Database Reference
In-Depth Information
the simplicity of tuple level labeling, combined with the flexibility of
element-level labeling.
There are two major problems in the Jajodia-Sandhu model [26]:
• Semantic ambiguity: Suppose that there are two tuples in the
relations with security levels U and S and there is no tuple
with security level TS. If a user with security level TS needs
to get information from the relation, he cannot decide which
is the correct information because the values from the U tuple
and the S tuple in the relation will be retrieved in the result
of the query.
• Operational incompleteness: Suppose that there are two
incomparable security levels, M1 and M2, whose least upper
bound is the security level S and greatest lower bound is the
security level U. There is no way for a user at security level S
to insert tuples that contain attributes with security levels at
U, M1, and M2.
2.4.3 Smith-Winslett Model
In the Smith-Winslett model, the multilevel relational database is
seen as a set of ordinary relational databases where all the databases
share the same schema. This model does not support security at the
level of each single attribute. The security level can be assigned only to
the primary key attributes and the tuples as a whole [27].
The multilevel relational scheme is given as R(A PK , C PK , A 1 ...,
A n ,TC) , where A pk is denoted as the primary key data attribute, C pk
is the primary key classification attribute that contains the security
level of the primary key data attribute, A 1 ...A n is denoted as the data
attributes, and TC is denoted as the tuple classification attribute that
contains the security level of the tuple.
An example relation is given in Table 2.12, where a user can see the
tuples from his own security level and the tuples from all lower secu-
rity levels. A user accepts the tuples from his own security level only.
Table 2.12
Smith-Winslett Model
EMPLOYEE
DEPARTMENT
SALARY
TC
Ahmed U
Accounting
7,000
U
Ahmed S
Sales
10,000
S
 
Search WWH ::




Custom Search