A multilevel secure constrained intrusion detection system prototype
Ang, Kah Kin.
Irvine, Cynthia E.
Nguyen, Thuy D.
MetadataShow full item record
The Monterey Security Architecture (MYSEA) provides a distributed multilevel secure (MLS) environment consisting of a MLS local area network (LAN) and multiple single-level networks. The MYSEA server enforces a mandatory access control policy to ensure that users can only access data for which they are authorized. Intrusion detection systems (IDS) placed on a single-level network can store the alerts in the IDS databases at the same classification level as the network being monitored. As most databases do not support the enforcement of mandatory security policies, access to these databases is restricted to singlelevel access only. Thus, administrators are not presented with a coherent view of IDS alerts from all of the connected networks. The objective of this thesis is to design a database proxy to allow administrators to view and analyze IDS information at multiple classification levels while enforcing the systems overall mandatory policy. Based on the derived concept of operations and the requirements, a design for the database proxy that mediates access to databases at different levels was conceived. A prototype database proxy was implemented along with modifications to a web-based analysis tool to allow the viewing and analysis of IDS information at multiple classification levels.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Cince, Turgay (Monterey, California. Naval Postgraduate School, 1993-09);One side effect of the proliferation of relational databases within a single organization is that sharing of data to access a global information base is difficult. People erroneously assume that since almost all of the ...
Hammoudi, Faouzi.; Nygard, Greg L. (Monterey, California. Naval Postgraduate School, 2002-03);Much of the work to date to apply Role-Based Access Control (RBAC) to database management systems has focused on single database systems or an integrated distributed database system. For situations where the need exists ...
Conley, Kathy; Galdorisi, George; Brockman, Brent; Diercks, Patty; George, Amanda; Lam, Wanda; Lozano, Analiza; Painter, Rita; Tolentino, Glenn (Monterey, California. Naval Postgraduate School, 2014-06);One of the key lessons learned from analysis of Joint operations is the information that was available to operations planners was not discovered and therefore not utilized ? impeding the flow from data, to information, ...