Supporting Secure Canonical Upgrade Policies in Multilevel Secure Object Stores
نویسنده
چکیده
Secure canonical upgrade policies are multilevel relabel policies that, under certain conditions, allow high-level subjects to update low-level security labels. This paper describes a scheme whereby these policies can be supported within the Message Filter Model for multilevel secure object-oriented database management systems.
منابع مشابه
Data Integrity Limitations in Highly Secure Systems
We discuss a class of computer/network architectures that supports multilevel security while utilizing commercial-off-the-shelf (COTS) workstations and COTS productivity software applications. We show that a property of these architectures is that, while supporting multilevel confidentiality policies, they do not generally support partially ordered integrity policies: specifically, these archit...
متن کاملRe-thinking Kernelized MLS Database Architectures in the Context of Cloud-Scale Data Stores
We re-evaluate the kernelized, multilevel secure (MLS) relational database design in the context of cloud-scale distributed data stores. The transactional properties and global integrity properties for schema-less, cloud-scale data stores are significantly relaxed in comparison to relational databases. This is a new and interesting setting for mandatory access control policies, and has been une...
متن کاملAn Extended Petri Net Model for Supporting Workflows in a Multilevel Secure Environment
This paper makes three contributions to the area ofmultilevel secure (MLS) work ow management systems (WFMS). First, it proposes a multilevel secure work ow transaction model. This model identi es the task dependencies in a work ow that cannot be enforced in order to meet multilevel security constraints. Second, it shows how Petri nets, a mathematical as well as a graphical tool, can be used to...
متن کاملVulnerability to Flash Controller for Secure USB Drives
This paper analyzes a vulnerability in the flash controller for secure USB drives, which is meant to enable secure USB drives to prevent unauthorized access to the data stored on them. This controller divides a driver into several partitions, one of which is configured as a secure area to store secret information. Generally, secure USB drives supporting multiple partitions may have three differ...
متن کاملSupporting Timing-Channel Free Computations in Multilevel Secure Object-Oriented Databases
In an earlier paper [3], Jajodia and Kogan proposed a message lter approach to enforcing mandatory security in multilevel object-oriented databases. The key idea in the message lter model is that all information exchange be permitted solely through messages and that security be enforced by a message lter component that mediates these messages. In a recent paper [8] the authors proposed a kernel...
متن کامل