Databases Reference
In-Depth Information
3.
A subject can execute a method if the subjects security level domi-
nates the security level of the method and that of the class with
which the method is associated.
4.
A method executes at the level of the subject who initiated the
execution.
5.
During the execution of a method, m
1
, if another method, m
2
, has
to be executed, m
2
can execute only if the execution level of m
1
dominates the levels of m
2
and of the class with which m
2
is
associated.
6.
Reading and writing of objects during method execution are gov-
erned by rules 1 and 2.
Different architectures for implementing a system based on the SORION
model have been examined, and an approach in which the TCB enforces all
MAC has been proposed. Basically, the system runs as an untrusted applica-
tion on a general-purpose TCB. The TCB controls all access to read, write,
and method execution.
11.4.5.3 Millen-Lunt Model
Millen and Lunt have proposed a secure object model for knowledge-based
applications, based on a layered architecture [38]. At the lowest layer is the
security kernel, which provides MAC. At the next layer is the object system,
which implements object-oriented services, providing the abstraction of
objects, methods, and messages. The object system layer is assumed to be lay-
ered with respect to mandatory security. Here are the security properties of
the model.
The hierarchy property states that the level of an object dominates
that of its class.
·
The subject-level property states that the level of a subject created to
handle a message dominates both the level of the subject that origi-
nated the message and the level of the object receiving the message.
·
The object locality property states that a subject can execute methods
or read variables only in the object where it is located or any super-
class of that object. It can write variables only in that object.
·
The *-property states that a subject may write into an object where
the subject is located only if its security level is equal to that of the
object.
·
