Secure access control with high access precision
Hoppenstand, Gregory S.
Hsiao, David K.
MetadataShow full item record
When classified data of different classifications are stored in a database, it is necessary for a contemporary database system to pass through other classified data to find the properly classified data. Although the user of the system may only see data classified at the user's level, the database system itself has breached the security by bringing the other classified data into the main memory from secondary storage. Additionally, the system is not efficient as it could be because unnecessary material has been retrieved. This is a problem in access precision. This thesis proposes a solution to the access precision and pass-through problems using a database counterpart to the mathematical concept of equivalence relations. Each record of the database contains at least one security attribute (e.g., classification) and the database is divided into compartments of records; Compartments are disjoint sets, where each compartment of records has the same aggregate of security attributes. A suitable database model, the Attribute-Based Data Model, is selected, and an example of implementation is provided.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Kohler, Matthew J.; Stroud, Shawn W. (Monterey, California. Naval Postgraduate School, 1989-12);Security mechanisms on contemporary database systems typically inhibit system performance. However, without security, the database system which stores classified data of different classifications, will pass through ...
Ong, Kar Leong; Nguyen, Thuy D.; Irvine, Cynthia E. (International Conference on Information Warfare and Security (ICIW 2008), 2008-04-01);The pace of modern warfare requires tools that support intensive, ongoing collaboration between participants. Wiki technology provides a hypertext content-based collaborative authoring and information sharing environment ...
Brady, Terrance Clifford (Monterey, California. Naval Postgraduate School, 1991-09);Most military organizations maintain classified material but systems of accountability vary from one command to another. This thesis presents the design and implementation of a prototype database system, called COMMANDOC, ...