Using Views in a Multilevel Secure Database Management System

Claybrook, Billy G.

doi:10.1109/sp.1983.10009

Cited by 10 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They allow users to manage data presentation without affecting underlying data. Views are also used to enhance database security [58,59]. We exploit and enhance views so as to provide users with lightweight methods for adjusting presentation of personal data and managing information flows.…”

Section: Boundaries As Two-way Permeable Views In Contextmentioning

confidence: 99%

Supporting Collaborative Privacy‐Observant Information Sharing Using RFID‐Tagged Objects

Konomi

Nam

2009

Advances in Human-Computer Interaction

View full text Add to dashboard Cite

RFID technology provides an economically feasible means to embed computing and communication capabilities in numerous physical objects around us, thereby allowing anyone to effortlessly announce and expose varieties of information anywhere at any time. As the technology is increasingly used in everyday environments, there is a heightening tension in the design and shaping of social boundaries in the digitally enhanced real world. Our experiments of RFID-triggered information sharing have identified usability, deployment, and privacy issues of physically based information systems. We discuss awareness issues and cognitive costs in regulating RFID-triggered information flows and propose a framework for privacy-observant RFID applications. The proposed framework supports users' in situ privacy boundary control by allowing users to (1) see how their information is socially disclosed and viewed by others, (2) dynamically negotiate their privacy boundaries, and (3) automate certain information disclosure processes.

show abstract

Section: Boundaries As Two-way Permeable Views In Contextmentioning

confidence: 99%

Supporting Collaborative Privacy‐Observant Information Sharing Using RFID‐Tagged Objects

Konomi

Nam

2009

Advances in Human-Computer Interaction

View full text Add to dashboard Cite

show abstract

“…Neither the IBM nor SRI projects addressed the issues that would be raised if'views were used to classify data and enforce mandatory security. Proposals to use secure views as a basis for multilevel-secure database systems were independently made by Claybrook [9] and by Denning [10], who at that time was helping to organize the 1982 Woods Hole Summer Study on Multilevel Database Management Security sponsored by the National Academy of Sciences, Air Force Studies Board. Denning observed that because views can define arbitrary sets of stored and derived data, they could provide a means of addressing the problems of context-and content-dependent classification, inference, aggregation, and sanitization on a dynamic database.…”

Section: Introductionmentioning

confidence: 99%

Views for Multilevel Database Security

Denning

Akl

Morgenstern

et al. 1986

1986 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Because views on relational database systems mathematically define arbitrary sets of stored and derived data, they have been proposed as a way of handling context-and contenbdependent classification, dynamic classification, inference, aggregation, and sanitization in multilevel database systems. This paper describes basic view concepts for a multilevelsecure relational database model that addresses the above issues. The model treats stored and derived data uniformly within the database schema. All data in the database is classified according to views called classification constraints, which specify security levels for related data. In addition, views called aggregation constraints specifies classifications for aggregates that are classified higher than the constituent elements. All data accesses are confined to a third set of views called access views, which higher than their declared 1.Introduction filter out all data classified view level.The objective of this paper is to describe basic view concepts for a multilevel-secure relational database model. The model is being developed as part of three-year project to design a system that will meet the criteria for class A1l. The project goals include producing a security policy, formal model, formal top level specifications, and implementation specifications.The concept of secure views originated in IBMs System R database system (now called SQL/DS), which was inspired by Codd's fundamental work on relational databaaes2. System R introduced a view as a stored or derived relation expressed in the query language SQL. It then tied its access control mechanism to views by making views the objects of authorization (see also Date' and Dennings). The rationale for this decision was that views, being at a CH2292-l/861X100/01 56$01.0001986IEEE higher level of abstraction than the physical data, simplify the spectlcation and enforcement of contextand content-dependent constraints. For the same reason, Stonebraker6 adopted a high-level approach in the INGRES relational system, though the strategy there uses query modification rather than views. The model we will describe uses features from both System R and INGRES. Concurrent with the development work at IBM, Neumann obsewed that views provided an attractive method for implementing a secure relational data management system on top of SRI's Provably Secure Operating System (PSOS)7. In the PSOS approach, a view is restricted to a subset of a single relation and serves as a capability for selective access to the relation.Neither the IBM nor SRI projects addressed the issues that would be raised if views were used to classify data and enforce mandatory security. Proposals to use secure views as a basis for multilevelsecure database systems were independently made by Clay brook8 and by Denning", who at that time was helping to organize the 1982 Woods Hole Summer Study on Multilevel Database Management Security sponsored hy the National Academy of Sciences, Air Force Studies Board. Denning observed that because views can define arbitr...

show abstract

“…Proposals to use secure views as a basis for multilevel-secure database systems were independently made by Claybrook [9] and by Denning [10], who at that time was helping to organize the 1982 Woods Hole Summer Study on Multilevel Database Management Security sponsored by the National Academy of Sciences, Air Force Studies Board. Denning observed that because views can define arbitrary sets of stored and derived data, they could provide a means of addressing the problems of context-and content-dependent classification, inference, aggregation, and sanitization on a dynamic database.…”

mentioning

confidence: 99%

Views for Multilevel Database Security

Denning

Akl

Heckman

et al. 1987

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Abstract-Because views on relational database systems mathematically define arbitrary sets of stored and derived data, they have been proposed as a way of handling context-and content-dependent classification, dynamic classification, inference, aggregation, and sanitization in multilevel database systems. This paper describes basic view concepts for a multilevel-secure relational database model that addresses the above issues. All data entering the database are labeled according to views called classification constraints, which specify access classes for related data. In addition, views called aggregation constraints restrict access to aggregates of information. All data accesses are confined to a third set of views called access views.

show abstract

Using Views in a Multilevel Secure Database Management System

Cited by 10 publications

References 0 publications

Supporting Collaborative Privacy‐Observant Information Sharing Using RFID‐Tagged Objects

Supporting Collaborative Privacy‐Observant Information Sharing Using RFID‐Tagged Objects

Views for Multilevel Database Security

Views for Multilevel Database Security

Contact Info

Product

Resources

About