C. Meadows and S. Jajodia. Integrity versus security in multilevel secure databases. In C. E. Landwehr, editor, Database Security: Status and Prospects, pages 89--101. North-Holland, 1988.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of LDV [7] Constraints are the most important means of specifying data semantics. However, the MAC policies in existing multilevel databases provide neither a precise definition of constraint validity nor an efficient mechanism of constraint enforcement. In fact, it has been argued [1] [14] that integrity enforcement is in fundamental conflict with secrecy enforcement: no multilevel databases could simultaneously satisfy both integrity and secrecy requirements. An important characteristic of MAC policies is the upward information flow in the lattice, which indicates the 2 IEEE ....

C. Meadows and S. Jajodia. Integrity versus security in multilevel secure databases. In C. E. Landwehr, editor, Database Security: Status and Prospects, pages 89--101. North-Holland, 1988.

....discussion of the relationship between enforcement of integrity constraints and multilevel security centers on the inference channels which integrity constraints can introduce. In most cases, the enforcement of any integrity constraint referring to multilevel data will create a signaling channel [Meadows 88] One way to avoid these channels caused by enforcing entity integrity is to use polyinstantiation. 1.3 INTRODUCTION TO POLYNISTANTIATION The goal of mandatory security is to prevent the unauthorized disclosure of data by prohibiting users (or automated programs working on behalf of users) from ....

....relation and that it does not contain a null value. While the notion of a primary key is simple and well understood for classical (single level) relations, it does not have a straightforward extension to multilevel relations. A primary key s uniqueness requirement can create signaling channels [Meadows 88] One approach to avoiding these channels involves augmenting the user defined primary key with security labels associated with the primary key attributes. The concept of an apparent primary key was introduced by Denning et al. to refer to the unaugmented user defined primary key [Denning 87] A ....

Meadows, C., Jajodia, S., "Integrity Versus Security in Multi-Level Secure Databases," Database Security: Status and Prospects, ed. C. Landwehr, North Holland, 1988.

....as a mechanism to deal with primary key requirements and entity integrity or has dealt with the broader question of inference. Meadows did some early work on the conflicts of integrity and security that mainly considered approaches for maximizing integrity while eliminating inference channels [Meadows 88] Polyinstantiation and inference research are covered in the appropriate TDI companion documents. However, there are several works dealing with aspects of database integrity which go beyond just entity and referential integrity and do not fit into those areas. Notargiacomo and Wiseman have ....

C. Meadows and S. Jajodia. Integrity Versus Security in Multi-Level Secure Databases. In Database Security Status and Prospects, ed. C. Landwehr, North Holland. 1988.

....1991) Constraints are the most important means of specifying data semantics. However, the MAC policies in existing multilevel databases provide neither a precise definition of constraint validity nor an efficient mechanism of constraint enforcement. In fact, it has been argued (Burns, 1990) (Meadows, 1988) that integrity enforcement is in fundamental conflict with secrecy enforcement: no multilevel databases could simultaneously satisfy both integrity and secrecy requirements. An important characteristic of MAC policies is the upward information flow in the lattice, which indicates the ....

C. Meadows and S. Jajodia. Integrity versus security in multilevel secure databases. In C. E. Landwehr, editor, Database Security: Status and Prospects, pages 89--101. NorthHolland, 1988.

....information. Preventing unauthorized inferences is complicated both by the variety of ways in which humans infer new information and by the wide variety of information they use to make inferences. Some researchers characterize the inference problems in terms of inference channels [Morgenstern 88; Meadows 88a] SRI s research identifies three types of inference channels based on the degree to which HIGH data may be inferred from LOW data [Garvey 94] Deductive Inference Channel. The most restrictive channel, requiring a formal deductive proof (described by propositional or first order logic) showing ....

C. Meadows and S. Jajodia. Integrity Versus Security in Multi-Level Secure Databases. In Database Security: Status and Prospects, ed. Carl E. Landwehr, North-Holland, Amsterdam, pp. 89-101,1988.

....a tuple only if the former s clearance level is identical to or lower than the latter s classification level in the security lattice. The notion of integrity is problematic for multilevel relational databases. Existing approaches attempt to enforce integrity across multiple classification levels [1, 8, 15]. If a low tuple contradicts some high tuple with respect to the integrity constraints, then allowing both tuples would violate integrity, disallowing the low tuple would introduce a signaling channel a signal to low users about the existence of the high tuple, and disallowing the high tuple ....

....semantics is consistent with, and extends, the Bell LaPadula model. Compared with existing approaches, our model theoretic semantics maximizes believability without compromising integrity or introducing ambiguity. Contrary to the claim that integrity and secrecy are in fundamental conflict [1, 8, 15], our results demonstrate that integrity and secrecy could live harmoniously with each other: a multilevel relational database does not have to sacrifice one for the other. Moreover, validity checking in multilevel relational databases is comparable to that in single level relational databases in ....

C. Meadows and S. Jajodia, "Integrity versus Security in Multilevel Secure Databases"; Database Security: Status and Prospects, C. E. Landwehr (editor), North-Holland, 1988, 89-101.

....is supported by the fact that the integrity constraints in multilevel databases are different from those in conventional databases. Enforcing integrity constraints in MLS databases is difficult or even impossible, especially those constraints that are defined over data at different security levels (Meadows Jajodia 1988). Since one cannot enforce the integrity constraints, there is no reason to insist on preserving serializability for these systems. Thus, Jajodia Atluri (1992) argue that serializability requirements can be relaxed for MLS systems and propose three alternative notions of correctness levelwise ....

Meadows, C. & Jajodia, S. (1988), Integrity versus security in multi-level secure databases, in C. E.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC