In order to develop highly secure database systems to meet the requirements for class B2, the BLP (Bell-LaPudula) model is extended according to the features of database systems. A method for verifying security model for database systems is proposed. According to this method, an analysis by using Coq proof assistant to ensure the correctness and security of the extended model is introduced. Our formal security model has been verified secure. This work demonstrates that our verification method is effective and sufficient.In many database applications sensitive information needs to be processed. Database management system (DBMS) are required to provide high level of security. Before designing a highly secure database system to meet the security requirements for class B2 [1] , a formal security model is needed.Since the BLP (Bell-LaPudula) model [2] is recommended by the trusted computer system evaluation criteria (TCSEC) [1] , many researchers applied it to operating systems and formally analyzed the security of the extended models. Li et al [3] specified the BLP in Z language and illustrated that proving by using tools was more rigorous than proving manually. He et al [4] analyzed an extended BLP in Z language and verified that their model was not secure. Maximiliano [5] proposed an extended model for a UNIX file system and analyzed that its operations satisfied a set of security properties with Coq [6] . Boniface et al [7] specified the SELinux MLS policy in the Prolog and proposed a method to determine policy compliance in different systems.The BLP model has also been applied in secure database systems. In SeaView, the formal verification of the SQL in EHDM (enhanced hierarchical development methodology) is presented [8,9] . Cheng et al [10] extended the object hierarchy in a secure model for a database system and verified the transition rules manually. However, when we apply the BLP model to modern databases, a problem arises. In the BLP model, objects form a tree, but a tree would not describe all the relationships among objects in database systems. Therefore, the objects and their structures of the BLP model need to be extended,
Data recovery for malicious committed transactions after attacks increasingly becomes an important issue. Damage assessment for data recovery requires a transaction log which record data items read or written by all malicious and benign transactions. Unfortunately, conventional undo/redo log could not record read operations for transactions; and existing auditing mechanisms in DBMS could not capture operations for data items. In this paper, we introduce a concept of "Extended Read Operations" and illustrate how the Extended Read Operations would cause the damage spreading, and then a Fine Grained Transaction Log (FGTL) is proposed. The log records all the data items of the read only and update-involved operations (read and write) for the committed transactions, and even extracts data items read by the subqueries in the SQL statements. A prototype system denoted FGTL Generator is developed to generate the FGTL. Experiments based on TPC-W Benchmark show the availability for FGTL Generator.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.