Logical Foundations of Multilevel Databases

International audienceIn this paper, we propose a formal model for multilevel databases. This model aims at being a generic model, that is it can be interpreted for any kind of database (relational, object-oriented...). Our model has three layers. The first layer corresponds to a model for a non-protected database. The second layer corresponds to a model for a multilevel database. In this second layer, we propose a list of theorems that must be respected in order to build a secure multilevel database. We also propose a new solution to manage cover stories without using the ambiguous technique of polyinstantiation. The third layer corresponds to a model for a MultiView database, that is, a database that provides at each security level a consistent view of the multilevel database. Finally, as an illustration, we interpret our 3-layer model in the case of an object-oriented database

An object-oriented approach to security policies and their access controls for database management

The constructs of the object-oriented data model seem to be good candidates for the specifications of the need-to-know and multilevel security policies and their respective access control requirements. This report demonstrates such specifications. The implication of this demonstration may be profound, since for the first time multiple security policies and their respective access controls may be realized and supported in a single object- oriented database management systemhttp://archive.org/details/objectorientedap00hsiaN

Cover Story Management

International audienceIn a multilevel database, cover stories are usually managed using the ambiguous technique of polyinstantiation. In this paper, we define a new technique to manage cover stories and propose a formal representation of a multilevel database containing cover stories. Our model aims to be a generic model, that is, it can be interpreted for any kind of database (e.g. relational, object- oriented etc). We then consider the problem of updating a multilevel database containing cover stories managed with our technique

Secure object-oriented databases

D.Phil. (Computer Science)The need for security in a database is obvious. Object-orientation enables databases to be used in applications where other database models are not adequate. It is thus clear that security of object-oriented databases must be investigated..

Authorization and access control of application data in Workflow systems

Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements