Research Directions in Database Security

Many commercial and defense applications require a database system that protects data of different sensitivities while still allowing users of different clearances to access the system. This book is a collection of papers covering aspects of the emerging security technology for multilevel database systems. It contains reports on such landmark systems as SeaView, LDV, ASD, Secure Sybase, the UNISYS secure distributed system, and the secure entity-relationship system GTERM. Much of the research is concerned with the relational model, although security for the entity-relationship and object-oriented models of data are also discussed. Because the field is so new, it has been extremely difficult to learn about the research going on in this area, until now. This book will be invaluable to researchers and system designers in database systems and computer security. It will also be of interest to data users and custodians who are concerned with the security of their information. This book can also be used as a text for an advanced topics course on computer security in a computer science curriculum.

1 Workshop Summary.- 1.1 Introduction.- 1.2 Labels.- 1.3 Aggregation.- 1.4 Discretionary Security.- 1.5 The Homework Problem.- 1.6 Classification Semantics.- 1.7 Assurance.- 1.8 New Approaches.- 1.9 Classifying Metadata.- 1.10 Conclusions.- 1.11 References.- 2 SeaView.- 2.1 Introduction.- 2.2 Multilevel Security.- 2.3 Multilevel Relations.- 2.4 Discretionary Security.- 2.5 Multilevel SQL.- 2.6 The SeaView Verification.- 2.7 The SeaView Design.- 2.8 Data Design Considerations.- 2.9 Conclusions.- 2.10 References.- 3 A1 Secure DBMS Architecture.- 3.1 Introduction.- 3.2 The A1 Secure DBMS Modes of Operation.- 3.3 The A1 Secure DBMS Security Policy Overview.- 3.4 A1 Secure DBMS Architecture.- 3.5 Why is ASD Needed.- 3.6 For Further Information.- 3.7 References.- 4 An Investigation of Secure Distributed DBMS Architectures.- 4.1 Introduction.- 4.2 Concept of Operation.- 4.3 Security Policy Overview.- 4.4 Architecture Definition.- 4.5 Discretionary Access Control Enforcement.- 4.6 Summary and Conclusions.- 4.7 References.- 5 LOCK Data Views.- 5.1 Introduction.- 5.2 LOCK Security Policy Overview.- 5.3 Pipelines.- 5.4 Conclusions.- 5.5 References.- 6 Sybase Secure SQL Server.- 6.1 Introduction.- 6.2 Terms and Definitions.- 6.3 Objectives.- 6.4 B2 Design Philosophy.- 6.5 Flow of Control.- 6.6 Trusted Operations.- 6.7 Auditing.- 6.8 Conclusions.- 7 An Evolution of Views.- 7.1 Introduction.- 7.2 References.- 8 Discussion: Pros and Cons of the Various Approaches.- 8.1 Introduction.- 8.2 Inference Problem.- 8.3 Aggregation Problem.- 8.4 Retrospective.- 8.5 References.- 9 The Homework Problem.- 10 Report on the Homework Problem.- 10.1 Introduction.- 10.2 The Example Database.- 10.3 Summary.- 11 Classifying and Downgrading: Is a Human Needed in the Loop.- 11.1 Introduction.- 11.2 The Issue.- 11.3 The Answer.- 11.4 Structured Data.- 11.5 Security Semantics of an Application.- 11.6 Types of Security Semantics.- 11.7 Textual Data.- 11.8 Summary.- 11.9 References.- 12 Session Report: The Semantics of Data Classification.- 12.1 Introduction.- 12.2 References.- 13 Inference and Aggregation.- 13.1 Introduction.- 13.2 Database Inference.- 13.3 The Inference Problem.- 13.4 Analysis of Logical Inference Problems.- 13.5 General Discussion.- 13.6 References.- 14 Dynamic Classification and Automatic Sanitization.- 14.1 Introduction.- 14.2 Sanitization.- 14.3 Initial Overclassification.- 14.4 Initial Underclassification.- 14.5 Discovered Misclassification.- 14.6 Automatic Classification.- 14.7 References.- 15 Presentation and Discussion on Balanced Assurance.- 15.1 Introduction.- 15.2 References.- 16 Some Results from the Entity/Relationship Multilevel Secure DBMS Project.- 16.1 Project Goals and Assumptions.- 16.2 A Multilevel Entity/Relationship Model.- 16.3 Results of Research.- 16.4 Conclusions.- 16.5 References.- 17 Designing a Trusted Application Using an Object-Oriented Data Model.- 17.1 Introduction.- 17.2 The Object-Oriented Data Model.- 17.3 The SMMS as an Object-Oriented Database.- 17.4 Conclusion and Future Directions.- 17.5 References.- 18 Foundations of Multilevel Databases.- 18.1 Introduction.- 18.2 Definitional Preliminaries.- 18.3 Model Theoretic Approach.- 18.4 Proof Theoretic Approach.- 18.5 Environments and Fixed Points.- 18.6 Environments and Inference.- 18.7 Handling Negative and Indefinite Information.- 18.8 Formal Semantics of Time.- 18.9 Other Related Topics.- 18.10 Conclusion.- 18.11 References.- 19 An Application Perspective on DBMS Security Policies.- 19.1 Introduction.- 19.2 Problems with Automatic Polyinstantiation.- 19.3 Problems withView-Based Controls and Constraints.- 19.4 Requirement for Transaction Authorizations.- 19.5 Summary.- 19.6 References.- 20 New Approaches to Database Security: Report on Discussion.- 20.1 Introduction.- 20.2 Report on Discussion.- 20.3 Conclusion.- 20.4 References.- 21 Metadata and View Classification.- 21.1 Introduction.- 21.2 Justification for Metadata Protection.- 21.3 Metadata Classification Approaches.- 21.4 Metadata Protection Schemes.- 21.5 User Access to Metadata.- 21.6 Affect of User Session Level on Data Classification.- 22 Database Security Research at NCSC.- 22.1 Introduction.- 22.2 Sponsored Research Projects.- 22.3 The Future.- 22.4 Discussion Topics.- 23 Position Paper on DBMS Security.- 23.1 Introduction.- 23.2 Conclusions.