Basic Concept of Multilevel Database Security - Multilevel Security for Relational Databases

Database Reference

In-Depth Information

According to these rules, an update and read access are defined.

A database modification (insert, delete, and update) from a user can

only alter data at the user's security level. A query from a user at secu-

rity level L can access data from exactly those databases whose level is

not higher than the level L.

In this model, a semantics based on the concept of belief has been

added. The Smith-Winslett model is also known as the belief-based

semantics model and also introduced the concept of a base tuple.

The base tuple is the lowest security level of database tuple where the

existence of an entity is asserted. As such, the update procedure elimi-

nates the problems present in the Jajodia-Sandhu model, but restricts

the scope of an update to a single entity.

2.4.4 MLR Model

The multilevel relation (MLR) model presents the concept of data-

borrow integrity, which ensures upward information flow. Modifications

to the data at a lower security level can be automatically propagated to

higher security levels that need to borrow those data [28].

This model is concerned with eliminating the semantic ambiguity

problem in the Jajodia-Sandhu model. A user with a security level can

accept data that consist of two parts: data that have the same secu-

rity level and data that are borrowed from lower security level users.

he data a subject can see are those accepted by subjects at the data's

level or at levels below that.

The multilevel relational scheme is given as R(A PK ,C PK ,A 1 ,

C 1 ,...,A n ,C n ,TC ), where A pk is denoted as the primary key data attri-

bute, C pk is the primary key classification attribute that contains the

security level of the primary key data attribute, A 1 ... A n is denoted as

the data attributes, C 1 ...C n is denoted as the data classification attri-

butes that contain the security level of the primary key data attributes,

and TC is denoted as the tuple classification attribute that contains

the security level of the tuple.

In Table 2.13 we can see that a user with S security level has used

the UPLEVEL command to indicate that he believes the first tuple

and insert the second tuple with S security level. However, there is no

way for the user with high-level security to define his belief or disbe-

lief in the tuple.

Search WWH ::

Custom Search

Home