Multi-level security in database management systems
Computers and Security
Security and inference in multilevel database and knowledge-base systems
SIGMOD '87 Proceedings of the 1987 ACM SIGMOD international conference on Management of data
ODE (Object Database and Environment): the language and the data model
SIGMOD '89 Proceedings of the 1989 ACM SIGMOD international conference on Management of data
The architecture of an active database management system
SIGMOD '89 Proceedings of the 1989 ACM SIGMOD international conference on Management of data
Situation monitoring for active databases
VLDB '89 Proceedings of the 15th international conference on Very large data bases
Toward a multilevel secure relational data model
SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
The POSTGRES next generation database management system
Communications of the ACM
Rule condition testing and action execution in Ariel
SIGMOD '92 Proceedings of the 1992 ACM SIGMOD international conference on Management of data
Integrating active concepts into an object-oriented database system
DBPL3 Proceedings of the third international workshop on Database programming languages : bulk types & persistent data: bulk types & persistent data
Design of LDV: A Multilevel Secure Relational Database Management
IEEE Transactions on Knowledge and Data Engineering
NAOS - Efficient and Modular Reactive Capabilities in an Object-Oriented Database System
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Security for Object-Oriented Database Systems
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Multilevel secure rules and its impact on the design of active database systems
BNCOD'03 Proceedings of the 20th British national conference on Databases
Hi-index | 0.00 |
The event-condition-action paradigm (also known as triggers or rules) is a powerful technology. It gives a database “active” capabilities – the ability to react automatically to changes in the database or in the environment. One potential use of this technology is in the area of multilevel secure (MLS) data processing, such as, military, where the subjects and objects are classified into different security levels and mandatory access control rules govern who has access to what. Although a lot of research appears in MLS databases, not much work has been done in the area of MLS active databases. In this paper, we look at one very important aspect of an MLS active database – event detection. An MLS rule, like any other object in an MLS database, is associated with a security level. Events in an MLS database are also associated with security levels. Since an MLS rule can be triggered by an event that is at a different security level than the rule, we cannot use the event detection techniques designed for non-MLS active databases. Using such techniques cause illegal information flow. Our goal is to propose new algorithms that prevent such illegal information flow. We first present an approach to detect primitive events – events that cannot be decomposed. Different types of primitive events can be combined using the event composition operators to form composite events. We also describe how to detect composite events using event graphs in an MLS database.