Security in database systems: A research perspective

Database security has been the subject of active research for the past several years. In the last five years, rapid progress has been made in defining what security means for such systems and in developing laboratory prototypes and even products that meet those definitions. However, much more work remains to be done in certain key research areas. This paper provides an overview of the database security issues for both mandatory and discretionary security and describes areas of ongoing research.

[1]  Terry V. Benzel,et al.  Formal policies for trusted processes , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[2]  Bhavani M. Thuraisingham,et al.  Design of LDV: a multilevel secure relational database management system , 1990 .

[3]  T. D. Garvey,et al.  Multilevel security for knowledge based systems , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[4]  Deborah Downs,et al.  Issues in Discretionary Access Control , 1985, 1985 IEEE Symposium on Security and Privacy.

[5]  G. E. Gajnak Some results from the entity/relationship multilevel secure DBMS project , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[6]  Bhavani M. Thuraisingham,et al.  SODA: A secure object-oriented database system , 1989, Comput. Secur..

[7]  Mark E. Stickel,et al.  Abductive and approximate reasoning models for characterizing inference channels , 1991, Proceedings Computer Security Foundations Workshop IV.

[8]  Carl E. Landwehr,et al.  A security model for military message systems , 1984, TOCS.

[9]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[11]  Donovan Hsieh,et al.  The SeaView Secure Database System: A Progress Report , 1990, ESORICS.

[12]  Ira B. Greenberg,et al.  Single-level multiversion schedulers for multilevel secure database systems , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[13]  T.F. Lunt,et al.  A near-term design for the SeaView multilevel database system , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[14]  Richard D. Graubart,et al.  A Preliminary Neval Surveillance OBMS Sacurity , 1982, 1982 IEEE Symposium on Security and Privacy.

[15]  Teresa F. Lunt,et al.  Multilevel Security for Object-Oriented Database Systems , 1989, Database Security.

[16]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[17]  Donovan Hsieh,et al.  Update Semantics for a Multilevel Relational Database System , 1990, Database Security.

[18]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[19]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[20]  Teresa F. Lunt,et al.  Access Control Policies for Database Systems , 1988, DBSec.

[21]  Teresa F. Lunt Access control policies: Some unanswered questions , 1989, Comput. Secur..

[22]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[23]  Teresa F. Lunt,et al.  The SeaView verification , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[24]  Thomas A. Berson,et al.  Multilevel Security for Knowledge-Based Systems , 1987, 1987 IEEE Symposium on Security and Privacy.

[25]  Teresa F. Lunt,et al.  Toward a multilevel relational data language , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[26]  Teresa F. Lunt,et al.  Issues in distributed database security , 1989, [1989 Proceedings] Fifth Annual Computer Security Applications Conference.

[27]  Teresa F. Lunt Aggregation and inference: facts and fallacies , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[28]  Roger R. Schell,et al.  Toward an Understanding of Extensible Architectures for Evaluated Trusted Computer System Products , 1984, 1984 IEEE Symposium on Security and Privacy.

[29]  Richard Graubart,et al.  A Preliminary Naval Surveillance DBMS Security Model. , 1982, S&P 1982.

[30]  Thomas H. Hinke,et al.  DBMS Trusted Computing Base Taxonomy , 1989, DBSec.