Performance study of a COTS Distributed DBMS adapted for multilevel security

Multilevel secure database management system (MLS/DBMS) products no longer enjoy direct commercial-off-the-shelf (COTS) support. Meanwhile, existing users of these MLS/DBMS products continue to rely on them to satisfy their multilevel security requirements. This calls for a new approach to developing MLS/DBMS systems, one that relies on adapting the features of existing COTS database products rather than depending on the traditional custom design products to provide continuing MLS support. We advocate fragmentation as a good basis for implementing multilevel security in the new approach because it is well supported in some current COTS database management systems. We implemented a prototype that utilises the inherent advantages of the distribution scheme in distributed databases for controlling access to single-level fragments; this is achieved by augmenting the distribution module of the host distributed DBMS with MLS code such that the clearance of the user making a request is always compared to the classification of the node containing the fragments referenced; requests to unauthorised nodes are simply dropped. The prototype we implemented was used to instrument a series of experiments to determine the relative performance of the tuple, attribute, and element level fragmentation schemes. Our experiments measured the impact on the front-end and the network when various properties of each scheme, such as the number of tuples, attributes, security levels, and the page size, were varied for a Selection and Join query. We were particularly interested in the relationship between performance degradation and changes in the quantity of these properties. The performance of each scheme was measured in terms of its response time. The response times for the element level fragmentation scheme increased as the numbers of tuples, attributes, security levels, and the page size were increased, more significantly so than when the number of tuples and attributes were increased. The response times for the attribute level fragmentation scheme was the fastest, suggesting that the performance of the attribute level scheme is superior to the tuple and element level fragmentation schemes. In the context of assurance, this research has also shown that the distribution of fragments based on security level is a more natural approach to implementing security in MLS/DBMS systems, because a multilevel database is analogous to a distributed database based on security level. Overall, our study finds that the attribute level fragmentation scheme demonstrates better performance than the tuple and element level schemes. The response times (and hence the performance) of the element level fragmentation scheme exhibited the worst performance degradation compared to the tuple and attribute level schemes

Decentralized information flow control for databases

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student-submitted PDF version of thesis.Includes bibliographical references (p. 177-194).Privacy and integrity concerns have been mounting in recent years as sensitive data such as medical records, social network records, and corporate and government secrets are increasingly being stored in online systems. The rate of high-profile breaches has illustrated that current techniques are inadequate for protecting sensitive information. Many of these breaches involve databases that handle information for a multitude of individuals, but databases don't provide practical tools to protect those individuals from each other, so that task is relegated to the application. This dissertation describes a system that improves security in a principled way by extending the database system and the application platform to support information flow control. Information flow control has been gaining traction as a practical way to protect information in the contexts of programming languages and operating systems. Recent research advocates the decentralized model for information flow control (DIFC), since it provides the necessary expressiveness to protect data for many individuals with varied security concerns.However, despite the fact that most applications implicated in breaches rely on relational databases, there have been no prior comprehensive attempts to extend DIFC to a database system. This dissertation introduces IFDB, which is a database management system that supports DIFC with minimal overhead. IFDB pioneers the Query by Label model, which provides applications with a simple way to delineate constraints on the confidentiality and integrity of the data they obtain from the database. This dissertation also defines new abstractions for managing information flows in a database and proposes new ways to address covert channels. Finally, the IFDB implementation and case studies with real applications demonstrate that database support for DIFC improves security, is easy for developers to use, and has good performance.by David Andrew Schultz.Ph.D

Accountants\u27 index. Thirty-second supplement, January-December 1983, volume 1: A-L

https://egrove.olemiss.edu/aicpa_accind/1041/thumbnail.jp

Accountants\u27 index. Thirty-second supplement, January-December 1983, volume 2: M-Z

https://egrove.olemiss.edu/aicpa_accind/1042/thumbnail.jp

Characterization of Groundwater with Complementary Age Tracers

Groundwater age or residence time is the time water has resided in the subsurface since recharge. Depending on the application, this definition may or may not include travel through the unsaturated zone. The determination of groundwater age can aid understanding and characterization of groundwater resources, because it can provide information on e.g. groundwater mixing and flow, and volumes of groundwater and recharge. Groundwater age can be inferred from environmental tracers, such as SF₆ and tritium, that have a known input to groundwater and/or undergo known alteration processes in groundwater. The currently used age tracers face limitations regarding their application range and reliability. For example, some age tracers have local sources that can lead to contamination of groundwater. This contamination can result in misleading estimates of age. Other tracers have ambiguous inputs to groundwater, which can result in ambiguous age estimations. To reduce these limitations, it is now recognized that multiple tracers should be applied complementarily. There is also a need for new groundwater age tracers and/or new groundwater dating techniques to supplement the existing ones. Cost-effective and easily applicable tracers/techniques are preferred, since most established groundwater dating techniques are very costly and/or complex. Commonly measured hydrochemistry parameters , such as the concentrations of major ions and pH, have been suggested as cost-effective and easily determinable potential age tracers. To date, the use of commonly measured hydrochemistry parameters as independent age tracer has only been demonstrated for water recharged weeks to months ago relying on seasonal changes. Other studies applied commonly measured hydrochemistry complementarily to established age tracers to better constrain groundwater age and/or better understand and predict anthropogenic effects on groundwater quality. Further study is needed to assess the extent to which commonly measured hydrochemistry can be used to reduce uncertainty in tracer-inferred age as well as the extent to which commonly measured hydrochemistry can be used to extrapolate tracer-inferred age. In addition to tracer specific limitations, quantification of uncertainty and ambiguity is not standard in age modelling. Although a few studies have attempted to quantify uncertainty in age modelling with the aid of probabilistic approaches, their methods are often relatively complex and not transferrable to the many cases with little available data. Uncertainties in the tracer’s recharge estimate and identification of appropriate model components, such as the objective function, have not been considered. Studies in other areas of hydrological modelling, where probabilistic approaches are more commonly used, have highlighted the need for careful identification of model components

Late lessons from early warnings: science, precaution, innovation

'There was a strange stillness. The birds for example — where had they gone? Many people spoke about them, puzzled and disturbed. The feeding stations in the backyards were deserted. The few birds seen anywhere were moribund: they trembled violently and could not fly. It was a spring without voices ... only silence lay over the fields and woods and marsh.' The book Silent Spring by Rachel Carson is mainly about the impacts of chemicals (in particular in particular dichlorodiphenyltrichlorethane also known as DDT) on the environment and human health. Indeed, the close association between humans and birds remains very apt. Representing the only two warm-blooded groups of life on Earth, mammals and birds share the same environments and threats. Carson's claim that she lived in 'an era dominated by industry, in which the right to make a dollar at whatever cost is seldom challenged' still resonates strongly with the problems that societies face all over the world. One chapter heading, 'The obligation to endure', derived from the French biologist and philosopher Jean Rostand's famous observation that, 'the obligation to endure gives us the right to know'. United States President John F. Kennedy responded to the challenge posed by Carson by investigating DDT, leading to its complete ban in the US. The ban was followed by a range of institutions and regulations concerned with environmental issues in the US and elsewhere, driven by public demand for knowledge and protection. DDT was the primary tool used in the first global malaria eradication programme during the 1950s and 1960s. The insecticide is sprayed on the inner walls and ceilings of houses. Malaria has been successfully eliminated from many regions but remains endemic in large parts of the world. DDT remains one of the 12 insecticides — and the only organochlorine compound — currently recommended by the World Health Organization (WHO), and under the Stockholm Convention on Persistent Organic Pollutants, countries may continue to use DDT. Global annual use of DDT for disease vector control is estimated at more than 5 000 tonnes. It is clear that the social conscience awakened by Rachel Carson 50 years ago gave momentum to a groundswell of actions and interventions that are slowly but steadily making inroads at myriad levels. Chapter 17 of her book, 'The other road' reminds the reader of the opportunities that should have been seized much earlier. With more than 10 % of bird species worldwide now threatened in one way or another, it is clear that we missed early warnings or failed to act on them. Will we continue to miss signposts to 'other roads'? Are our obligations to endure met by our rights to know? As Carson said 50 years ago: 'The choice, after all, is ours to make.