An introduction to multilevel secure relational database management systems

Multilevel Security (MLS) is a capability that allows information with different classifications to be available in an information system, with users having different security clearances and authorizations, while preventing users from accessing information for which they are not cleared or authorized. It is a security policy that has grown out of research and development efforts funded mostly by the U.S. Department of Defense (DoD) to address some of the drawbacks of the single level mode of operation that was used at the DoD. The goal was to build and deploy an MLS-compliant environment (e.g., Networks, Operating Systems, Database Systems) that would provide a much needed efficiency in processing and distributing classified information by providing security through computer security, communications security, and trusted system techniques instead of using physical controls, administrative procedures, and personnel security. As Relational Database Management Systems (RDBMS) are at the heart of the DoD’s information system, significant research and development efforts have been put into building multilevel secure RDBMS, which have led to the emergence Copyright c © 2004 IBM Canada Ltd., 2004. Permission to copy is hereby granted provided the original copyright notice is reproduced in copies made. of a number of multilevel secure RDBMS solutions, including commercial ones. Over the past few years and with the increase of security concerns, MLS compliance has become a major requirement from a number U.S. Federal Government agencies that appear to have grown beyond the traditional agencies that require such type and level of security. This paper introduces MLS, and outlines the challenges and complexities of building a multilevel secure RDBMS. The paper also gives concrete examples of both research and commercial multilevel secure RDBMS and describes how they met the above challenges and complexities.