Data and Applications Security Developments and DirectionsOutlineOverview of MLS/DBMS DesignsOverview of MLS/DBMS Designs (Concluded)Some MLS/DBMS Commercial Products Developed (late 1980s, early 1990s)Some Challenges: Inference ProblemSome Challenges: PolyinstantiationSome Challenges: Covert ChannelMultilevel Secure Data Model: Classifying DatabasesMultilevel Secure Data Model: Classifying RelationsMultilevel Secure Data Model: Classifying Attributes/ColumnsMultilevel Secure Data Model: Classifying Tuples/RowsMultilevel Secure Data Model: Classifying ElementsMultilevel Secure Data Model: Classifying ViewsMultilevel Secure Data Model: Classifying MetadataMLS/DBMS Functions OverviewMLS/DBMS Functions Secure Query ProcessingMLS/DBMS Functions Secure Transaction ManagementMLS/DBMS Functions Secure Integrity ManagementStatus and DirectionsData and Applications Security Developments and DirectionsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #6Multilevel Secure Database Management Systems - IIJanuary 27, 2005OutlineMLS/DBMS Designs and PrototypesChallengesMultilevel Secure Data ModelsMLS/DBMS FunctionsDirectionsOverview of MLS/DBMS DesignsHinke-Schaefer (SDC Corporation) Introduced operating system providing mandatory access controlIntegrity Lock Prototypes: Two Prototypes developed at MITRE using Ingres and Mistress relational database systemsSeaView: Funded by Rome Air Development Center (RADC) (now Air Force Rome Laboratory) and used operating system providing mandatory access control and introduced polyinstationLock Data Views (LDV) : Extended kernel approach developed by Honeywell and funded by RADC and investigated inference and aggregationOverview of MLS/DBMS Designs (Concluded)ASD, ASD-Views: Developed by TRW based on the Trusted subject approach. ASD Views provided access control on viewsSDDBMS: Effort by Unisys funded by RADC and investigated the distributed approachSINTRA: Developed by Naval Research Laboratory based on the replicated distributed approachSWORD: Designed at the Defense Research Agency in the UK and there goal was not to have polyinstantiationSome MLS/DBMS Commercial Products Developed (late 1980s, early 1990s)Oracle (Trusted ORACLE7 and beyond): Hinke-Schafer and Trusted Subject based architecturesSybase (Secure SQL Server): Trusted subjectARC Professional Services Group (TRUDATA/SQLSentry): Integrity LockInformix (Informix-On-LineSecure): Trusted SubjectDigital Equipment Corporation (SERdb) (this group is now part of Oracle Corp): Trusted SubjectInfoSystems Technology Inc. (Trusted RUBIX): Trusted SubjectTeradata (DBC/1012): Secure Database MachineIngres (Ingres Intelligent Database): Trusted SubjectSome Challenges: Inference ProblemInference is the process of forming conclusions from premisesIf the conclusions are unauthorized, it becomes a problemInference problem in a multilevel environmentAggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are UnclassifiedAssociation problem: attributes A and B taken together is Secret - individually they are UnclassifiedSome Challenges: PolyinstantiationMechanism to avoid certain signaling channelsAlso supports cover storiesExample: John and James have different salaries at different levelsEMPSS# Name Salary1 John 20 2 Paul 303 James 401 John 70 4 Mary 803 James 60LevelUUUSSSSome Challenges: Covert ChannelDatabase transactions manipulate data locks and covertly pass informationTwo transactions T1 and T2; T1 operates at Secret level and T2 operates at Unclassified levelRelation R is classified at Unclassified levelT1 obtains read lock on R and T2 obtains write lock on R T1 and T2 can manipulate when they request locks and signal one bit information for each attempt and over time T1 could covertly send sensitive information to T1Multilevel Secure Data Model: Classifying DatabasesEMPSS# Ename Salary D# 1 John 20K 102 Paul 30K 203 Mary 40K 20DEPTD# Dname Mgr10MathSmith20 Physics JonesDATABASE D: Level = SecretMultilevel Secure Data Model: Classifying RelationsEMP: Level = SecretSS# Ename Salary D# 1 John 20K 102 Paul 30K 203 Mary 40K 20DEPT: Level = UnclassifiedD# Dname Mgr10MathSmith20 Physics JonesMultilevel Secure Data Model: Classifying Attributes/ColumnsEMPSS#: S Ename: U Salary: S D#: U 1 John 20K 102 Paul 30K 203 Mary 40K 20DEPTD#: UDname: U Mgr: S10MathSmith20 Physics JonesU = UnclassifiedS = SecretMultilevel Secure Data Model: Classifying Tuples/RowsEMPSS# Ename Salary D# 1 John 20K 10 U2 Paul 30K 20 S3 Mary 40K 20 TSDEPTD# Dname Mgr10MathSmith U20 Physics Jones CLevel LevelU = UnclassifiedC = ConfidentialS = SecretTS = TopSecretMultilevel Secure Data Model: Classifying ElementsEMPSS#: Ename: Salary D#:1, S John, U 20K, C 10, U2, S Paul, U 30K, S 20, U3, S Mary, U 40K, S 20, UDEPTD#: UDname: U Mgr: S10, UMath, USmith, C20, U Physics, UJones, SU = UnclassifiedC = ConfidentialS = SecretMultilevel Secure Data Model: Classifying ViewsEMPSS# Ename Salary D# 1 John 20K 102 Paul 30K 203 Mary 40K 204 Jane 20K 205 Bill 20K 106 Larry 20K 101 Michelle 30K 20SECRET VIEW EMP (D# = 20)SS# Ename Salary2 Paul 30K3 Mary 40K4 Jane 20K1 Michelle 30KUNCLASSIFIED VIEW EMP (D# = 10)SS# Ename Salary1 John 20K5 Bill 20K6 Larry 20KEMPSS# Ename Salary D# 1 John 20K 102 Paul 30K 203 Mary 40K 204 Jane 20K 205 Bill 20K 106 Larry 20K 101 Michelle 30K 20EMPSS# Ename Salary D# 1 John 20K 102 Paul 30K 203 Mary 40K 204 Jane 20K 205 Bill 20K 106 Larry 20K 101 Michelle 30K 20SECRET VIEW EMP (D# = 20)SS# Ename Salary2 Paul 30K3 Mary 40K4 Jane 20K1 Michelle 30KUNCLASSIFIED VIEW EMP (D# = 10)SS# Ename Salary1 John 20K5 Bill 20K6 Larry 20KMultilevel Secure Data Model: Classifying MetadataRelation RELRelation Attribute LevelEMP SS# SecretEMP Ename UnclassifiedEMP Salary ConfidentialEMP D# UnclassifiedDEPT D# UnclassifiedDEPT Dname Unclassified DEPT Mgr ConfidentialMLS/DBMS FunctionsOverviewMultilevel Secure Database
View Full Document