The Jajodia & Sandhu model

Slides:



Advertisements
Similar presentations
Rasool Jalili; 2 nd semester ; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.
Advertisements

Chapter 3 : Relational Model
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Database Security - Farkas 1 Database Security and Privacy.
Monash University Week 7 Data Modelling Relational Database Theory IMS1907 Database Systems.
Chapter 3 The Relational Model Transparencies © Pearson Education Limited 1995, 2005.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 3 The Basic (Flat) Relational Model.
Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja.
Chapter 3. 2 Chapter 3 - Objectives Terminology of relational model. Terminology of relational model. How tables are used to represent data. How tables.
Introduction Declarative Data Procedural Data -when both declarative & procedural data are stored, the database is sometimes called a knowledge base.
CONSTRAINTS AND UPDATES CHAPTER 3 (6/E) CHAPTER 5 (5/E) 1.
Survey Presentation in Multilevel Secure Database : Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented By: Vic Ho & Kashif.
©Silberschatz, Korth and Sudarshan6.1Database System Concepts Chapter 6: Integrity and Security Domain Constraints Referential Integrity Assertions Triggers.
Information storage: Introduction of database 10/7/2004 Xiangming Mu.
Chapter 4 The Relational Model Pearson Education © 2014.
Database Technical Session By: Prof. Adarsh Patel.
Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.
Concepts and Terminology Introduction to Database.
Polyinstantiation Problem
1 Polyinstantiation. 2 Definition and need for polyinstantiation Sea View model Jajodia – Sandhu model.
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
Relational Database. Database Management System (DBMS)
© D. Wong Ch. 2 Entity-Relationship Data Model (continue)  Data models  Entity-Relationship diagrams  Design Principles  Modeling of constraints.
CSE314 Database Systems Lecture 3 The Relational Data Model and Relational Database Constraints Doç. Dr. Mehmet Göktürk src: Elmasri & Navanthe 6E Pearson.
The Relational Model. 2 Relational Model Terminology u A relation is a table with columns and rows. –Only applies to logical structure of the database,
Modeling Security-Relevant Data Semantics Xue Ying Chen Department of Computer Science.
CHAPTER 2 : RELATIONAL DATA MODEL Prepared by : nbs.
Chapter 4 The Relational Model Pearson Education © 2009.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
Chapter 71 The Relational Data Model, Relational Constraints & The Relational Algebra.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 3 The Relational Data Model and Relational Database Constraints تنبيه.
COP Introduction to Database Structures
Database System Implementation CSE 507
The Relational Data Model & Relational Algebra
Relational Model Database Management Systems, 3rd ed., Ramakrishnan and Gehrke, Chapter 3.
Entity- Relationship (ER) Model
Chapter 5 Database Design
Functional Dependency and Normalization
Chapter 15 Relational Design Algorithms and Further Dependencies
Module 2: Intro to Relational Model
Institute for Cyber Security
RELATION.
© The McGraw-Hill Companies, All Rights Reserved APPENDIX C DESIGNING DATABASES APPENDIX C DESIGNING DATABASES.
Database Design The Relational Model Text Ch5
Lecture # 13 (After 1st Exam)
Chapter 8: Relational Database Design
Chapter 2: Intro to Relational Model
Translation of ER-diagram into Relational Schema
Chapter 4 The Relational Model Pearson Education © 2009.
Chapter 4 The Relational Model Pearson Education © 2009.
Module 5: Overview of Normalization
Entity Relationship Diagrams
Chapter 4 The Relational Model Pearson Education © 2009.
The Relational Model Transparencies
Chapter 4 The Relational Model Pearson Education © 2009.
Chapter 4 The Relational Model Pearson Education © 2009.
Chapter 2: Intro to Relational Model
Chapter 2: Intro to Relational Model
Chapter 5: Confidentiality Policies
Building Trustworthy Semantic Webs
Example of a Relation attributes (or columns) tuples (or rows)
Chapter 2: Intro to Relational Model
Chapter 4 The Relational Model Pearson Education © 2009.
Enhanced Entity-Relationship (EER) Modeling
The Jajodia & Sandhu model
Database.
Chapter 7a: Overview of Database Design -- Normalization
Chapter 3 The Relational Model
Presentation transcript:

The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application of mandatory policies in relational database systems. Based on the sec classifications introduced in BLP. It extends the standard relational model to consider the sec classification. Multilevel relations: Schema and multiple instances based on each access class. A multi-level relation consists of two parts: Rasool Jalili; Database Security, SUT

Rasool Jalili; Database Security, SUT (1) A state-independent multilevel relation scheme R (A1, C1,…, Cn, TC), where each Ai is a data attribute defined over domain Di, each Ci is a classification attribute for Ai, and TC is the tuple class attribute. The domain of Ci is specified by a range [Li, Hi] which is specified as a sub-lattice of access classes. The domain of TC is [lub (Li) , lub (Hi)]. Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) (2) A collection of state-dependant relation instances Rc(A1, C1,…, An, Cn, TC), one for each access class c in the given lattice; each instance is a set of distinct tuples of the form (a1, c1, …, an, cn, tc) where each element ai is either a value of domain Di or null, each ci is a value of the specified range and smaller than tc, that is, ci [ Li, Hi] ci tc, and tc is the least upper bound of the classes of the attribute in the tuple: that is, tc = lub { ci: i=1, …,n} Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Example of a multilevel relation Employee TS Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Instances at the S-level and TS-level of the Employee relation Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Properties of the model: Read and writes are controlled to the satisfaction of the No-Read-Up and No-Write-Down principles. Other restrictions are put to regulate polyinstantiation. (1) Entity integrity: Let AK be the apparent key of a relation R. A multilevel relation R satisfies entity integrity if, and only if, for all instances Rc of R and t Rc (1) Ai AK t[Ai] null (2) Ai , Aj  AK  t[Ci]=t[Cj], ie. AK is uniformly classified, and (3) Ai AK t[Ci] t[CAK] (where CAK is defined as the classification of the apparent key) Rasool Jalili; Database Security, SUT

Rasool Jalili; Database Security, SUT Null values! Null values have two meanings: Corresponding to real null values or To attributes at a classification higher than the classification of the instance. Two similar value tuples with different attribute sec class (so hidden, turned to null)! Subsumtion relationship: t subsumes s, if for every attribute Ai: t [Ai, Ci] = s [Ai, Ci] or t[Ai] != Null and s [Ai] == Null. Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Properties of the model (cont.): (2) Null integrity: A mutilevel relation R satisfies null integrity if and only if for each instance Rc of R both the following conditions are satisfied: (1) For all t Rc, t[Ai] = null  t[Ci] = t[CAK]: that is, null values are classified at the level of the key. (2) Rc is subsumption free in the sense that it does not contain two distinct tuples such that one subsumes the other A tuple t subsumes s if for every attribute Ai t[Ai, Ci] = s[Ai, Ci] or t[Ai] != null and s[Ai] = null. Rasool Jalili; Database Security, SUT

3) Inter-instance integrity Controlling the consistency among the different instances of a relation A multilevel relation R satisfies inter-instance integrity if and only if for all c´  c, Rc´ = (Rc, c´ ), where the filter function  produces the c’-instance Rc´ from Rc as follows: (1) For every tuple t Rc such that t[CAK]  c´, there is a tuple t´  Rc´, with t´[AK,CAK]=t[AK,CAK] and for Ai AK t´ [ Ai, Ci] = t [ Ai, Ci] if t [Ci]  c´, && = <null, CAK> otherwise Rasool Jalili; Database Security, SUT

Inter-instance integrity (cont.): (2) There are no tuples in R c´ other than those derived by the above rule. (3) The end result is made subsumption free by exhaustive elimination of subsumed tuples . Rasool Jalili; Database Security, SUT

(4) Polyinstantiation integrity property: A multilevel relation R satisfies Polyinstantiation integrity iff, for every Rc, for all Ai: (AK, CAK, Ci) Ai. That is, the apparent key, together with the classification of the key and the classification of the attribute functionally determines the value of this attribute. Informally: null integrity and interinstance integrity ensure that, if a tuple value at some security level can be filtered or derived from a higher-classified tuple, then it is sufficient to store the higher classified tuple in the multi-level relation. Rasool Jalili; Database Security, SUT

Rasool Jalili; Database Security, SUT Access to Multilevel relations: Deal with the write operations (Insert, Update, Delete) Read is processed through the Read-Down principle. Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Insert operation: The insert operation, from a c-user, has the following from: INSERT INTO Rc [Ai [, Aj]…)] VALUES (ai [, aj]…) The insert operation is granted, if and only if, the following conditions are satisfied: (1) t [AK] does not contain any nulls (2) For all u Rc : u [AK]  t[AK] If the conditions are satisfied, the tuple is inserted into Rc and all the instances Rc’>c Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Results of the operation INSERT VALUES “ John, Dept2,20K” on S and TS instances of Employee from S subject S S TS Instance Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Update operation: An update operation from a c user has the following form: UPDATE Rc SET Ai = Si [, Aj = Sj]… [WHERE P] Where each si is a scalar expression, and p is a predicate expression which identifies those tuples in Rc that are to be modified If the conditions are satisfied, the update is propagated into Rc’>c according to the minimum propagation delay policy: only those tuples which are needed to preserve the inter-instance property are inserted in Rc’>c Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Results of the operation UPDATE salary = “30K” WHERE Name = “Ann” on S and TS instances of Employee from TS subject Rasool Jalili; Database Security, SUT

The Jajodia & Sandhu model (cont.) Result of the operation UPDATE Department= “Dept1” WHERE Name = “Ann”” and S and TS instances of Employee from TS subject Sam Rasool Jalili; Database Security, SUT

Rasool Jalili; Database Security, SUT Delete Propagation of Delete to Rc’>c due to DELETE FROM RC [WHERE P] If t[CAK] = c, delete any polyinstantiated tuple in Rc’>c If t[CAK] < c, the tuple will continue to exist in all instances Rc’>=t[AK]. Rasool Jalili; Database Security, SUT

Rasool Jalili; Database Security, SUT The End of This Chapter Rasool Jalili; Database Security, SUT

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.