Event Detection in Multilevel Secure Active Databases

The event-condition-action paradigm (also known as triggers or rules) is a powerful technology. It gives a database “active” capabilities – the ability to react automatically to changes in the database or in the environment. One potential use of this technology is in the area of multilevel secure (MLS) data processing, such as, military, where the subjects and objects are classified into different security levels and mandatory access control rules govern who has access to what. Although a lot of research appears in MLS databases, not much work has been done in the area of MLS active databases. In this paper, we look at one very important aspect of an MLS active database – event detection. An MLS rule, like any other object in an MLS database, is associated with a security level. Events in an MLS database are also associated with security levels. Since an MLS rule can be triggered by an event that is at a different security level than the rule, we cannot use the event detection techniques designed for non-MLS active databases. Using such techniques cause illegal information flow. Our goal is to propose new algorithms that prevent such illegal information flow. We first present an approach to detect primitive events – events that cannot be decomposed. Different types of primitive events can be combined using the event composition operators to form composite events. We also describe how to detect composite events using event graphs in an MLS database.