A Trusted Subject Architecture for Multilevel Secure Object-Oriented Databases

We address security in object-oriented database systems for multilevel secure environments. Such an environment consists of users cleared to various security levels, accessing information labeled with varying classifications. Our purpose is three-fold. First, we show how security can be naturally incorporated into the object model of computing so as to form a foundation for building multilevel secure object-oriented database management systems. Next, we show how such an abstract security model can be realized under a cost-effective, viable, and popular security architecture. Finally, we give security arguments based on trusted subjects and a formal proof to demonstrate the confidentiality of our architecture and approach. A notable feature of our solution is the support for secure synchronous write-up operations. This is useful when low level users want to send information to higher level users. In the object-oriented context, this is naturally modeled and efficiently accomplished through write-up messages sent by low level subjects. However, such write-up messages can pose confidentiality leaks (through timing and signaling channels) if the timing of the receipt and processing of the messages is observable to lower level senders. Such covert channels are a formidable obstacle in building high-assurance secure systems. Further, solutions to problems such as these have been known to involve various tradeoffs between confidentiality, integrity, and performance. We present a concurrent computation model that closes such channels while preserving the conflicting goals of confidentiality, integrity, and performance. Finally, we give a confidentiality proof for a trusted subject architecture and implementation and demonstrate that the trusted subject (process) cannot leak information in violation of multilevel security.

[1]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[3]  Jonathan K. Millen,et al.  Security for object-oriented database systems , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Ravi S. Sandhu,et al.  Supporting Object-Based High-Assurance Write-up in Multilevel Databases for the Replicated Architecture , 1994, ESORICS.

[5]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[6]  David Maier,et al.  Development and Implementation of an Object-Oriented DBMS , 1987, Research Directions in Object-Oriented Programming.

[7]  Teresa F. Lunt,et al.  Multilevel Security for Object-Oriented Database Systems , 1989, Database Security.

[8]  James W. Gray,et al.  Probabilistic interference , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Ravi S. Sandhu,et al.  A Kernelized Architecture for Multilevel Secure Object-Oriented Databases Supporting Write-Up , 1993, J. Comput. Secur..

[10]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[11]  David Maier,et al.  Development of an object-oriented DBMS , 1986, OOPSLA 1986.

[12]  Won Kim,et al.  Integrating an object-oriented programming system with a database system , 1988, OOPSLA '88.

[13]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[14]  Wei-Ming Hu,et al.  Reducing timing channels with fuzzy time , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[15]  Helena Winkler Sybase Secure SQL Server , 1992 .

[16]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[17]  Ming-Chien Shan,et al.  Iris: An Object-Oriented Database Management System , 1989, ACM Trans. Inf. Syst..

[18]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[20]  Roshan K. Thomas Supporting secure and efficient write-up in high-assurance multilevel object-based computing , 1994 .