| One of the important tasks of today's database system is to store and manage business data and information efficiently. Since these data are often very sensitive and of business secret, enhancing the security of database system become more and more important.Most traditional database systems can provide security features to meet the requirements of general applications, but they are less efficient when dealing with certain requirements of those sensitive departments and areas. Thus the research and development of secure database system become a hot topic now.The concept of multilevel is commonly used in the study of the secure data model for secure database system. All the elements in secure data model are divided into subjects and objects. Each subject and object has been given a security level. The access to the subject is restricted by mandatory access controls, roughly expressed as "no read up, no write down". This control is to follow the well-known Bell LaPadula model. However, from the security viewpoint, this restriction should be strengthened by a further requirement: operations from any given level should not be accepted or rejected due to existence or absence of any higher level data. Otherwise there will be some covert channels for leakage of high level data. Thus, the concept of polyinstantiation is introduced to handle this kind of problem.Up to now, many multilevel data models have been proposed and different models have different merits. In this paper, we analyzed two popular secure data models: MLR and BCMLS model. Though they are superior to the other models in many aspects, these two models still have some limitations related to the polyinstantiation issue. The major problem is semantic ambiguity and operational incompleteness of polyinstantiation . After analyzing these limitations, we proposed some improvement measures. Our work includes four parts as follows. 1. First we define a new polyinstantiation semantics for MLR data model: multilevel secure polyinstantiation semantics (MLS-POS). A particularly attractive feature of MLS-POS is that it can limit the extent of upward information flow, thus not only improve the system in confidentiality but also in the availability. 2. We then strengthen and improve the data-borrow operation based on MLS-POS for MLR model so as to improve the effectiveness of preventing the low classification user from modifying the sensitive information. 3. We analyze the ambiguous semantics of the polyinstantiation maintenance rule in BCMLS model and propose an improved rule to make the model more complete in semantics. 4. We propose the design of implementing MLR and BCMLS model.After these improvements, the strengthened MLR model and BCMLS model can adapt better to the demand of different real-world scenarios and can make the secure database system based on them more secure, agile and usable. |
PDF Full Text Request