Multilevel Secure Database Research Articles

Models of multilevel databases security

Multilevel security - is a security policy that allows to classify objects and users based on a system of hierarchical security levels and use this classification to organize an access control system. In relational data bases with multi-level security, any user reading or updating data in a table should be allowed to process only those lines that allow its access level represented by the security label. For each row in the table (or row attrib-ute), the privacy level is set by assigning a security label. The user can read or modify the row only if its label dominates over the label of the row. This requirement leads to the fact thatthe same domain object can be represented in the table by several records, each accessible only to users with the corre-sponding security label (the property of multi-valued rela-tions). Whereas the fundamental principles of relational data-bases building require the uniqueness of each tuple relation-ship. The way to resolve this contradiction is determined by the security model used. In addition, the multi-valued rela-tionship leads to the emergence of vulnerabilities in the form of hidden channels (covert channels), obtaining information through inference channels, semantic ambiguity and others. As an investigation direction in the field of database security, the technology of a multilevel secure database is developing rapidly. Many models of multilevel security in RDBMSs have been developed based on the Bell-Lapadul model, such as the SeaView model, the Jajodia-Sandhu model, the Smith-Wins-lett model and others that would completely or partially solve arising problems like hidden channels, semantic ambiguity, and others. However, no flawless solution or model has been proposed to date. Objective: SeaView, Jajodia-Sandhu, Smith-Winslett models analysis, identification of their advantages and disadvantages.

Transaction Processing Environment Kernelized Architecture in Multilevel Secure Application Policies

Multilevel security poses many challenging problems for transaction processing. The challenges are due to the conflicting requirements imposed by confidentiality, integrity, and availability} the three components of security. We identify these requirements on transaction processing in Multilevel Secure (MLS) database management systems (DBMSs) and survey the efforts of a number of researchers to meet these requirements .While our emphasis on centralized system based on kernelized Architecture, we briefly overview the research in the distributed MLS DBMSs as well.

Research on Multilevel Secure Database Inference Channel

In multi-level security database system, the inference problem is that a low security level user using accessible data and his own knowledge and to infer confidential information of higher security level, which constitute an attack on the database. This paper introduces a formal description of multi-level secure database systems inference channels and analyzes several common inference channels and its solution.

Analysis and Improvement of BLP Model for Multi-Level Security Database

In the current multi-level security database system, the BLP model is the most widely used security model. For the problem of data redundancy, primary key loophole and reasoning channel of the BLP model, an improved method is proposed. The proposed method consummates the read-write level and the read-write range of user, increases the audit mechanism, eliminates the primary key loophole and avoids the reasoning channel to some extent. The proposed method in this paper improves the security of the BLP model and makes the security model more practical.

Encryption-based multilevel model for DBMS

In this paper, we propose an encryption-based multilevel model for database management systems. The proposed model is a combination of the Multilevel Relational (MLR) model and an encryption system. This encryption system encrypts each data in the tuple with different field-key according to a security class of the data element. Each field is decrypted individually by the field-key of which security class is higher than or equal to that of the encrypted field-key. The proposed model is characterized by three achievements: (1) utilizing an encryption system as an additional security layer over the multilevel security layer for the database, (2) reducing the multilevel database size, and (3) improving the response time of the data retrieval from the multilevel database. Also this paper summarizes our efforts in implementing a working multilevel secure database prototype. This prototype is used as a research tool for studying principles and mechanisms of the encryption-based multilevel model and multilevel secure database (MLS/DBMS) models (SeaView, Jajodia–Sandhu, Smith–Winslett, MLR, and Belief-Consistent Model). This prototype is implemented to be used to perform a series of experiments to measure the performance cost for applying encryption in multilevel database security.

Secure concurrency control protocol with timeliness guarantees in real-time database systems

Real-time database systems (RTDBSs) are usually applied in the time-critical applications with security constraints. For these applications, RTDBSs must simultaneously satisfy two requirements in guaranteeing data security and minimizing the deadline miss ratio for admitted transactions. Multilevel secure database systems based on mandatory access control can prevent direct unlawful information flows between transactions. However, they cannot be free from illegal information transfers between transactions by means of the concurrency control mechanism, so the novel concurrency control algorithms supporting security and real-time requirements are needed for RTDBSs. In this paper, we present a novel secure real-time concurrency control algorithm (SRCC) for RTDBSs. The SRCC makes an effective tradeoff between security constraints and timing constraints by introducing secure control factor and real-time influence factor. Further, in order to obtain the better real-time performance, an enhanced SRCC called ESRCC is proposed by introducing the concept of similarity. The experimental results show that the ESRCC can ensure excellent real-time performance while guaranteeing data security.

APPROXIMATE QUERY PROCESSING USING MULTILAYERED DATA MODEL TO HANDLE ENVIRONMENTAL CONSTRAINTS, PRIVACY AND AVOIDING INFERENCES

In this paper, we describe a query approximation system which uses the Multi-Layered Database (MLDB), a collection of summarized relational data generated using domain-based concept hierarchies. The system generates approximate answers to queries to handle environmental constraints and access control levels, thus preserving the privacy and security of data. Using concept hierarchy (CH), we generalize attributes to transform base relations to different layers of summarized relations corresponding to access control levels. The summary databases thus formed are the compression of the tuples in the main database using the CH constructed using the domain set. The query is rewritten by traversing the MLDB layers according to the user's access control level. We present summarization methods, query rewriting algorithms, implementation and experimental results of the system. In addition, we analyze some of the known inferences in Multi Level Secure (MLS) databases and then proceed to explore their effects on an approximate query processor that uses the MLDB model. The common relationships among inferential queries are found by analyzing them, and are used in possible solutions to detect and prevent inference problems. These patches are added to the query processor in MLDB to form a system that provides approximate results by preserving privacy and at the same time block the possible inferences. We have observed that these extra patches introduce only very small overheads in the MLDB generation and query processing.

Towards a Temporal Multilevel Secure Database (TMSDB)

Standard Relational Databases are used to store the state of reality at a single moment of time. Temporal Databases are used to store Time-Varying Data. Multilevel Secure Databases are used to securely store highly sensitive data. Each of these databases serves its purpose well, but if we were to model the temporal and sensitive aspect of the real world data, we will not be able to use any of the previously mentioned databases. Our aim here is to develop a new database model that can be used to model multilevel secure temporal data.

On Logical Foundations of Multilevel Secure Databases

It is envisaged that the application of the multilevel security (MLS) scheme will enhance flexibility and effectiveness of authorization policies in shared enterprise databases and will replace cumbersome authorization enforcement practices through complicated view definitions on a per user basis. However, the critical problem with the current model is that the belief a higher security level is cluttered with irrelevant or inconsistent data as no mechanism for attenuation is supported. Critics also argue that it is imperative for MLS database users to theorize about the belief of others, perhaps at different security levels, an apparatus that is currently missing and the absence of which in seriously felt.The impetus for our current research is the need to provide an adequate framework for belief reasoning in MLS databases. In this paper, we show that these concepts can be captured in a F-logic style declarative query language, called MultiLog, for MLS deductive databases for which a proof theoretic, model theoretic and fixpoint semantics exist. This development is significant from a database perspective as it now enables us to compute the semantics of MultiLog databases in a bottom-up fashion. We also define a bottom up procedure to compute unique models of stratified MultiLog databases. Finally, we establish the equivalence of MultiLog's three logical characterizations--model theory, fixpoint theory and proof theory.

Secure one snapshot protocol for concurrency control in real-time stock trading systems

To prevent any data from being accessed by unauthorized users, it is necessary for stock trading systems (STS) to use multilevel secure database management systems in controlling concurrent executions among multiple transactions. In STS, analytical transactions as well as mission critical transactions are executed concurrently, which makes it difficult to use traditional secure real-time transaction management schemes for STS environment. In this paper, we propose the read-down relationship-based secure one snapshot protocol (SOS) that is devised for the secure real-time transaction management in STS. By maintaining an additional one snapshot as well as working database, SOS blocks covert-channels without causing the priority inversion phenomenon. We introduce the process of SOS protocol with some examples, present the proofs of devised protocol, and then evaluate the performance gains by means of simulation method.

Closing the key loophole in MLS databases

There has been an abundance of research within the last couple of decades in the area of multilevel secure (MLS) databases. Recent work in this field deals with the processing of multilevel transactions, expanding the logic of MLS query languages, and utilizing MLS principles within the realm of E-Business. However, there is a basic flaw within the MLS logic, which obstructs the handling of clearance-invariant aggregate queries and physical-entity related queries where some of the information in the database may be gleaned from the outside world. This flaw stands in the way of a more pervasive adoption of MLS models by the developers of practical applications. This paper clearly identifies the cause of this impediment -- the cover story dependence on the value of a user-defined key -- and proposes a practical solution.

Implementing Belief-Consistent Multilevel Secure Relational Data Model: Issues and Solutions

This paper summarizes our efforts in implementing a working multi-level secure database prototype. We have chosen Belief-Consistent Multilevel Secure Relational Data Model (BCMLS) as a basis for our prototype because of its comprehensive semantics for interpreting all stored information. While semantically superior to other models, this model has not been implemented as a working system before. Our prototype, which was created on an Informix database server with a PHP web client, enables insertion, deletion and update of multi-level data while addressing the underlying model complexities through a number of original solutions.

무선 이동 네트워크 환경에서 다단계 보안 데이터베이스를 위한 분산 이타적 잠금 기법

본 논문에서는 무선 이동 네트워크 환경에서 다단계 보안 데이터베이스의 동시성 제어를 위한 향상된 트랜잭션 스캐쥴링 프로토콜을 제안한다. 무선 통신은 잦은 접속단절의 특성을 가지고 있다. 따라서 단기 트랜잭션은 장기 트랜잭션으로 인한 지연이 없이 데이터베이스를 빨리하여야 한다. 전통적인 직렬성 표기를 가진 두단계 잠금 기법을 무선 이동 네트워크 환경에서 다단계 보안 데이터베이스에 적용했다. 이타적 잠금기법은 기부를 통하여 트랜잭션이 더 이상 그 객체를 요구하지 않을 때 다른 트랜잭션들이 객체를 로크할 수 있도록 미리 객체에 대한 로크를 해제함으로써 트랜잭션들이 대기시간을 줄이기 위해서 제안된 것이다. 확장형 이타적 잠금기법은 처음에 기부되지 않는 객체까지도 처리하는 좀 더 완화된 기법이다. 본 프로토콜은 확장형 잠금 기법을 기초로 한 다단계 보안 데이터베이스를 위한 양방향 기부 잠금 규약(MLBiDL)으로 보안 요구와 동시성 제어를 동시에 만족한다. 시뮬레이션 결과 MLBiDL은 다른 잠금 기법들보다 처리율과 트랜잭션의 평균 대기시간에서 우수한 성능을 보여주었다. We propose an advanced transaction scheduling protocol for concurrency control of multilevel secure databases in wireless mobile network environment. Wireless communication is characterized by frequent spurious disconnections. So short-lived transaction must quickly access database without any delay by long-lived one. We adapted two-phase locking protocol, namely traditional syntax-oriented serializability notions, to multilevel secure databases in wireless mobile network environment. Altruistic locking, as an advanced protocol, has attempted to reduce delay effect associated with lock release moment by use of the idea of donation. An improved form of a1truism has also been deployed for extended a1truistic locking. This is in a way that scope of data to he early released is enlarged to include even data initially not intended to be donated. Our protocol is based on extended altruistic locking, but a new method, namely bi-directional donation locking for multilevel secure databases (MLBiDL), is additionally used in order to satisfy security requirements and concurrency. We showed the Simulation experiments that MLBiDL outperforms the other locking protocols in terms of the degree of throughput and average waiting time.

Maintaining security and timeliness in real-time database system

Real-time database systems can have security constraints in addition to timing constraints. Such real-time systems are typically contained in environments that exhibit hierarchical propagation of information, where mandatory access control for security is required. Conventional multilevel secure (MLS) database models that implement mandatory access control are inadequate for time-critical applications and conventional real-time database models do not address security constraints. The objective of this work is to incorporate security constraints in real-time database systems in such a way that not only is security achieved, but achieving security does not degrade real-time performance significantly in terms of deadlines missed. We present two concurrency control algorithms for secure real-time databases: the Secure two-phase locking high priority (2PLHP) algorithm is based on a two-phase locking protocol and the Secure optimistic concurrency control (OPT) algorithm uses the properties of an optimistic concurrency protocol. We implement the two algorithms and study their performance using a real-time database system simulation model. Our study covers both soft and firm real-time databases. Results show that both the algorithms perform fairly well in terms of security and timeliness compared to non-secure algorithms. We show that achieving increased security does not necessarily mean an increased sacrifice in real-time performance.

A nested transaction model for multilevel secure database management systems

This article presents an approach to concurrency control for transactions in a Multilevel Secure Database Management System (MLS/DBMS). The major problem is that concurrency control mechanisms used in traditional DBMSs are not adequate in a MLS/DBMS, since they may be exploited to establish covert channels. The approach presented in this article, which uses single-version data items, is based on the use of nested transactions, application-level recovery, and notification-based locking protocols. All these features allow us to develop a concurrency control mechanism that is free of timing channels and avoids many of the shortcomings of the concurrency control mechanisms so far developed for conventional (i.e., flat) transactions, such as transaction starvation and resource wastage.

Multilevel secure transaction processing1

Since 1990, transaction processing in multilevel secure database management systems (DBMSs) has been receiving a great deal of attention from the security community. Transaction processing in these systems requires modification of conventional schedu

Multilevel secure transaction processing

Since 1990, transaction processing in multilevel secure database management systems (DBMSs) has been receiving a great deal of attention from the security community. Transaction processing in these...

Read-down conflict-preserving serializability as a correctness criterion for multilevel-secure optimistic concurrency control: CSR/RD

It is important to note that conflict-preserving serializability and related theory are artifacts of an era of database development where correctness alone was the overriding concern. With the advent of multilevel-secure databases, there is clearly a need to reexamine such theories. Any correctness criterion to govern transaction processing in the multilevel security context has to incorporate both secureness and correctness in a unified manner. This paper makes original contributions in two different but closely related areas to the optimistic concurrency control in multilevel-secure, single-version databases. First, read-down conflict-preserving serializability (CSR/RD) captures multilevel-secure database consistency requirements and secure transaction correctness properties via a single notion. Second, it presents a multilevel-secure optimistic concurrency control (MLS/OCC) scheme that has several desirable properties: If lower-level transactions were somehow allowed to continue with their executions in spite of the conflict with high-level transactions, covert timing-channel freeness would be satisfied. This sort of optimistic approach for conflict insensitiveness and the properties of non-blocking and deadlock freedom make the optimistic concurrency control scheme especially attractive to multilevel-secure transaction processing.

Belief reasoning in MLS deductive databases

It is envisaged that the application of the multilevel security (MLS) scheme will enhance flexibility and effectiveness of authorization policies in shared enterprise databases and will replace cumbersome authorization enforcement practices through complicated view definitions on a per user basis. However, as advances in this area are being made and ideas crystallized, the concomitant weaknesses of the MLS databases are also surfacing. We insist that the critical problem with the current model is that the belief at a higher security level is cluttered with irrelevant or inconsistent data as no mechanism for attenuation is supported. Critics also argue that it is imperative for MLS database users to theorize about the belief of others, perhaps at different security levels, an apparatus that is currently missing and the absence of which is seriously felt. The impetus for our current research is this need to provide an adequate framework for belief reasoning in MLS databases. We demonstrate that a prudent application of the concept of inheritance in a deductive database setting will help capture the notion of declarative belief and belief reasoning in MLS databases in an elegant way. To this end, we develop a function to compute belief in multiple modes which can be used to reason about the beliefs of other users. We strive to develop a poised and practical logical characterization of MLS databases for the first time based on the inherently difficult concept of non-monotonic inheritance. We present an extension of the acclaimed Datalog language, called the MultiLog, and show that Datalog is a special case of our language. We also suggest an implementation scheme for MultiLog as a front-end for CORAL.

Modelling data secrecy and integrity

The paper describes a semantic data model used as a design environment for multilevel secure database applications. The proposed technique is built around the concept of security classification constraints (security semantics) and takes into account that security restrictions may either have effects on the static part of a system, on the behavior of the system (the system functions), or on both. As security constraints may influence each other appropriate integrity mechanisms are necessary and modelling of a multilevel application must be data as well as function driven. This functionality is included in the proposed semantic data model for multilevel security by developing secure data schemas, secure function schemas, a procedure for alternating iterative refinements on either schema, and a powerful integrity system to check the consistency of the classification constraints and of the multilevel secure database application.