A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems

RJAIBI, W; BIRD, P

doi:10.1016/b978-012088469-8/50088-7

Cited by 11 publications

(12 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It indicates that the larger the category for an object is, the fewer the users that can access it. In some applications [18,21], the rule for label comparison is not as rigorous as this. On the contrary, the requirement is: the larger the category for an object is, the more the users that can access it.…”

Section: Strict *-Property: a Subject S Can Write An Object O Only Ifmentioning

confidence: 99%

A practical mandatory access control model for XML databases

Zhu

Jin

2009

Information Sciences

View full text Add to dashboard Cite

Abstract.A practical mandatory access control (MAC) model for XML databases is presented in this paper. The label type and label access policy can be defined according to the requirements of different applications. In order to preserve the integrity of data in XML databases, a constraint between a read-access rule and a write-access rule in label access policy is introduced. Rules for label assignment and propagation are presented to alleviate the workload of label assignments. Furthermore, a solution for resolving conflicts in label assignments is proposed. Rules for update-related operations, rules for exceptional privileges of ordinary users and the administrator are also proposed to preserve the security of operations in XML databases. The MAC model, we proposed in this study, has been implemented in an XML database. Test results demonstrated that our approach provides rational and scalable performance.Keyword: mandatory access control, XML databases, access control model, security. A Practical Mandatory Access Control Model for XML DatabasesAbstract. A practical mandatory access control (MAC) model for XML databases is presented in this paper. The label type and label access policy can be defined according to the requirements of different applications. In order to preserve the integrity of data in XML databases, a constraint between a read-access rule and a write-access rule in label access policy is introduced. Rules for label assignment and propagation are presented to alleviate the workload of label assignments. Furthermore, a solution for resolving conflicts in label assignments is proposed. Rules for update-related operations, rules for exceptional privileges of ordinary users and the administrator are also proposed to preserve the security of operations in XML databases. The MAC model, we proposed in this study, has been implemented in an XML database. Test results demonstrated that our approach provides rational and scalable performance.

show abstract

Section: Strict *-Property: a Subject S Can Write An Object O Only Ifmentioning

confidence: 99%

A practical mandatory access control model for XML databases

Zhu

Jin

2009

Information Sciences

View full text Add to dashboard Cite

show abstract

“…The larger the set of category for an object is, the fewer the users that can access it. In some applications [7,8], the rule for label comparing is not as rigorous as this. On the contrary, the requirement is: the larger the set of category, the more users that can access it.…”

Section: L(s) If and Only If L(o)l ≤ L(s)l And L(o)c ⊆ L(s)c We mentioning

confidence: 99%

“…Moreover, in these applications the structure of the label may be different from the structure of the label in the BLP model. In order to meet the needs of these applications, [5,7,8] have enhanced the flexibility of the MAC mechanism in relational databases. The existing MAC models [4,6] for XML databases are all based on the BLP model.…”

Section: L(s) If and Only If L(o)l ≤ L(s)l And L(o)c ⊆ L(s)c We mentioning

confidence: 99%

A Flexible Mandatory Access Control Policy for XML Databases

Zhu¹,

Jin²

2007

Proceedings of the 2nd International ICST Conference on Scalable Information Systems

View full text Add to dashboard Cite

A flexible mandatory access control policy (MAC) for XML databases is presented in this paper. The label type and label access policy can be defined according to the requirements of applications. In order to preserve the integrity of data in XML databases, a constraint between a read access rule and a write access rule in label access policy is introduced. Rules for label assignment and propagation are proposed to alleviate the workload of label assignment. Also, a solution for resolving conflicts of label assignments is proposed. At last, operations for implementation of the MAC policy in a XML database are illustrated.

show abstract

“…Instead of attaching access control information directly to the data (as DAC does), in MAC system-wide security policies are enforced on the basis of security models (see, e. g., [24]). (Relational) databases implementing MAC are also called "multilevel secure" (MLS) and make use of techniques like polyinstantiation; see, e. g., [22,21,14,23,18]. Moreover, e. g. in [22,2,13], comprehensive systems have been proposed that integrate DAC and/or MAC into the different stages of database design.…”

Section: Related Workmentioning

confidence: 99%

Efficient Inference Control for Open Relational Queries

Biskup

Hartmann

Link

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We present a control mechanism for preserving confidentiality in relational databases under open queries. This mechanism is based on a reduction of costly inference control to efficient access control that has recently been developed for closed database queries. Our approach guarantees that secrets being declared in form of a confidentiality policy are not disclosed to database users even if they utilize their a priori knowledge to draw inferences. It turns out that there is no straightforward transition from the approach for closed queries to open queries. We show, however, that hiding the confidentiality policy from database users is sufficient to preserve confidentiality. Moreover, we propose an algorithmic implementation of the control mechanism.

show abstract

A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems

Cited by 11 publications

References 8 publications

A practical mandatory access control model for XML databases

A practical mandatory access control model for XML databases

A Flexible Mandatory Access Control Policy for XML Databases

Efficient Inference Control for Open Relational Queries

Contact Info

Product

Resources

About