Integrity control for multilevel-secure relational data model

Abstract

In multilevel-secure relational data models, objects and subjects have their own access classifications and clearances from a security lattice, respectively. Accesses by subjects are restricted by Bell-LaPadula``s two properties. These two properties, i.e. the simple property and the *-property, are considered to be sufficient to prevent subjects from directly passing information downward through a security lattice. Notwithstanding, it could still be possible for a higher-level subject to pass information downward via indirect means. To avoid the possibility of leaking higher-level information, called covert channel, multilevel-secure relational data models should have the ability to contain multiple tuples with the same primary key value, which is known as polyinstantiation. To provide polyinstantiation, belief-based (BB) model proposed the concept of entity identifier, and integrity-controlled (IC) model introduced ownership-based integrity properties. However, BB model produces the dangling references, since there is no mechanism to reflect the change of original copy to referenced copies. Also, IC model has the shortcoming of expressing user information, since polyinstantiation within a level is prohibited. To remedy these problems, this thesis presents a new multilevel-secure relational data model, called secure entity-based (SEB) model. Intuitive idea of SEB model is that BB model``s dangling references could be fixed by integrity properties of IC model, and the concept of entity identifier in BB model could repair the operational incompleteness of IC model. Thus, SEB model is a hybrid approach of two models, and fixes each disadvantage by the other``s advantage. Furthermore, we give five integrity properties for system side and four data manipulation operations for user side for our model. Finally, the comparisons between old models and our new model are given in this thesis.