Kernelized Database Systems Security
نویسنده
چکیده
There are two main types of security in database systems: discretionary security and mandatory security. Discretionary security restricts access to data items at the discretion of the owner. Most commercial database management systems (DBMS) employ some form of discretionary security by controlling access privileges and modes of data users (Griffiths & Wade, 1976). Discretionary security is not adequate in a multilevel secure environment, however, because it does not prevent Trojan horse attacks and provides a low level of assurance. Mandatory security, on the other hand, restricts access of data items to cleared database users. It is widely exploited in military applications and provides a high assurance. Numerous commercial and military applications require a multilevel secure database management system (MLS/DBMS). In a MLS/DBMS, database users are assigned classification levels and data items are assigned sensitivity levels. Usually, three architectures are used to provide security in MLS/DBMS. These architectures are the integrity lock or spray paint architecture, the data distribution architecture, and the kernelized architecture. The integrity lock and the data distribution architectures are outside the scope of this work. We focus only on the kernelized architecture. In the kernelized architecture, data are physically stored in separate databases or containers according to sensitivity level. A multilevel relation is thus divided into single-level relations, each stored in a separate container. All containers are under the control of the common DBMS. The security of the system is largely dependent on the security of the operating system. Hence, the DBMS security is only as good as the underlying operating system. However, it is the responsibility of the MLS/ DBMS to ensure that users can access only those data items for which they have been granted clearance. The advantages of this architecture are that it is fairly secure and the kernel needed to implement it if relatively small. However, there are also several disadvantages. One major disadvantage is performance overhead associated with managing and executing multilevel transactions. In this article, we present an efficient model for concurrency control in kernelized databases. We show that the model is correct, secure, and provides a solution to the concurrency control problem. BACKGROUND
منابع مشابه
A Kernelized Architecture for Multilevel Secure Object-Oriented Databases Supporting Write-Up
This paper presents a kernelized architecture (i.e., an architecture in which no subject is exempted from the simple-security and ?-properties) for multilevel secure (mls) objectoriented database management systems (DBMS's) which support write-up. Relational mls DBMS's typically do not allow write-up, due to integrity problems arising from the blind nature of write-up operations in these system...
متن کاملA Kernelized Architecture for Multilevel SecureObject - Oriented Databases
This paper presents a kernelized architecture (i.e., an architecture in which no subject is exempted from the simple-security and ?-properties) for multilevel secure (mls) objectoriented database management systems (DBMS's) which support write-up. Relational mls DBMS's typically do not allow write-up, due to integrity problems arising from the blind nature of write-up operations in these system...
متن کامل2 What Properties can a Kernel Enforce ?
Secure systems are often built around a “security kernel”—a relatively small and simple component that guarantees the security of the overall system. In this paper we ask whether this approach can be used to ensure system properties other than security—in particular, we are interested in whether “safety” properties can be handled in this way. Our conclusion is that kernelized system structures ...
متن کاملA single-level scheduler for the replicated architecture for multilevel-secure databases
replicated architecture for multilevel secure database systems provides security by replicating data into separate untrusted single-level database systems. To be successful, a system using the replicated architecture must have a concurrency and replica control algorithm that does not introduce any covert channels. Jajodia and Kogan have developed one such algorithm that uses update projections ...
متن کاملA Single - Level Scheduler for the Replicated Architecture for Multilevel - Secure Databases
replicated architecture for multilevel secure database systems provides security by replicating data into separate untrusted single-level database systems. To be successful, a system using the replicated architecture must have a concurrency and replica control algorithm that does not introduce any covert channels. Jajodia and Kogan have developed one such algorithm that uses update projections ...
متن کامل