The multilevel relational (MLR) data model

Many multilevel relational models have been proposed; different models offer different advantages. In this paper, we adapt and refine several of the best ideas from previous models and add new ones to build the new Multilevel Relational (MLR) data model. MLR provides multilevel relations with element-level labeling as a natural extension of the traditional relational data model. MLR introduces several new concepts (notably, data-borrow integrity and the UPLEVEL statement) and significantly redefines existing concepts (polyinstantiation and referential integrity as well as data manipulation operations). A central contribution of this paper is proofs of soundness, completeness, and security of MLR. A new data-basedsemantics is given for the MLR data model by combining ideas from SeaView, belief-based semantics, and LDV. This new semantics has the advantages of both eliminating ambiguity and retaining upward information flow. MLR is secure, unambiguous, and powerful. It has five integrity properties and five operations for manipulating multilevel relations. Soundness, completeness, and security show that any of the five database manipulation operations will keep database states legal (i.e., satisfy all integrity properties), that every legal database state can be constructed, and that MLR is noninterfering. The expressive power of MLR also compares favorably with several other models.

[1]  Sushil Jajodia,et al.  Database Security: Status and Prospects: Proceedings of the IFIP Tc11 4th Working Conference, Halifax, U. K., 18-21 Sept., 1990 , 1991 .

[2]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[3]  Sushil Jajodia,et al.  Update semantics for multilevel relations , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[4]  Database Security, IV: Status and Prospects. Results of the IFIP WG 11.3 Workshop on Database Security, Halifax, UK, September 18-21, 1990 , 1991, DBSec.

[5]  Dan Thomsen,et al.  The LDV Secure Relational DBMS Model , 1990, DBSec.

[6]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[7]  Bhavani M. Thuraisingham,et al.  A nonmonotonic typed multilevel logic for multilevel secure data/knowledge base management systems , 1991, Proceedings Computer Security Foundations Workshop IV.

[8]  Fang Chen,et al.  The semantics and expressive power of the MLR data model , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[9]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[10]  Marianne Winslett,et al.  Entity Modeling in the MLS Relational Model , 1992, VLDB.

[11]  Sushil Jajodia,et al.  A new polyinstantiation integrity constraint for multilevel relations , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[12]  Xiaolei Qian,et al.  A Model-Theoretic Semantics of the Multilevel Relational Model , 1994, EDBT.

[13]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[14]  Teresa F. Lunt,et al.  Tuple-level vs Element-level Classification , 1993, Database Security.

[15]  Sushil Jajodia,et al.  Polyinstantation for Cover Stories , 1992, ESORICS.

[16]  Sushil Jajodia,et al.  Honest Databases That Can Keep Secrets , 1991 .

[17]  Sushil Jajodia,et al.  Referential Integrity In Multilevel Secure Databases , 1993 .

[18]  Dorothy E. Denning,et al.  The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.