that already contains
data with a higher security level.
•
Visible polyinstantiation
can occur when a user with a high
security level inserts data in an attribute that already contains
data at a lower security level.
2.3.1 Invisible Polyinstantiation
The invisible polyinstantiation (polylow) can occur when a user at a
low level of security needs to insert a new tuple that contains the same
primary key as in an existing tuple with a high security level [19].
In the invisible polyinstantiation, the multilevel relational database
security has three choices:
• Informing the user that the new tuple exists at a higher secu-
rity level and therefore the insertion of the new tuple will
be rejected: This choice leads to the covert channel problem
because the user with a low security level gets unauthorized
information at a high level of security.
• Replacing the existing tuple at a high security level with the
new tuple being inserted with a low security level: This choice
allows the user with a low security level to overwrite data not
visible to him and thus break the data integrity.
• Inserting the new tuple with a low security level without
modifying the existing tuple at the high security level: This
choice leads to the polyinstantiation of the tuple because there
are two tuples in the relation with the same primary key but
in different security levels.
For example, consider the following scenario:
• A user with an S security level updates the salary to be 10,000
in Table 2.3. U user sees no change in the relation, as shown in
Table 2.3, but S user sees the relation after an update, as shown
in Table 2.4.
Search WWH ::
Custom Search