Logical Foundations of Multilevel Databases

International audienceIn this paper, we propose a formal model for multilevel databases. This model aims at being a generic model, that is it can be interpreted for any kind of database (relational, object-oriented...). Our model has three layers. The first layer corresponds to a model for a non-protected database. The second layer corresponds to a model for a multilevel database. In this second layer, we propose a list of theorems that must be respected in order to build a secure multilevel database. We also propose a new solution to manage cover stories without using the ambiguous technique of polyinstantiation. The third layer corresponds to a model for a MultiView database, that is, a database that provides at each security level a consistent view of the multilevel database. Finally, as an illustration, we interpret our 3-layer model in the case of an object-oriented database

The Complete MLSK Model—incorporation of lattice operations and XML implementation

Many multilevel security relational models have been proposed and different models offer different advantages. In this paper, we adapt and refine some of the best ideas from these models and add new ones of own to extend our Multilevel Security with Key-polyinstantiation (MLSK) relational model. MLSK now supports relational algebra and user lattice manipulations while ensuring that the soundness, completeness and security that it originally guaranteed are not compromised. We also implement MLSK in a non-relational scenario, thereby demonstrating the extensibility of the model to other environments

Security Versus Integrity in Information Systems

Security and integrity are frequently competing characteristics in an information system. Sectirity implies that a user can only access a specific subset of the information in the system, namely that information which the user has permission to access. Integrity implies that the information is correct , i.e., that it satisfies the constraints, rules and conditions contained in the information system. A problem arises when a user who is unable to access certain information because of security restrictions, is left with an incorrect or inconsistent view of the information system. In this paper we define an information organizational structure and policy which permits security and integrity to co-exist. Our approach, called the xKB approach, specifies an area of the information system for those objects which meet the integrity requirements for a particular user but not the integrity constraints of the information system as a whole. Earlier versions and components of our approach are described in [Steinke, 1991]. Section 2 provides an example of the problem of providing security and maintaining integrity. Section 3 reviews past approaches to the problem and section 4 describes the xKB approach to solving the conflict between security and integrity. Section 5 provides a summary. Comments on the implementation of the xKB approach are found in section 6

Is Polyinstantation Morally Blameworthy?

In the area of database/computer security the problem of polyinstantiation is widely recognized. The research on polyinstantiation can be considered morally questionable, since it involves lying. This paper analyses whether the research and practice on the problem of polyinstantiation is morally blameworthy or praiseworthy in a general sense. The morality of polyinstantiation shall be critically analysed from the viewpoint of a moral philosophical framework. The moral philosophical framework used includes 1) Kantian ethics, 2) the impartial universality thesis advocated by Hare, Rawls, Gewirth, Jewish- Christian ethics, and Confucian ethics, 3) utilitarianism, and 4) Theory of Information Ethics (IE) by Floridi. The result of this analysis suggests that polyinstantiation is morally questionable, at least in the light of the chosen moral philosophical theories. The aim of the paper is not, however, to deem polyinstantiation as morally wrong altogether, but to provide researchers and practitioners with tools and insights for analysing the morality of polyinstantiation in different cases. Moreover, this paper sheds new light on the relevance of IE. The results suggest that, as far as polyinstantiation is concerned, traditional theories seem to be at least as adequate as IE

Secure object-oriented databases

D.Phil. (Computer Science)The need for security in a database is obvious. Object-orientation enables databases to be used in applications where other database models are not adequate. It is thus clear that security of object-oriented databases must be investigated..