The semantics of an extended referential integrity for a multilevel secure relational data model

To prevent information leakage in multilevel secure data models, the concept of polyinstantiation was inevitably introduced. Unfortunately, when it comes to references through foreign key in multilevel relational data models, the polyinstantiation causes referential ambiguities. To resolve this problem, this paper proposes an extended referential integrity semantics for a multilevel relational data model, Multilevel Secure Referential Integrity Semantics (MLS-RIS).The MLS-RIS distinguishes foreign key into two types of references, i.e. value-based and entity-based reference. For each type, it defines the referential integrity to be held between two multilevel relations, and provides resolution rules for the referential ambiguities. In addition, the MLS-RIS specifies the semantics of referential actions of the SQL update operations so as to preserve the referential integrity.

[1]  Dorothy E. Denning,et al.  The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[2]  B. M. Horowitz A run-time execution model for referential integrity maintenance , 1992, [1992] Eighth International Conference on Data Engineering.

[3]  Sushil Jajodia,et al.  Referential Integrity In Multilevel Secure Databases , 1993 .

[4]  Elisa Bertino,et al.  Database Security: Research and Practice , 1995, Inf. Syst..

[5]  Harold F. Tipton,et al.  Handbook of Information Security Management , 1997 .

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[8]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[9]  Ravi Sandhu,et al.  Relational Database Access Controls Using SQL , 1999 .

[10]  Sushil Jajodia,et al.  Polyinstantiation integrity in multilevel relations , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Bhavani M. Thuraisingham,et al.  Design of LDV: a multilevel secure relational database management system , 1990 .

[12]  Sushil Jajodia,et al.  Update semantics for multilevel relations , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[13]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[14]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[15]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[16]  Victor Markowitz,et al.  Safe Referential Structures in Relational Databases , 1991, Very Large Data Bases Conference.

[17]  Elisa Bertino,et al.  A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[18]  Alan R. Simon,et al.  Understanding the New SQL: A Complete Guide , 1993 .

[19]  Michael Gertz,et al.  Semantic integrity support in SQL:1999 and commercial (object-)relational database management systems , 2001, The VLDB Journal.

[20]  G. E. Gajnak Some results from the entity/relationship multilevel secure DBMS project , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[21]  Victor M. Markowitz Safe Referential Integrity Structures in Relational Databases , 1991, VLDB.

[22]  Sang Hyuk Son,et al.  Towards a multilevel secure database management system for real-time applications , 1993, [1993] Proceedings of the IEEE Workshop on Real-Time Applications.

[23]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[24]  Sushil Jajodia,et al.  A novel decomposition of multilevel relations into single-level relations , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  Teresa F. Lunt,et al.  Polyinstantiation: an inevitable part of a multilevel world , 1991, Proceedings Computer Security Foundations Workshop IV.

[26]  Jayant R. Haritsa,et al.  Secure transaction processing in firm real-time database systems , 1997, SIGMOD '97.

[27]  Bertram Ludäscher,et al.  Referential actions as logical rules , 1997, PODS '97.

[28]  Alan R. Simon,et al.  Sql: 1999 Understanding Relational Language Components , 2002 .

[29]  Hamid Pirahesh,et al.  Integrating Triggers and Declarative Constraints in SQL Database Systems , 1996, VLDB.

[30]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[31]  A Min Tjoa,et al.  Authorization and access control in IRO-DB , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[32]  Bhavani M. Thuraisingham,et al.  Mandatory security in object-oriented database systems , 1989, OOPSLA '89.

[33]  Sang Hyuk Son,et al.  Supporting security requirements in multilevel real-time databases , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.