Multilevel Secure Rules: Integrating the Multilevel Secure and Active Data Models

Traditional database security is made more complex by the addition of rules to the data model. The security policy must control access privileges and accessibility for rule descriptions, executing rules, and database transitions (events). In this paper we extend the multilevel secure relational model to capture the functionality required of an active database, i. e. a database with production rules, able to respond to events. Database rules and events are given explicit security classiications by introducing multilevel secure relations for each. Database rule descriptions are treated as MLS objects. All new user-deenable active components (rule actions, trigger detection daemons) conform to mandatory security constraints for subjects. An execution algorithm is given which employs cascading transactions to hide secure rule processing. Implications for implementing the new active functionality in an MLS relational database are also discussed.