Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Multilevel Secure Database Management Systems - II January 27, 2005
Outline l MLS/DBMS Designs and Prototypes l Challenges l Multilevel Secure Data Models l MLS/DBMS Functions l Directions
Overview of MLS/DBMS Designs Hinke-Schaefer (SDC Corporation) Introduced operating system providing mandatory access control Integrity Lock Prototypes: Two Prototypes developed at MITRE using Ingres and Mistress relational database systems SeaView: Funded by Rome Air Development Center (RADC) (now Air Force Rome Laboratory) and used operating system providing mandatory access control and introduced polyinstation Lock Data Views (LDV) : Extended kernel approach developed by Honeywell and funded by RADC and investigated inference and aggregation
Overview of MLS/DBMS Designs (Concluded) ASD, ASD-Views: Developed by TRW based on the Trusted subject approach. ASD Views provided access control on views SDDBMS: Effort by Unisys funded by RADC and investigated the distributed approach SINTRA: Developed by Naval Research Laboratory based on the replicated distributed approach SWORD: Designed at the Defense Research Agency in the UK and there goal was not to have polyinstantiation
Some MLS/DBMS Commercial Products Developed (late 1980s, early 1990s) l Oracle (Trusted ORACLE7 and beyond): Hinke-Schafer and Trusted Subject based architectures l Sybase (Secure SQL Server): Trusted subject l ARC Professional Services Group (TRUDATA/SQLSentry): Integrity Lock l Informix (Informix-On-LineSecure): Trusted Subject l Digital Equipment Corporation (SERdb) (this group is now part of Oracle Corp): Trusted Subject l InfoSystems Technology Inc. (Trusted RUBIX): Trusted Subject l Teradata (DBC/1012): Secure Database Machine l Ingres (Ingres Intelligent Database): Trusted Subject
Some Challenges: Inference Problem Inference is the process of forming conclusions from premises If the conclusions are unauthorized, it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified Association problem: attributes A and B taken together is Secret - individually they are Unclassified
Some Challenges: Polyinstantiation Mechanism to avoid certain signaling channels Also supports cover stories Example: John and James have different salaries at different levels
Some Challenges: Covert Channel Database transactions manipulate data locks and covertly pass information Two transactions T1 and T2; T1 operates at Secret level and T2 operates at Unclassified level Relation R is classified at Unclassified level T1 obtains read lock on R and T2 obtains write lock on R T1 and T2 can manipulate when they request locks and signal one bit information for each attempt and over time T1 could covertly send sensitive information to T1
Multilevel Secure Data Model: Classifying Databases
Multilevel Secure Data Model: Classifying Relations
Multilevel Secure Data Model: Classifying Attributes/Columns
Multilevel Secure Data Model: Classifying Tuples/Rows
Multilevel Secure Data Model: Classifying Elements
Multilevel Secure Data Model: Classifying Views
Multilevel Secure Data Model: Classifying Metadata
MLS/DBMS Functions Overview
MLS/DBMS Functions Secure Query Processing
MLS/DBMS Functions Secure Transaction Management
MLS/DBMS Functions Secure Integrity Management
Status and Directions MLS/DBMSs have been designed and developed for various kinds of database systems including object systems, deductive systems and distributed systems Provides an approach to host secure applications Can use the principles to design privacy preserving database systems Challenge is to host emerging secure applications including e- commerce and biometrics systems