| Data model is the core and foundation of the database system. Establishing a secure data model is very important for designing and exploiting a high-secure-level system. Mandatory Access Control (MAC) is the most important part of the secure data model and is a fatal factor which determines whether a secure level of the database system can reach Bl level.In this paper, the author provides a multilevel security data model with MAC. This model consulted the two concepts of "data-borrow" and "data-based semantics" that are used in many classical multilevel security data models so as to eliminate ambiguity of semantics effectively. On this basis, the data integrity is redefined .Then, according to the access rules of "downward read and upward write", the author redefines the four data manipulation operation sentences. The author redefines the UPLEVEL sentence according to the upward writing requirement and proves its correctness. At last, the map between the multilevel relation and the single level relations is realized by view method. By disassembling the multilevel relation into the traditional single level relation, the multilevel relation operation is disassembled into single level relation operation and the realization of secure control is simplified.According to the model mentioned above, the conversion of the single-level relations between multilevel relations as well as the Mandatory Access Control of the database is implemented. With four models (Identity Authentication, Role-Based Access Control (RBAC), Mandatory Access Control (MAC) and Audit) the secure sub-system of secure database with mandatory access control is realized and Bl level secure database is realized. |
PDF Full Text Request