Mandatory security policy enforcement in commercial off the shelf database management system software : a comparative analysis of Informix-Online/Secure and trusted ORACLE
Muschalek, Keith Edward
Irvine, Cynthia E.
Wu, C. Thomas
MetadataShow full item record
The objective of this thesis is to analyze the mandatory access control (MAC) features of two commercial multilevel trusted database management systems (DBMS): Trusted ORACLE 7 and Informix-OnLine/Secure 5.0. We are attempting to determine how the problem of multilevel sharing of information is addressed in each multilevel secure DBMS. Commercially available documentation is used to examine the mandatory access controls enforced on labeled subjects and labeled objects and to compare them to the Class B1 requirements for MAC and labeling set forth in the Trusted Computer System-Evaluation Criteria (TCSEC). A decomposition of the TCSEC requirements for MAC and labeling is mapped to the DBMS documentation to determine if the Class B1 requirements are met by each DBMS. With the TCSEC mapping as a reference, the interface features in support of MAC are analyzed and compared between the products. This analysis shows that each DBMS uses different schema objects and privilege sets to enforce its mandatory security policy. The MAC mechanism of each product is based on the Bell-LaPadula security model, extended to prohibit the writeup of data from lower level subjects to higher level objects. Each DBMS allows traditional trusted subjects to writedown data. When special privileges are granted to users, readups and writeups are permitted in both DBMSs. Database security, Multilevel secure database management systems, B1 DBMS, TCSEC Analysis, Database analysis, Database evaluations.
Showing items related by title, author, creator and subject.
Shaffer, Alan B.; Irvine, Cynthia E.; Levin, Timothy E.; Auguston, Mikhail (Monterey, California. Naval Postgraduate School, 2008-09-19); NPS-CS-08-015Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. ...
Auguston, Mikhail; Levin, Timothy; Shaffer, Alan; Irvine, Cynthia E. (Association for Computing Machinery (ACM), 2005-06-30);Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. ...
Nguyen, Thuy D.; Gondree, Mark; Khasalim, Jean; Irvine, Cynthia (Springer, 2015);We re-evaluate the kernelized, multilevel secure (MLS) rlational database design in the context of cloud-scale distributed data stores. The transactional properties and global integrity properties for schema-less, cloud-scale ...