Abstract
In order to develop highly secure database systems to meet the requirements for class B2, the BLP (Bell-LaPudula) model is extended according to the features of database systems. A method for verifying security model for database systems is proposed. According to this method, an analysis by using Coq proof assistant to ensure the correctness and security of the extended model is introduced. Our formal security model has been verified secure. This work demonstrates that our verification method is effective and sufficient.
Similar content being viewed by others
References
Department of Defense of USA. Trusted Computer System Evaluation Criteria[EB/OL].[2007-01-12].http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria.
Bell D E, LaPadula L J. Secure Computer Systems: A Mathematical Model[EB/OL]. [2007-02-12]. http://www.albany.edu/acc/courses/ia/classics/belllapadula2.pdf.
Li Liping, Qing Sihan, Zhou Yi. Research on Formal Security Policy Model Specification and Its Formal Analysis[J]. Journal on Communication, 2006, 27(6): 94–101(Ch).
He JianBo, Qing Sihan, Wang Chao. Formal Safety Analysis of a Class of Multilevel Security Models[J]. Chinese Journal of Computers, 2006, 29(8): 1468–1479(Ch).
Maximiliano C. Verification of an Extension of a Secure, Compatible UNIX File System[EB/OL]. [2007-10-20]. http://www.fceia.unr.edu.ar/gidis.
Huet G, Kahn G, Paulin-Mohring C. The Coq Proof Assistant[EB/OL].[2007-05-01]. http://coq.inria.fr.
Boniface H, Sandra R, Luke S C, et al. A Logical Specification and Analysis for SELinux MLS Policy[EB/OL]. [2007-10-20]. http://www.patrickmcdaniel.org/pubs/sacmat07.pdf.
Lunt T F, Denning D E, Schell R R, et al. The SeaView Security Model[J]. IEEE Transactions on Software Engineering, 1990, 16(6): 593–607
Whitehurst R A, Lunt T F. The SeaView Verification [EB/OL]. [2006-11-20]. http://ieeexplore.ieee.org/iel2/869/1554/00040595.pdf.
Cheng Wanjun, Zhang Xia, Liu Jiren. A Secure Policy Model for Secure Database System Based on Extended Object Hierarchy[J]. Journal of Software, 2003, 14(5): 955–962(Ch).
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National High Technology Research and Development Program of China (2006AA01Z430)
Rights and permissions
About this article
Cite this article
Zhu, H., Zhu, Y., Li, C. et al. Formal analysis on an extended security model for database systems. Wuhan Univ. J. Nat. Sci. 13, 519–522 (2008). https://doi.org/10.1007/s11859-008-0502-9
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-008-0502-9