Chapter

Computer Security — ESORICS 92

Volume 648 of the series Lecture Notes in Computer Science pp 307-328

Date:

Polyinstantiation for cover stories

  • Ravi S. SandhuAffiliated withCenter for Secure Information Systems & Department of Information and Software Systems Engineering, George Mason University
  • , Sushil JajodiaAffiliated withCenter for Secure Information Systems & Department of Information and Software Systems Engineering, George Mason University

* Final gross prices may vary according to local VAT.

Get Access

Abstract

In this paper we study the use of polyinstantiation, for the purpose of implementing cover stories in multilevel secure relational database systems. We define a particular semantics for polyinstantiation called PCS (i.e., polyinstantiation for cover stories). PCS allows two alternatives for each attribute (or attribute group) of a multilevel entity: (i) no polyinstantiation, or (ii) polyinstantiation at the explicit request of a user to whom the polyinstantiation is visible. PCS strictly limits the extent of polyinstantiation by requiring that each entity in a multilevel relation has at most one tuple per security class. We demonstrate that PCS provides a natural, intuitive and useful technique for implementing cover stories. A particularly attractive feature of PCS is its run-time flexibility regarding the use of cover stories. A particular attribute may have cover stories for some entities and not for others. Even for the same entity, a particular attribute may be polyinstantiated at some time and not at other times.