A Multilevel Secure Object- Oriented Data Model
暂无分享,去创建一个
Recently, several security models have appeared in the literature dealing with mandatory access controls in object-oriented databases. While some of them are of considerable interest and merit (see the later section " Review of relevant research " for a discussion), they seem to lack intuitive appeal because they do not appear to model security in a way that takes full advantage of the object-oriented paradigm. Our goal in this essay is to construct a database security model for mandatory access controls that dovetails with the object-oriented data model in a natural way. The result, we hope, is a set of principles to help design and implement security policies in object-oriented database management systems in a clear and concise fashion. The object-subject paradigm of Bell and LaPadula [BELL76, DENN82] is widely used in work on mandatory access controls. An object is understood to be a data file or, at an abstract level, a data item. A subject is an active process that can request access to objects. Every object is assigned a classification, and every subject a clearance. Classifications and clearances are collectively referred to as security levels (or classes). Security levels are partially ordered. A subject is allowed a read access to an object only if the former's clearance is equivalent to or higher (in the partial order) than the latter's classification. A subject is allowed a write access to an object only if the former's clearance is equivalent to or lower than the latter's classification. Since a system may not be secure even if it always enforces the two Bell-LaPadula restrictions correctly, a secure system must guard against not only the direct revelation of data but also violations that produce illegal information flows through indirect means, including covert channels [DENN82]. The above restrictions are intended to ensure that there is no flow of information from high objects to low subjects. For otherwise, since subjects can represent users , a breach of security occurs wherein users get access to information for which they have not been cleared.