ebook img

Research Directions in Database Security PDF

265 Pages·1992·5.277 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Research Directions in Database Security

Research Directions in Database Security Teresa F. Lunt Editor Research Directions in Database Security With 16 Illustrations Springer-Verlag New York Berlin Heidelberg London Paris Tokyo Hong Kong Barcelona Budapest Teresa F. Lunt Program Manager Secure Systems SRI International 333 Ravenswood Avenue Menlo Park, CA 94025 USA Library of Congress Cataloging-in-Publication Data Research directions in database security / Teresa F. Lunt, editor p. cm. Discussions of topics presented at a workshop held at the Vallombrosa Conference and Retreat Center, Menlo Park, Calif., May 24-26, 1988, sponsored by the US Air Force, Rome Air Development Center. Includes bibliographical references and index. 1. Data base security--Congresses. 1. Lunt, Teresa F. II. Rome Air Development Center. QA76.9.D314R47 1992 005.8--dc 2091-36226 Printed on acid-free paper. © 1992 Springer-Verlag New York, Inc. Softcover reprint of the hardcover 1st edition 1992 All rights reserved. This work may not be translated or copied in whole or in part without the written permission ofthe publisher (Springer-Verlag New York, Inc., 175 Fifth Avenue, New York, NY 10010, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden. The use of general descriptive names, trade names, trademarks, etc., in this publication, even if the former are not especially identified, is not to be taken as a sign that such names, as understood by the Trade Marks and Merchandise Marks Act, may accordingly be used freely by anyone. Production managed by Karen Phillips; manufacturing supervised by Robert Paella. Photocomposed pages prepared from the editor's LATEX file. 987654321 ISBN-13: 978-0-387-97736-2 e-ISBN-13: 978-1-4612-2870-7 DOl: 10.1007/978-1-4612-2870-7 Contents Contributors xiii 1 Workshop Summary 1 TERESA F. LUNT 1.1 Introduction. 1 1.2 Labels .... 1 1.3 Aggregation . 2 1.4 Discretionary Security 3 1.5 The Homework Problem 4 1.6 Classification Semantics 4 1.7 Assurance ....... . 5 1.7.1 Balanced Assurance 5 1.7.2 TCB Subsetting 6 1.7.3 Layered TCB . 6 1.8 New Approaches ... 7 1.9 Classifying Metadata . 8 1.10 Conclusions 9 1.11 References . 10 2 SeaView 13 TERESA F. LUNT 2.1 Introduction. 13 2.2 Multilevel Security 15 2.3 Multilevel Relations 17 2.3.1 The Extended Relational Integrity Rules. 18 2.3.2 Polyinstantiation 19 2.3.3 Constraints.. 20 2.4 Discretionary Security 21 2.5 Multilevel SQL . . . . . 21 2.5.1 The Access Class Data Type 22 2.5.2 Dealing with Polyinstantiation 24 2.5.3 Creating Multilevel Relations 24 2.6 The SeaView Verification ...... . 27 vi Contents 2.7 The SeaView Design 27 2.8 Data Design Considerations 29 2.9 Conclusions 29 2.10 References . . . . . . . . . . 30 3 Al Secure DBMS Architecture 33 THOMAS H. HINKE, CRISTI GARVEY, AND AMY Wu 3.1 Introduction..................... 33 3.2 The Al Secure DBMS Modes of Operation ... 34 3.3 The Al Secure DBMS Security Policy Overview. 35 3.4 Al Secure DBMS Architecture 36 3.5 Why is ASD Needed? . 38 3.6 For Further Information 39 3.7 References........ 39 4 An Investigation of Secure Distributed DBMS Architectures 41 JAMES P. O'CONNOR, JAMES W. GRAY III, CATHERINE MCCOLLUM, AND LouAANNA NOTARGIACOMO 4.1 Introduction..... 41 4.1.1 Background.. 41 4.1.2 Requirements. 42 4.2 Concept of Operation 43 4.2.1 Users ..... 43 4.3 Security Policy Overview 44 4.3.1 Discretionary Access Control 45 4.3.2 Mandatory Access Control 45 4.4 Architecture Definition . . . . . . 46 4.4.1 Abstract Model . . . . . . . 47 4.4.2 Architectural Parameters . 47 4.4.3 Family of Architecture Generation 49 4.5 Discretionary Access Control Enforcement 57 4.6 Summary and Conclusions. 59 4.7 References.................. 61 5 LOCK Data Views 63 PAUL STACHOUR 5.1 Introduction............ 63 5.1.1 Problem Statement. . . . 63 5.1.2 Security Policy Overview 64 5.2 LOCK Security Policy Overview 64 5.2.1 DBMS Policy Extension Needs 67 5.2.2 DBMS Policy Extensions ... 67 5.3 Pipelines................. 69 5.3.1 The Response Pipeline Design 69 Contents vii 5.3.2 LOCK Pipeline Organization . . 74 5.3.3 Response Pipeline Organization. 75 5.3.4 Pipeline Implications . 78 5.4 Conclusions 79 5.5 References ........ . 79 6 Sybase Secure SQL Server 81 HELENA WINKLER 6.1 Introduction...... 81 6.2 Terms and Definitions 81 6.3 Objectives....... 82 6.4 B2 Design Philosophy 83 6.4.1 Database Server On A Network. 84 6.4.2 B2 Sybase Secure SQL Server. 84 6.5 Flow of Control . . . . . . . . . . 84 6.5.1 Login ... . . . . . . . . 85 6.5.2 Parsing and Compilation 85 6.5.3 Description of Procedures 86 6.5.4 Execution of Procedures . 86 6.6 Trusted Operations . . . . . . . 87 6.6.1 SSO Trusted Interface 87 6.6.2 User - Trusted Interface 88 6.7 Auditing.. 88 6.8 Conclusions........... 89 7 An Evolution of Views 91 DOROTHY E. DENNING 7.1 Introduction. 91 7.2 References..... 94 8 Discussion: Pros and Cons of the Various Approaches 97 DOROTHY E. DENNING AND WILLIAM R. SHOCKLEY 8.1 Introduction...... 97 8.2 Inference Problem .... 97 8.3 Aggregation Problem . . . 98 8.3.1 Problem Instances 99 8.3.2 Two Approaches 100 8.4 Retrospective 101 8.5 References........ 102 9 The Homework Problem 105 RAE K. BURNS viii Contents 10 Report on the Homework Problem 109 RAE K. BURNS 10.1 Introduction ...... . 109 10.2 The Example Database 110 10.3 Summary . . . . . . . . 122 11 Classifying and Downgrading: Is a Human Needed in the Loop? 125 GARY W. SMITH 11.1 Introduction. . . . . . . . . . 125 11.1.1 Underlying Concepts. 126 11.1.2 Classifying Outputs . 126 11.1.3 Semantic Level Approach 126 11.1.4 Classifying and Downgrading 127 11.2 The Issue . . . . 127 11.3 The Answer . . . . . . . . . . . . . . 127 11.4 Structured Data ........... 128 11.5 Security Semantics of an Application. 129 11.6 Types of Security Semantics. 130 11.7 Textual Data 131 11.8 Summary . 132 11.9 References. . 133 12 Session Report: The Semantics of Data Classification 135 GARY W. SMITH 12.1 Introduction. 135 12.2 References. . 140 13 Inference and Aggregation 143 MATTHEW MORGENSTERN, TOM HINKE, AND BHAVANI THURAISINGHAM 13.1 Introduction. . . . . 143 13.2 Database Inference . . 144 13.2.1 The Problem . 144 13.2.2 A Solution Approach. 144 13.3 The Inference Problem. . . . 147 13.4 Analysis of Logical Inference Problems. 148 13.4.1 When Classifying a Rule is Worse than Useless 148 13.4.2 Sphere of Influence Analysis . 149 13.4.3 Network of Constraints 151 13.4.4 Questions . 151 13.5 General Discussion 152 13.6 References. . . . . 158 Contents ix 14 Dynamic Classification and Automatic Sanitization 161 MARVIN SCHAEFER 14.1 Introduction. . . . . . . 161 14.2 Sanitization . . . . . . . 163 14.3 Initial Overclassification 163 14.4 Initial Underclassification 164 14.5 Discovered Misclassification 166 14.6 Automatic Classification . 166 14.7 References . . . . . . . . . . 166 15 Presentation and Discussion on Balanced Assurance 167 WILLIAM R. SHOCKLEY 15.1 Introduction. 167 15.2 References. . . . . . 170 16 Some Results from the Entity/Relationship Multilevel Secure DBMS Project 173 GEORGE E. GAJNAK 16.1 Project Goals and Assumptions. . . . . 173 16.2 A Multilevel Entity/Relationship Model 174 16.2.1 Data Model Semantics. . . . . . 175 16.2.2 Multilevel Security Characteristics 180 16.3 Results of Research . . . . . . . . . . 181 16.3.1 The Underlying Abstraction. 182 16.4 Conclusions 189 16.5 References . . . . . . . . . . . . . . . 190 17 Designing a Trusted Application Using an Object-Oriented Data Model 191 CATHERINE MEADOWS AND CARL LANDWEHR 17.1 Introduction. . . . . . . . . . . . . . . . . . 191 17.2 The Object-Oriented Data Model. . . . . . 192 17.3 The SMMS as an Object-Oriented Database. 194 17.4 Conclusion and Future Directions. 197 17.5 References . . . . . . . . . . . . . . . . . . . . 197 18 Foundations of Multilevel Databases 199 BHAVANI THURAISINGHAM 18.1 Introduction. . . . . . . . . 199 18.2 Definitional Preliminaries . 201 18.3 Model Theoretic Approach 202 18.3.1 Query Evaluation. 205 18.3.2 Database Updates 206 18.4 Proof Theoretic Approach 207 18.4.1 Query Evaluation. 209 x Contents 18.4.2 Database Updates . . . 209 18.5 Environments and Fixed Points 210 18.5.1 Environments. 211 18.5.2 Mappings . . . . . 211 18.5.3 Fixed Points ... 212 18.5.4 Least Environment 213 18.5.5 Declarative and Procedural Semantics 213 18.6 Environments and Inference. . . . . . . . . . 214 18.7 Handling Negative and Indefinite Information 215 18.7.1 Closed-World Assumption. 216 18.7.2 Negation by Failure 218 18.8 Formal Semantics of Time . . . . . 219 18.9 Other Related Topics. . . . . . . . 220 18.9.1 Theory of Relational Databases. 221 18.9.2 Consistency and Completeness of Security Constraints . . . . . . . . 221 18.9.3 Assigning Security Levels to Data 222 18.10 Conclusion. 222 18.11 References. . . . . . . . . . . . . . . . . 223 19 An Application Perspective on DBMS Security Policies 227 RAE K. BURNS 19.1 Introduction. . . . . . . . . . . . . . . . . . . 227 19.2 Problems with Automatic Polyinstantiation . 227 19.2.1 Polyinstantiation and Entity Integrity 228 19.2.2 Polyinstantiation and Referential Integrity. 228 19.2.3 Polyinstantiation verses Application Consistency 230 19.2.4 Problems with Simplistic Mandatory Policies 230 19.3 Problems with View-Based Controls and Constraints 231 19.4 Requirement for Transaction Authorizations. 232 19.5 Summary . 232 19.6 References . . . . . . . . . . . . . . . . . . . . 233 20 New Approaches to Database Security: Report on Discussion 235 CATHERINE MEADOWS 20.1 Introduction. . . . . . . . . . . . . . . . . . . 235 20.2 Report on Discussion. . . . . . . . . . . . . . 236 20.2.1 Open Problems in Computer Security 236 20.2.2 Old Problems for Operating Systems but New Problems for Database Systems . . . 237 20.2.3 Database-Specific Problems . . . . . . . . 239 20.2.4 Challenge Posed by Advances in Database Technology240 20.3 Conclusion 241 20.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Contents Xl 21 Metadata and View Classification 243 LouANNA NOTARGIACOMO 21.1 Introduction ............ . 243 21.2 Justification for Metadata Protection. 243 21.3 Metadata Classification Approaches 244 21.3.1 Internal Schema .. 245 21.3.2 Conceptual Schema . 245 21.3.3 External Schema . . . 245 21.4 Metadata Protection Schemes 246 21.5 User Access to Metadata ... 246 21.6 Affect of User Session Level on Data Classification 247 22 Database Security Research at NCSC 249 JOHN R. CAMPBELL 22.1 Introduction ......... . 249 22.2 Sponsored Research Projects 249 22.3 The Future . . . . 251 22.4 Discussion Topics . . . . . . . 252 23 Position Paper on DBMS Security 253 JOSEPH GIORDANO 23.1 Introduction. 253 23.2 Conclusions 255 Index 257

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.