Research On Covert Channel Analysis And Related Techniques In Secure Database Systems

With the wide applications of computers in different domains, more and more sensitive information will be stored in databases. How to protect the information security in databases, and protect against Trojan horse or inference attacks, have become an important task of DBMS. Access control, information flow control, inference control and database encryption are the primary security measures of database systems. Recently, information flow control and inference control have become the research hotspots of secure databases.The research work in this thesis focuses on covert channels. A covert channel allows information to pass from a higher classification level to a lower classification level through improper means. This thesis investigates the semantics of the multilevel secure data model, static and dynamic covert channel detections, and multilevel transaction schedules. Moreover, this thesis also investigates inference channel detection and inference risks evaluation. This thesis will be organized as follows:First of all, the research contents of secure databases are presented. Then, the research processes of multilevel secure data model, covert channel analysis, covert channel bandwidth computation and measurement, covert channel handing policies, multilevel secure transaction schedule and data level inference control are presented. The problems in existing methods are also pointed out. At last, the research contents addressed in this thesis are proposed.A multilevel secure data model based on entity semantics is proposed. Entity integrity, polyinstantiation integrity, foreign key integrity and referential integrity are redefined in this model. The expressive power of the tuple-level, element-level and semi-tuple-level labeling data models are compared using ER style diagrams. The semantics of the four traditional SQL statements are redefined. This model is proved to be sound, complete and secure. In a word, the proposed model is a secure, unambiguous and powerful data model.A technique for identifying covert channels based on information flow graph...