Supporting object-based high-assurance write-up in multilevel databases for the replicated architecture

  • Roshan K. Thomas
  • Ravi S. Sandhu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)


We discuss the support of high-assurance write-up actions in multilevel secure object-oriented databases under the replicated architecture. In this architecture, there exists a separate untrusted singlelevel database for each security level. Data is replicated across these databases (or containers), as each database stores a copy of all the data whose class is dominated by that of the database. Our work utilizes an underlying message filter based object-oriented security model. Supporting message-based write-up actions with synchronous semantics directly impacts condidentiality, integrity, and performance issues. Also, an important concern in the replicated architecture is the maintenance of the mutual consistency of the replicated data. In this paper we offer solutions to support write-up actions while preserving the conflicting goals of confidentiality, integrity, and efficiency and at the same time demonstrate how the effects of updates arising from write-up actions are replicated correctly to guarantee such mutual consistency. Finally, we wish to emphasize that our elaboration of the message filter model demands minimum functionality from the TCB that is hosted within the trusted front end (TFE), and further requires no trusted subjects (i.e. subjects who are exempted, perhaps partially, from the usual mandatory controls). Collectively, these make verification of our solutions easier, since we have the assurance that covert channels cannot be introduced through the TFE.


Replicated architecture object-oriented databases writeup serial correctness message-filtering signaling channels 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    P. Ammann and S. Jajodia. Planar lattice security structures for multi-level replicated databases. Proc. of the Seventh IFIP 11.3 Workshop on Database Security, Vancouver, Huntsville, Alabama, September 1993.Google Scholar
  2. 2.
    P.A. Bernstein, V. Hadzilacos, and N. Goodman. Concurrency Control and Recovery in Database Systems, Addison-Wesley Publ. Co., Inc., Reading, MA, 1987.Google Scholar
  3. 3.
    B. Blaustein, S. Jajodia, C.D. McCollum, and L. Notargiacomo. A model of atomicity for multilevel transactions. Proc. of the 1993 IEEE Symposium on Security and Privacy, pp. 120–134, May 1993.Google Scholar
  4. 4.
    O. Costich. Transaction processing using an untrusted scheduler in a multilevel database with replicated architecture, Database Security V, Status and Prospects, C.E. Landwehr and S. Jajodia (Editors), Elsevier Science Publishers B.V. (North-Holland), Amsterdam, 1992.Google Scholar
  5. 5.
    O. Costich and J. McDermott. A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture. Proc. of the 1992 IEEE Symposium on Security and Privacy, pp. 192–203, May 1992.Google Scholar
  6. 6.
    S. Jajodia and B. Kogan. Integrating an object-oriented data model with multilevel security. Proc. of the 1990 IEEE Symposium on Security and Privacy, pp. 76–85, May 1990.Google Scholar
  7. 7.
    Sushil Jajodia and Boris Kogan, “Transaction processing in multilevel-secure databases using replicated architecture.” Proc. IEEE Symposium on Security and Privacy, Oakland, California, May 1990, pages 360–368.Google Scholar
  8. 8.
    T.F. Keefe and W.T. Tsai. Prototyping the SODA security model. Proc. 3rd IFIP WG 11.3 Workshop on Database Security, September 1989.Google Scholar
  9. 9.
    T.F. Keefe, W.T. Tsai, and M.B. Thuraisingham. A multilevel security model for object-oriented systems. Proc. 11th National Computer Security Conference, pp. 1–9, October 1988.Google Scholar
  10. 10.
    A.G. Mathur and T.F. Keefe. The concurrency control and recovery problem for multilevel update transactions in MLS systems. To appear in the Proc. of the Computer Security Foundations Workshop, Franconia, New Hampshire, 1993.Google Scholar
  11. 11.
    J. McDermott, S. Jajodia, and R. Sandhu. A single-level scheduler for the replicated architecture for multilevel-secure databases. Proc. of the Seventh Annual Computer Security Applications Conference, San Antonio, TX, 1991.Google Scholar
  12. 12.
    J.K. Millen and T.F. Lunt. Security for object-oriented database systems. In Proc. of the 1992 IEEE Symposium on Security and Privacy, pp 260–272, May 1992.Google Scholar
  13. 13.
    M. Morgenstern A security model for multilevel objects with bidirectional relationships. Database Security IV, Status and Prospects, S. Jajodia and C.E. Landwehr (Editors), Elsevier Science Publishers B.V. (North-Holland)Google Scholar
  14. 14.
    R.S. Sandhu, R. Thomas, and S. Jajodia. A Secure Kernelized Architecture for Multilevel Object-Oriented Databases. Proc. of the IEEE Computer Security Foundations Workshop IV, pp. 139–152, June 1991.Google Scholar
  15. 15.
    R.S. Sandhu, R. Thomas, and S. Jajodia. Supporting timing-channel free computations in multilevel secure object-oriented databases. Proc. of the IFIP 11.3 Workshop on Database Security, Sheperdstown, West Virginia, November 1991.Google Scholar
  16. 16.
    R.K. Thomas and R.S. Sandhu. Implementing the message filter object-oriented security model without trusted subjects. Proc. of the IFIP 11.3 Workshop on Database Security, Vancouver, Canada, August 1992.Google Scholar
  17. 17.
    R.K. Thomas and R.S. Sandhu. A Kernelized Architecture for Multilevel Secure Object-oriented Databases Supporting Write-up. Journal of Computer Security, Volume 2, No. 3, IOS Press, Netherlands, 1994.Google Scholar
  18. 18.
    M.B. Thuraisingham. A multilevel secure object-oriented data model. Proc. 12th National Computer Security Conference, pp. 579–590, October 1989.Google Scholar
  19. 19.
    Multilevel data management security. Committee on Multilevel Data Management Security, Air Force Studies Board, National Research Council, Washington, D.C., 1983.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Roshan K. Thomas
    • 1
  • Ravi S. Sandhu
    • 2
  1. 1.Odyssey Research AssociatesIthacaUSA
  2. 2.ISSE DepartmentGeorge Mason UniversityFairfaxUSA

Personalised recommendations