Abstract
We propose a formal policy framework of MAC policies in multilevel relational databases. We identify the important components of such policies and their desirable properties. The framework provides a basis for systematically specifying such policies and characterizing their potential mismatches. Based on the framework, we compare and unify the MAC policies and policy components that are proposed in the literature or imposed in existing systems. Our framework could be used to capture and resolve MAC policy mismatches in the trusted interoperation of heterogeneous multilevel relational databases.
Chapter PDF
Similar content being viewed by others
Keywords
References
R. K. Burns. Integrity and secrecy: Fundamental conflicts in the database environment. In Proceedings of the Third RADC Database Security Workshop, pages 37–40. The MITRE Corporation, 1990.
F. Chen and R. S. Sandhu. The semantics and expressive power of the MLR data model. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, pages 128–42, 1995.
C. Garvey and A. Wu. ASD views. In Proceedings of the 1988 IEEE Symposium on Security and Privacy, pages 85–95, 1988.
J. Glasgow, G. MacEwen, and P. Panangaden. A logic for reasoning about security. ACM Transactions on Computer Systems, 10 (3): 226–64, August 1992.
L. Gong and X. Qian. The complexity and composability of secure interoperation. In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pages 190–200, 1994.
J. T. Haigh, R. C. O’Brien, and D. J. Thomsen. The LDV secure relational DBMS model. In S. Jajodia and C. E. Landwehr, editors, Database Security, IV: Status and Prospects, pages 265–79. North-Holland, 1991.
H. H. Hosmer. Integrating security policies. In Proceedings of the Third RADC Database Security Workshop, pages 169–73. The MITRE Corporation, 1990.
S. Jajodia and R. Sandhu. Polyinstantiation integrity in multilevel relations. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, pages 104–15, 1990.
C. E. Landwehr. Formal models for computer security. ACM Computing Surveys, 13 (3): 247–78, September 1981.
T. F. Lunt, D. E. Denning, R. R. Schell, M. Heckman, and W. R. Shockley. The Seaview security model. IEEE Transactions on Software Engineering, 16 (6): 593–607, June 1990.
T. F. Lunt, P. G. Neumann, D. E. Denning, R. R. Schell, M. Heckman, and W. R. Shockley. Secure distributed data views: Security policy and interpretation for DBMS for a class Al DBMS. Technical Report RADC-TR-89–313, volume 1, Rome Air Development Center, Air Force Systems Command, December 1989.
C. Meadows and S. Jajodia. Integrity versus security in multilevel secure databases. In C. E. Landwehr, editor, Database Security: Status and Prospects, pages 89–101. North-Holland, 1988.
J. B. Michael, E. H. Sibley, R. F. Baum, and F. Li. On the axiomatization of security policy: Some tentative observations about logic representation. In B. M. Thuraisingham and C. E. Landwehr, editors, Database Security, VI: Status and Prospects, pages 367–86. North-Holland, 1993.
P. Morris and J. McDermid. The structure of permissions: A normative framework for access rights. In C. E. Landwehr and S. Jajodia, editors, Database Security, V: Status and Prospects, pages 77–97. North-Holland, 1992.
J.-M. Nicolas and H. Gallaire. Data base: Theory vs. interpretation. In H. Gallaire and J. Minker, editors, Logic and Databases, pages 33–54. Plenum Press, 1978.
G. Pernul. Canonical security modeling for federated databases. In Proceedings of the IFIP WG 2.6 Conference on Semantics of Interoperable Database Systems, 1992.
X. Qian. Inference channel-free integrity constraints in multilevel relational databases. In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pages 158–67, 1994.
X. Qian and T. F. Lunt. Tuple-level vs. element-level classification. In B. M. Thuraisingham and C. E. Landwehr, editors, Database Security, VI: Status and Prospects, pages 301–15. North-Holland, 1993.
X. Qian and T. F. Lunt. A semantic framework of the multilevel secure relational model. To appear in IEEE Transactions on Knowledge and Data Engineering, 1996.
R. Sandhu and S. Jajodia. Eliminating polyinstantiation securely. Computers E4 Security, 11 (6): 547–62, October 1992.
M. Schaefer, P. Martel, T. Kanawati, and V. Lyons. Multilevel data model for the trusted ONTOS prototype. In Proceedings of the Ninth IFIP WG 11.3 Working Conference on Database Security, pages 121–41, 1995.
E. H. Sibley, J. B. Michael, and R. L. Wexelblat. Use of an experimental policy workbench: Description and preliminary results. In C. E. Landwehr and S. Jajodia, editors, Database Security, V: Status and Prospects, pages 47–76. North-Holland, 1992.
K. Smith and M. Winslett. Entity modeling in the MLS relational model. In Proceedings of the Eighteenth International Conference on Very Large Data Bases, pages 199–210, 1992.
G. Steinke and M. Jarke. Support for security modeling in information systems design. In B. M. Thuraisingham and C. E. Landwehr, editors, Database Security, VI: Status and Prospects, pages 125–41. North-Holland, 1993.
B. M. Thuraisingham. A nonmonotonic typed multilevel logic for multilevel secure database/knowledge-base management systems. In Proceedings of the Fourth IEEE Workshop on Computer Security Foundations, pages 127–38, 1991.
S. R. Wiseman. Control of confidentiality in databases. Computers & Security, 9 (6): 529–37, October 1990.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Qian, X., Lunt, T.F. (1996). Toward a MAC policy framework. In: Spooner, D.L., Demurjian, S.A., Dobson, J.E. (eds) Database Security IX. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34932-9_11
Download citation
DOI: https://doi.org/10.1007/978-0-387-34932-9_11
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2954-1
Online ISBN: 978-0-387-34932-9
eBook Packages: Springer Book Archive