S. Wiseman. On the Problem of Security in Data Bases. In S. Spooner and C. Landwehr, editors, Database Security, 3: Status and Prospects. North-Holland, 1990. Results of the IFIP WG 11.3 Workshop on Database Security.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....[CAST94] or [BERT94] in the framework of object oriented databases, impose that the UPDATE privilege cannot be granted on an attribute if the READ privilege has not already been granted. 1. 2 The Notion of Covert Channel Covert channels in the context of database security are widely discussed in [WISE90a] and [WISE90b] A covert channel is an unexpected means of communication which appears as a side effect of another scheme. For example, a protection mechanism always opens a new communication channel, namely the mechanism itself. Indeed, the protection mechanism can be seen as a blackboard shared ....

Wiseman, S., On the Problem of Security in Data Bases, Database Security III, Status and Prospects, Results of the IFIP WG 11.3 Workshop on Database Security, September 1989.

....new problem in building multilevel secure database management systems (DBMSs) as compared to ordinary single level DBMSs. This caveat is inescapable and absolute. We must reject outright solutions which tolerate downward signaling channels. Solutions with such channels, e.g. as proposed in [1, 9], may well be acceptable as an engineering compromise in particular situations. But they are clearly not acceptable as generalpurpose solutions. This point needs to be emphasized because security is usually the one to take the first hit in engineering trade offs. It behooves us as security ....

Wiseman, S.R. "On the Problem of Security in Data Bases." In Database Security III: Status and Prospects, (Spooner, D.L. and Landwehr, C.E., editors), North-Holland, pages 143-150 (1990). Also available as Royal Signal and Radar Establishment, U.K., Memo 4263.

....via different ways of deduction. In this paper, a survey of the access control models is presented. The emphasis is put on access control models in OODBSystems. The survey discuss neither the application of cryptographic techniques in databases security nor inference control. For references, see [2, 23, 32, 63, 86, 107, 108, 123, 145]. Sections 2 and 3 state threats to database security and the security requirements for databases, respectively. Section 4 describes the concept of the access control, the policy choices, and classifies the access control policies. In Sections 5 and 6, discretionary access control in conventional ....

....about some other high level data y. In some cases, even learning of the existence of the information may be unacceptable. An inferential link that may allow information to flow from a high security class to a low security class is called an inference channel or a covert channel. Wiseman [145] identifies four aspects of the inference problem in multi level security databases: addressing inference problem, relationship inference problem, aggregation problem, and architectonic problem. The addressing inference channel arises through the data role in addressing rather than from it being ....

S. R. Wiseman. On the Problem of Security in Databases. In D. L. Spooner and Landwehr, editors, Database Security III, pages 301--311. Elsevier Science Publishers B. V. (NorthHolland) IFIP, 1990. A An Example of a Database Schema Here is an example of an O-O database schema, which is graphically represented in

....distinguishable by their classifications or by non primary key attribute values. Since polyinstantiation significantly complicates the semantics of multilevel relations (particularly for high users) recently some solutions have appeared which attempt to do away with polyinstantiation completely [1, 13, 14]. In this paper, we take another step along this direction, and examine ways to preserve primary key requirements in multilevel relations. Of course, any solution we give will have to be secure and free of denial of service problem. The organization of the remainder of this paper is as follows. In ....

S. R. Wiseman, "On the Problem of Security in Data Bases." In Database Security III: Status and Prospects, (Spooner, D.L. and Landwehr, C.E., editors), North-Holland, 1990 pages 143-150.

....simply provides a powerful technique for supporting cover stories. Other research has sought to demonstrate that polyinstantiation is not even essential for supporting cover stories, and may be considered a poor technique since it is difficult to prevent spurious cover stories from occurring [Wiseman 90] The problem of maintaining global consistency remains in databases that restrict polyinstantiation to intentional polyinstantiation. High users who query the database and are returned high level data and low level cover stories without explanation are still faced with an inconsistent situation. ....

Wiseman, S. R., "On the Problem of Security in Data Bases," Database Security III: Status and Prospects (D. L. Spooner and C. E. Landwehr, editors), NorthHolland, 1990, pp. 143-150.

....the major new problem in building multilevel secure database management systems (DBMSs) as compared to ordinary single level DBMSs. This caveat is inescapable and absolute. We must reject outright solutions which tolerate signaling channels. Solutions with signaling channels, such as proposed in [1, 16], may well be acceptable as an engineering compromise in particular situations. But they are clearly not acceptable as general purpose solutions. This point needs to be emphasized because security is usually the one to take the first hit in engineering trade offs. It behooves us as security ....

....obscured the fundamental simplicity of this concept. Another unfortunate aspect of SeaView is the lack of a formal update semantics, recent attempts notwithstanding [12] This has led to identification of some bizarre scenarios which have mistakenly been taken to be intrinsic to polyinstantiation [16, 17]. Fortunately the security community s understanding of polyinstantiation has advanced dramatically since our initial identification of the shortcomings of SeaView s formal definitions in [5] Our contributions to this progress have been described at considerable length and with the utmost ....

Wiseman, S.R. "On the Problem of Security in Data Bases." In Database Security III: Status and Prospects, (Spooner, D.L. and Landwehr, C.E., editors), North-Holland, pages 143-150 (1990). Also available as Royal Signal and Radar Establishment, U.K., Memo 4263.

....in this case by deleting the existing S tuple for the Enterprise and inserting the new U tuple to obtain Starship Objective Destination TC Enterprise U Exploration U Talos U U For obvious reasons, no one has proposed this solution seriously. 3. Tolerate Denial of Service. The SWORD project [25] has proposed that in such situations we forbid all further insertions for all time For instance, a U user is prevented from even inserting a tuple such as (Voyager, Mining, Mars) which does not cause any key conflict. Thus, the moment a S key has been inserted no more Starships can be created by ....

Simon R. Wiseman, "On the Problem of Security in Data Bases." In Database Security III: Status and Prospects, (Spooner, D.L. and Landwehr, C.E., editors), North-Holland, 1990, pages 143-150.

....of Defense Advanced Research Projects Agency and the U.S. Air Force Rome Laboratory under contract F30602 94 C 0198, and in part by the U.S. National Science Foundation under grant ECS 94 22688. is constrained. A widely used strategy is to permit only upgrades from below. For example, in [19, 16], requests to upgrade the label of an object may be done only if the classification of the subject is dominated by the current classification of the object; label changes may be based only on information that may already flow to the label classification. Further examples of constraining relabeling ....

....of lattice (L; and relabeling policy R is an upgrade from below policy if for all relabel functions f 2 R. Then 8 s : dom f ffl (8 a : dom(f (s) ffl s a f (s) a) Providing secure system support for such policies is (relatively) straightforward to implement and examples can be found in [16, 19]. However, security policies may require upgrades from above. Consider the mark for upgrade policy. Suppose that objects are marked (for upgrading) when a high level subject (read) accesses the object, where reading an object is interpreted as a desire for future access. A naive implementation of ....

S. Wiseman. On the problem of security in databases. In Database Security III: Status and Prospects. Springer, 1989.

No context found.

S. Wiseman. On the Problem of Security in Data Bases. In S. Spooner and C. Landwehr, editors, Database Security, 3: Status and Prospects. North-Holland, 1990. Results of the IFIP WG 11.3 Workshop on Database Security.

No context found.

WISE90 Wiseman, S. R., "On the Problem of Security in Databases," in Database Security, III: Status and Prospects, pp. 301-310, edited by D. L. Spooner and C. Landwehr, NorthHolland /IFIP, 1990.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC