Design And Realization Of The Multilevel Relational Model Based On Trust-label Semantics

With the rapid development of computer technology and the inflatableinformation of the businesses, it is understood that, as the popular data carrier,databases are very valuable and important. So the security of database system isalways needed. As an important branch in the database security field, the technologyof access control is divided into three classes: Discretionary Access Control,Mandatory Access Control and Role-Based Access Control. In these access controls,the Discretionary Access Control is widely used by the popular database products.But it is more and more difficult to make this access control satisfy those specialindustries which require high-level information security. In order to meet thesedemands, the research of multilevel secure database which is based on the MandatoryAccess Control is advancing by leaps and bounds. There are so many great multilevelsecure relational models such as Bell-Lapadula model, SeaView model,Jajodia-Sandhu model, Smith-Winslett model and MLR model in the last40years.Since the policy of mandatory protection, which is defined and interpreted forsecure computer system by Bell and Lapadula, was introduced to multilevel securedatabase field, almost all multilevel secure data models adopt this strategy and call it``mandatory access controls". Under this strategy, users and applications are calledsubjects and data items accessed by subjects are called objects. Each of objects andsubjects is assigned an access class (or level) which usually is U (Unclassified), C(Confidential), S (Secret) or TS (Top Secret). Obviously, TS> S> C> U. Subjectsmust follow the``no read up, no write down" rule which prevents information fromflowing down during accessing objects.SeaView model inherits the characteristics of Bell-Lapadula model and proposesthe polyinstantiation concept. This model is the first real multilevel secure relationaldata model with a lot of rules about entity integrity, reference integrity andpolyinstantiation integrity. Jajodia and Sandhu put forward Jajodia-Sandhu model which is improved andextended from SeaView and other models. In Jajodia-Sandhu model, at each accessclass for an entity, there exists only one tuple, and update manipulation (UPDATE,DELETE and INSERT) could be executed only when the subject and object are at thesame level.In order to resolve several defects remained in the prior models, Smith andMarianne Winslett put forward the Smith-Winslett model with belief semantics andmultilevel secure entities concept. In Smith-Winslett model, the data model issimplified by removing the classifications for the non-key attributes. This strategy ishelpful to avoid some problems but it also lowers the expressive ability ofSmith-Winslett model.Through adapting several advantages from other models and adding some newfeatures，Ravi Sandhu and Fang Chen put forward the MLR model which has resolvedmany legacies of previous models and been more powerful. But the rules in MLRmodel are too complicated and the expression ability of this model is to be improved.These models have solved or mitigated a lot of problems in this field with theirown ways. But each of them still has one or several problems such as covert channels,semantic ambiguity, proliferation of tuples and poor expressiveness for complexsituations. In this paper, we attempt to build a new model named TL model whichcould resolve as many problems as possible independently and retain the simplexesand expressiveness at the same time. We will put forward a simple, powerful androbust multilevel secure database solution by combining with some strategies ofRole-Based Access Control which are used to make up the defects caused by the TLmodel.