Re-thinking Kernelized MLS Database Architectures in the Context of Cloud-Scale Data Stores
Loading...
Authors
Nguyen, Thuy D.
Gondree, Mark
Khasalim, Jean
Irvine, Cynthia
Subjects
Advisors
Date of Issue
2015
Date
Publisher
Springer
Language
Abstract
We re-evaluate the kernelized, multilevel secure (MLS) rlational database design in the context of cloud-scale distributed data stores. The transactional properties and global integrity properties for schema-less, cloud-scale data stores are significantly relaxed in comparison to relational databases. This is a new and interesting setting for mandatory access control policies, and has been unexplored in prior research. We describe the design and implementation of a prototype MLS column-store following the kernelized design pattern. Our prototype is the first cloud-scale data store using an architectural approach for high-assurance; it enforces a lattice-based mandatory information flow policy, without any additional trusted components. We highlight several promising avenues for practical systems research in secure, distributed architectures implementing mandatory policies using Java-based untrusted subjects.
Type
Article
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Nguyen, T.D., Gondree, M., Khosalim, J. and Irvine, C., 2015, March. Re-thinking Kernelized MLS Database Architectures in the Context of Cloud-Scale Data Stores. In International Symposium on Engineering Secure Software and Systems (pp. 86-101). Springer, Cham.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.