Views for Multilevel Database Security

Denning, Dorothy E.; Akl, Selim G.; Morgenstern, Matthew; Neumann, Peter G.; Schell, Roger R.; Heckman, Mark

doi:10.1109/sp.1986.10012

Cited by 45 publications

(21 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There are many ways to avoid storing too much data in practice. Work on multi-level databases [21,30] suggests it is both useful and practically feasible to store multiple versions of data corresponding to different access levels. The question becomes, then, how to avoid storing too much data due to too id name location jid jvars 1 "Carol's ... party" "Schloss Dagstuhl" 1 "x=True" 2 "Private event"…”

Section: Data Representation Considerationsmentioning

confidence: 99%

Precise, dynamic information flow for database-backed applications

Yang

Hance²,

Austin

et al. 2016

Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

We present an approach for dynamic information flow control across the application and database. Our approach reduces the amount of policy code required, yields formal guarantees across the application and database, works with existing relational database implementations, and scales for realistic applications. In this paper, we present a programming model that factors out information flow policies from application code and database queries, a dynamic semantics for the underlying λ JDB core language, and proofs of termination-insensitive non-interference and policy compliance for the semantics. We implement these ideas in Jacqueline, a Python web framework, and demonstrate feasibility through three application case studies: a course manager, a health record system, and a conference management system used to run an academic workshop. We show that in comparison to traditional applications with hand-coded policy checks, Jacqueline applications have 1) a smaller trusted computing base, 2) fewer lines of policy code, and 2) reasonable, often negligible, overheads.

show abstract

Section: Data Representation Considerationsmentioning

confidence: 99%

Precise, dynamic information flow for database-backed applications

Yang

Hance²,

Austin

et al. 2016

Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

show abstract

“…They allow users to manage data presentation without affecting underlying data. Views are also used to enhance database security [58,59]. We exploit and enhance views so as to provide users with lightweight methods for adjusting presentation of personal data and managing information flows.…”

Section: Boundaries As Two-way Permeable Views In Contextmentioning

confidence: 99%

Supporting Collaborative Privacy‐Observant Information Sharing Using RFID‐Tagged Objects

Konomi

Nam

2009

Advances in Human-Computer Interaction

View full text Add to dashboard Cite

RFID technology provides an economically feasible means to embed computing and communication capabilities in numerous physical objects around us, thereby allowing anyone to effortlessly announce and expose varieties of information anywhere at any time. As the technology is increasingly used in everyday environments, there is a heightening tension in the design and shaping of social boundaries in the digitally enhanced real world. Our experiments of RFID-triggered information sharing have identified usability, deployment, and privacy issues of physically based information systems. We discuss awareness issues and cognitive costs in regulating RFID-triggered information flows and propose a framework for privacy-observant RFID applications. The proposed framework supports users' in situ privacy boundary control by allowing users to (1) see how their information is socially disclosed and viewed by others, (2) dynamically negotiate their privacy boundaries, and (3) automate certain information disclosure processes.

show abstract

“…Important:{1, 3,5,6,8,19,[23][24][25][26][27][28]32,33,35,36,[38][39][40][41]7,9,11,14,17,20,22,29,30,34,37> Unimportant: (4,12,13,15,16,18,19,21,3) Unimportant: (7,8,9,11,13,22,27,28,30,31,35,36,37, 40,41) Table 4. SVM detection efficacy for dos using different features obtained from svdf ranking…”

Section: Ranking the Significance Of Inputsmentioning

confidence: 99%

“…IDSs are classified, based on their functionality, as misuse detectors and anomaly detectors. Misuse detection systems use the attack of well-know patterns as the basis for detection [3,4,5,6,7]. Anomaly detection systems use user profiles as the basis for detection; any deviation from the normal user behavior is termed as intrusions [3,4,5,8,9,10].…”

Section: Introductionmentioning

confidence: 99%

“…Several intrusion detection systems are built with human intervention and without human intervention. Rule based intrusion detection systems; these systems are characterized by their expert system properties that fire the rules when audit records or system status begin to turn illegal [3,4,11,12]. Statistical based intrusion detection systems; these systems seek to identify the deviations from the normal looking at the state and audit records [8,13,14,15,16,17,18].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Knowledge Required for Detecting and Defending against Denial of Service Attacks

Ramamoorthy¹,

Shanthi²,

Mukkamala³

et al. 2007

Int. Jour. Intel. Elec. Sys.

View full text Add to dashboard Cite

The complexity, openness, and increasing accessibility of the Internet have all greatly increased the risk of information system security availability. A serious type of network attacks is Denial of Service (DoS), which is performed against an information system to prevent legitimate users from accessing the compromised system for service. This paper concerns detecting DoS attacks using Support Vector Machines (SVMs). The key idea is to train SVMs using already discovered patterns (signatures) that represent DoS attacks. Using a benchmark data from a KDD competition designed by DARPA (U.S. Defense Advanced Research Projects Agency), we demonstrate that highly efficient and accurate classifiers can be constructed by using SVMs to detect DoS attacks. Further, we also perform feature ranking of the DARPA intrusion data to identify the key features that are important to DoS detection.

show abstract

Views for Multilevel Database Security

Cited by 45 publications

References 7 publications

Precise, dynamic information flow for database-backed applications

Precise, dynamic information flow for database-backed applications

Supporting Collaborative Privacy‐Observant Information Sharing Using RFID‐Tagged Objects

Knowledge Required for Detecting and Defending against Denial of Service Attacks

Contact Info

Product

Resources

About