A database consists of an object space that is information about objects in (some part of) the real world. Every object existing in the real world has properties, including an identity that uniquely distinguishes it from other objects. In a belief database multiple subjects are hypothesized. Subjects have varying beliefs about existence, identities, and other properties of objects. A multilevel...

Integrity is usually considered to be at odds with security in multilevel databases. Integrity constraints enforce conditions on relations between data, while security constraints enforce separation between data. If an integrity constraint is defined over data at different security levels, a direct conflict results. However, the solution is not to sacrifice the integrity constraint altogether. ...

This paper makes three contributions to the area ofmultilevel secure (MLS) work ow management systems (WFMS). First, it proposes a multilevel secure work ow transaction model. This model identi es the task dependencies in a work ow that cannot be enforced in order to meet multilevel security constraints. Second, it shows how Petri nets, a mathematical as well as a graphical tool, can be used to...

Details of a planning study for USAF computer security requirements are presented. An Advanced development and Engineering program to obtain an open-use, multilevel secure computing capability is described. Plans are also presented for the related developments of communications security products and the interim solution to present secure computing problems. Finally a Exploratory development pla...

CoPS is an automatic checker of multilevel system security properties. CoPS can be used to check three different bisimulation-based non-interference properties for systems expressed as terms of the Security Process Algebra (SPA) language. The considered properties are persistent, in the sense that they are preserved at each execution step. Moreover, they imply the Bisimulation-based Non Deducib...

A multilevel secure database is intended to protect classified information from unauthorized users based on the classification of the data and the clearances of the users. The concurrency control requirements for transaction processing in multilevel secure database management systems (MLS/DBMSs) are different from those in conventional transaction processing systems. In MLS/DBMSs, coordination ...

or Introduction Details of a planning study for USAF computer security requirements are presented. An Advanced development and Engineering program to obtain an open-use, multilevel secure computing capability is described. Plans are also presented for the related developments of communications security products and the interim solution to present secure computing problems. Finally a Exploratory...

A secure Database Management System (DBMS) will be widely adopted only if it provides a convenient base for application development. Given this assumption, we examine two questions: "Should an application’s view of the database consist of objects whose attributes are at more than one security level" and "Should a DBMS directly support such multilevel objects?" We investigate the impact on MLS a...

We describe an approach for controlling certain unauthorized inferences in a multilevel secure distributed database management system. In such a system, two or more multilevel secure database management systems are connected via a trusted network. Furthermore, the environment that we have considered is a limited heterogeneous one where not all of the nodes handle the same accreditation ranges. ...