Database Reference
In-Depth Information
or more remaining attributes. As shown in Table  2.8, there
are two tuples with the same primary key (Ahmed) and the
same classes (U), but with different classes in the next two
attributes (Department, Salary).
2.3.4 Architectural Considerations in Supporting Polyinstantiation
There are two different architectures of polyinstantiation:
• No MAC privileges architecture: As shown in Figure  2.2,
the no MAC privileges (NMP) architecture has separated the
relational database into smaller relational databases. This sep-
aration depends on the security level of each relational data-
base. Also, the relational database management system has
divided the process into a smaller process that can access all
databases with data at or below its level. This architecture has
bad data retrieval performance because a user will get the data
from multiple single-level database fragments [22].
• Trusted subject architecture: As shown in Figure 2.3, the trusted
subject architecture has a single database to be used in saving
data at multiple security levels, and the database management
system is trusted to guard against illegal information flows [23].
Table 2.8
Attribute Polyinstantiation
EMPLOYEE
DEPARTMENT
SALARY
Ahmed U
Accounting U
7,000 U
Ahmed U
Sales S
10,000 S
DBMS High
Process
DBMS Low
Process
User High
Low User
System Operating Trusted
Database Low
Fragment
Database High
Fragment
Figure 2.2
No MAC privileges architecture.
 
Search WWH ::




Custom Search