Multilevel Relational Database Research Articles

Inference Control in Secure Database

This paper investigates the inference problems due to functional dependencies (FD) and multi-valued dependencies (MVD) in a multilevel relational database with element classification schemes. The algorithms presented can greatly improve the data availability. To further deal with the indirect privacy violation, the view-based inference control method is proposed which can eliminate the secure problem brought by multi-view collusions. The theories of splitting views into the view dependency basis are the foundation of future work on the view-based inference control.

A semantic framework of the multilevel secure relational model

A multilevel relational database represents information in a multilevel state of the world, which is the knowledge of the truth value of a statement with respect to a level in a security lattice. The authors develop a semantic framework of the multilevel secure relational model with tuple-level labelling, which formalizes the notion of validity in multilevel relational databases. They also identify the multilevel security properties that precisely characterize the validity of multilevel relational databases, which can be maintained efficiently. Finally, they give an update semantics of the multilevel secure relational model that preserves both integrity and secrecy.

Guest Editors' Introduction to the Special Issue on Secure Database Systems Technology

INCE the U.S. Air Force Summer Study in 1982, several S research and development efforts in secure database management systems have been initiated. These include efforts in Secure Relational DBMS, Secure Object-Oriented DBMS, Secure Distributed IDBMS, and other topics such as inference and aggregation, policies and models, polyinstantiation, concurrency control, auditing, and role-based security. In addition to military applications, security for commercial applications such as medical information systems and banking systems have received increased attention in recent years. Since security is becoming increasingly important to many government as well as commercial organizations, and database technology is a necessity for these organizations, it is important for the various communities to be aware of the developments made in securing database systems. Due to the considerable pressing interest and concern in this area, this special issue of IEEE Transactions on Knowledge and Data Engineering is devoted to this topic. This issue consists of seven papers addressing a variety of topics in secure database systems technology. The first paper by Qian and Lunt describes a MAC policy framework for multilevel relational databases. Much of the work in multilevel secure database management systems has focussed on the relational model. Various prototype systems as well as commercial products have been developed. This paper presents a formal framework to specify mandatory access control policies for relational database systems. More recently quite a few efforts have been reported on multilevel secure object-oriented database management systems. One such effort is reported in the second paper by Thomas and Sandhu. ‘They propose a trusted subject architecture for designing multilevel secure objectoriented databases. Transaction processing in multilevel secure database management systems is a major issue. Concurrency control algorithms such as locking are known to cause covert channels. The goal in secure transaction processing is to ensure consistency as well as security. The third paper by Smith, Blaustein, . Jajodia, and Notargiacomo describes a

A MAC policy framework for multilevel relational databases

We develop a formal framework of MAC policies in multilevel relational databases. We identify the important components of MAC policies and their desirable properties. The framework provides a basis for systematically specifying MAC policies and characterizing their potential mismatches. Based on the framework, we compare and unify the MAC policies and policy components that are proposed in the literature or imposed in existing systems. Our framework could be used to capture and resolve MAC policy mismatches in the trusted interoperation of heterogeneous multilevel relational databases.

Inference channel detection in multilevel relational databases: A graph‐based approach

In a multilevel relational (MLR) database, users are not allowed to access data classified at a level higher than their own security classification. However, it may be possible for a low‐level user to infer high‐level data. This article provides methods to detect and eliminate such inference channels. A graph‐based representation of the database schema developed provides a convenient method for inference channel detection by reducing the problem to one of connectivity in the network. Inference channels are eliminated while imposing minimum restrictions on legitimate access using an algorithm based on minimum cut set identification. This approach is then extended to address the problems of abductive and probabilistic inference channels. An abductive inference channel is said to exist when information external to the database is used in the inference process. By demonstrating that only arcs between nodes in different strongly connected components may lead to abductive inference channels, the complexity of t...

Controlling FD and MVD inferences in multilevel relational database systems

The authors investigate the inference problems due to functional dependencies (FD) and multivalued dependencies (MVD) in a multilevel relational database (MDB) with attribute and record classification schemes, respectively. The set of functional dependencies to be taken into account in order to prevent FD-compromises is determined. It is proven that incurring minimum information loss to prevent compromises is an NP-complete problem. An exact algorithm to adjust the attribute levels so that no compromise due to functional dependencies occurs is given. Some necessary and sufficient conditions for MVD-compromises are presented. The set of MVDs to be taken into account for controlling inferences is determined. An algorithm to prevent MVD-compromises in a relation with conflict-free MVDs is given. >

A unified approach for multilevel database security based on inference engines

A multilevel relational database system handles data at different security classifications and provides access to users with different security clearances. Many methods for enforcing security in this environment have been investigated. This paper presents a unified approach to multilevel database security based on two ideas: a trusted filter and an inference engine. These two approaches are introduced separately and then the motivation for the unified system and the system model itself are presented.