Security constraint processing in a multilevel secure distributeddatabase management system

In a multilevel secure distributed database management system, users cleared at different security levels access and share a distributed database consisting of data at different sensitivity levels. An approach to assigning sensitivity levels, also called security levels, to data is one which utilizes constraints or classification rules. Security constraints provide an effective classification policy. They can be used to assign security levels to the data based on content, context, and time. We extend our previous work on security constraint processing in a centralized multilevel secure database management system by describing techniques for processing security constraints in a distributed environment during query, update, and database design operations     

一个改进的主从结构表安全数据模型

到目前为止,大量的文献已经提出了许多用以实现多级安全数据库系统的安全模型,不同的模型有不同的优点。本文针对原有主从结构表安全模型容易产生语义模糊性和操作不完备性等问题,提出了一个能够消除语义模糊性和操作不完备性的新的主从结构表模型。该模型增加了基元组和数据继承的概念,重新定义了多实例完整性和参照完整性,将PUPDATE操作和数据继承完整性引入该模型,大大增强了系统的安全性和非二义性。     

Modeling security-relevant data semantics

The use of an extended data model which represents both integrity and secrecy aspects of data is demonstrated. This Semantic Data Model for Security (SDMS) provides a technique that assists domain experts, security officers, and database designers in first understanding their security requirements, and then translating them into a good database design. Identifying security requirements at this semantic level provides the basis for analyzing the security requirements and the database design for inference and signaling vulnerabilities. Another contribution is a comprehensive taxonomy of security-relevant data semantics that must be captured and understood to implement a multilevel secure automated information system     

安全数据库系统中的事务

在多级安全数据库系统中经典的BLP模型的“向上写”违反了数据库的完整性,并产生隐通道和带来多实例问题,事务间的提交和回退依赖也会产生隐通道,在对事务安全性分析的基础上提出了安全事务模型和安全事务正确性标准一安全冲突可串行化(SCSR),最后给出了一个避免隐通道的安全并发控制算法．     

多级安全数据库设计中的约束处理

安全约束为多级安全数据库系统提供了一种有效的分类策略，可用来为基于时间、语境和内容的数据分派安全等级．本文讨论了数据库设计过程中的安全约束处理技术，并提出了处理基于关联的约束、简单约束和逻辑约束的算法．     

A semantic framework of the multilevel secure relational model

A multilevel relational database represents information in a multilevel state of the world, which is the knowledge of the truth value of a statement with respect to a level in a security lattice. The authors develop a semantic framework of the multilevel secure relational model with tuple-level labelling, which formalizes the notion of validity in multilevel relational databases. They also identify the multilevel security properties that precisely characterize the validity of multilevel relational databases, which can be maintained efficiently. Finally, they give an update semantics of the multilevel secure relational model that preserves both integrity and secrecy     

Designing secure databases

Security is an important issue that must be considered as a fundamental requirement in information systems development, and particularly in database design. Therefore security, as a further quality property of software, must be tackled at all stages of the development. The most extended secure database model is the multilevel model, which permits the classification of information according to its confidentiality, and considers mandatory access control. Nevertheless, the problem is that no database design methodologies that consider security (and therefore secure database models) across the entire life cycle, particularly at the earliest stages currently exist. Therefore it is not possible to design secure databases appropriately. Our aim is to solve this problem by proposing a methodology for the design of secure databases. In addition to this methodology, we have defined some models that allow us to include security information in the database model, and a constraint language to define security constraints. As a result, we can specify a fine-grained classification of the information, defining with a high degree of accuracy which properties each user has to own in order to be able to access each piece of information. The methodology consists of four stages: requirements gathering; database analysis; multilevel relational logical design; and specific logical design. The first three stages define activities to analyze and design a secure database, thus producing a general secure database model. The last stage is made up of activities that adapt the general secure data model to one of the most popular secure database management systems: Oracle9i Label Security. This methodology has been used in a genuine case by the Data Processing Center of Provincial Government. In order to support the methodology, we have implemented an extension of Rational Rose, including and managing security information and constraints in the first stages of the methodology.     

多级安全数据库保密性和数据完整性研究

保密性、完整性和可用性是多级安全数据库必须具备的三要素,然而完整性和保密性的要求往往不一致,现有的多级安全系统一般采用牺牲数据完整性和可用性的方法来获得较高的保密性。该文通过对传统安全模型进行改造,使之具有较高的保密性、数据完整性和可用性。     

一种新的安全Petri网及其多级安全机制分析

1 引言 Petri网(PN)是一种重要的动态并发系统建模方法,具有因果相关、支持并发、异步和冲突消解等诸多优点,已广泛应用于复杂动态系统建模与仿真验证,例如协议分析、工作流建模、数据库设计等。随着信息安全问题日益突出,迫切需要PN支持多级安全策略的系统建模,使得用PN建立的模型具有良好的多级安全保护机制。但是,现有的PN并不直接支持多级安全系统建模,而且目前对安全PN的研究文献很少。虽然V.Atluri和W.K.Huang等基于着色时间网(CTPN)提出了一种用于多级安全工作流系统建模的安全PN,但他们只考虑了变迁之间的控制安全和时间安全约束,     

基于实体语义的多级安全数据模型

提出了一种基于实体语义的多级安全数据模型。该模型借鉴了Smith-Winslett模型基于置信的语义和MLR模型数据借用的思想。定义了ESM数据模型,并捕述了它的4个完整性性质和4个数据操作。ESM模型消除了语义模糊性,同时又保持了向上的信息流。证明了ESM模型的正确性、完备性和安全性。     

基于免疫体系的安全数据库结构设计研究

提出了基于免疫体系的安全数据库四层结构：身份认证层,存取控制层,约束安全层,适应性检测层。并给出了约束安全层和适应性检测层的予层结构。将约束安全层分为完整性约束、分级和推理约束、访问约束和应用语义约束四个予层,将适应性检测层分为数据库活动级、关系模式级、事务级和应用语义级四个子层。构造了一个多层多级的数据库安全体系,最后给出了具体实现方案。     

异构数据库间数据安全交换技术研究

随着信息技术的迅速发展和电子商务／电子政务的广泛应用,异构数据库间的信息安全交换变得日益频繁和重要。论文提出了基于XML文档和相应的加密和数字签名技术实现不同数据库之间数据安全交换的方法。通过XML文档和数据库模式之间基于表的模型映射,较好地实现了异构数据库之间的透明互操作;利用加密和数字签名技术保证了重要数据的安全性和不可抵赖性。     

Set restrictions for semantic groupings

Most research on semantic integrity has taken place in the traditional database fields, specifically the relational data model. Advanced models, such as semantic and object-oriented data models, have developed higher level abstractions to increase their expressive power in order to meet the needs of newly emerging application domains. This allows them to incorporate some semantic constraints directly into their schemas. There are, however, many types of restrictions that cannot be expressed solely by these high-level constructs. Therefore we extend the potential of advanced models by augmenting their abstractions with useful set restrictions. In particular, we identify and formulate four of their most common semantic groupings: set groupings, is-a related set groupings, power set groupings, and Cartesian product groupings. For each, we define a number of restrictions that control its structure and composition. We exploit the notion of object identity for the definition of these semantic restrictions. This permits each grouping to capture more subtle distinctions of the concepts in the application environment, as demonstrated by numerous examples throughout this paper. The resulting set of restrictions forms a general framework for integrity constraint management in advanced data models     

Standards for XML and Web services security

XML schemas convey the data syntax and semantics for various application domains, such as business-to-business transactions, medical records, and production status reports. However, these schemas seldom address security issues, which can lead to a worst-case scenario of systems and protocols with no security at all. At best, they confine security to transport level mechanisms such as secure sockets layer (SSL). On the other hand, the omission of security provisions from domain schemas opens the way for generic security specifications based on XML document and grammar extensions. These specifications are orthogonal to domain schemas but integrate with them to support a variety of security objectives, such as confidentiality, integrity, and access control. In 2002, several specifications progressed toward providing a comprehensive standards framework for secure XML-based applications. The paper shows some of the most important specifications, the issues they address, and their dependencies.     

基于扩展客体层次结构的安全数据库策略模型

安全策略模型是安全可信系统的基础.Bell-LaPadula模型是多级安全系统中广泛应用的安全策略模型,但它缺乏针对数据模型的完整性和一致性规则.以该模型为基础,针对数据库系统的数据模型,提出了一个以扩展客体层次结构为基础的安全策略模型.模型通过扩展客体层次结构使完整性成为模型的内在属性,并引入或重新定义了客体域、扩展安全公理和操作规则.模型更加适应多级安全数据库系统的要求,增强了策略模型与系统规格和高层模型的一致性.普遍性和通用性安全模型的扩展和增强,特别是安全性以外的特性的引入是安全策略模型向实际系统模型转化的必要步骤.     

The SeaView security model

A multilevel database is intended to provide the security needed for database systems that contain data at a variety of classifications and serve a set of users having different clearances. A formal security model for such a system is described. The model is formulated in two layers, one corresponding to a reference monitor that enforces mandatory security, and the second an extension of the standard relational model defining multilevel relations and formalizing policies for labeling new and derived data, data consistency, and discretionary security. The model also defines application-independent properties for entity integrity, referential integrity, and polyinstantiation integrity     

A trusted subject architecture for multilevel secureobject-oriented databases

We address security in object-oriented database systems for multilevel secure environments. Such an environment consists of users cleared to various security levels, accessing information labeled with varying classifications. Our purpose is three-fold. First, we show how security can be naturally incorporated into the object model of computing so as to form a foundation for building multilevel secure object-oriented database management systems. Next, we show how such an abstract security model can be realized under a cost-effective, viable, and popular security architecture. Finally, we give security arguments based on trusted subjects and a formal proof to demonstrate the confidentiality of our architecture and approach. A notable feature of our solution is the support for secure synchronous write-up operations. This is useful when low level users want to send information to higher level users. In the object-oriented context, this is naturally modeled and efficiently accomplished through write-up messages sent by low level subjects. However, such write-up messages can pose confidentiality leaks (through timing and signaling channels) if the timing of the receipt and processing of the messages is observable to lower level senders. Such covert channels are a formidable obstacle in building high-assurance secure systems. Further, solutions to problems such as these have been known to involve various tradeoffs between confidentiality, integrity, and performance. We present a concurrent computation model that closes such channels while preserving the conflicting goals of confidentiality, integrity, and performance. Finally, we give a confidentiality proof for a trusted subject architecture and implementation and demonstrate that the trusted subject (process) cannot leak information in violation of multilevel security     

Semantic integrity support in SQL:1999 and commercial (object-)relational database management systems

The correctness of the data managed by database systems is vital to any application that utilizes data for business, research, and decision-making purposes. To guard databases against erroneous data not reflecting real-world data or business rules, semantic integrity constraints can be specified during database design. Current commercial database management systems provide various means to implement mechanisms to enforce semantic integrity constraints at database run-time. In this paper, we give an overview of the semantic integrity support in the most recent SQL-standard SQL:1999, and we show to what extent the different concepts and language constructs proposed in this standard can be found in major commercial (object-)relational database management systems. In addition, we discuss general design guidelines that point out how the semantic integrity features provided by these systems should be utilized in order to implement an effective integrity enforcing subsystem for a database. Received: 14 August 2000 / Accepted: 9 March 2001 / Published online: 7 June 2001     

基于规则的关系数据库到本体的转换方法

提出了一种新的全自动的关系数据库到本体的转换方法,通过分析关系模式的主键、属性、引用关系、完整性约束和部分数据来创建本体,尽量保持了关系数据库的信息,并在构建的过程中对信息进行初步的集成和分类.系统实践证明,该方法可自动进行关系模式和数据到本体的等价转换,而且完成了对关系数据库中部分语义信息的辅助挖掘.