Development of an object-oriented DBMS
OOPLSA '86 Conference proceedings on Object-oriented programming systems, languages and applications
Development and implementation of an object-oriented DBMS
Research directions in object-oriented programming
Integrating an object-oriented programming system with a database system
OOPSLA '88 Conference proceedings on Object-oriented programming systems, languages and applications
A Hookup Theorem for Multilevel Security
IEEE Transactions on Software Engineering
Supporting secure and efficient write-up in high-assurance multilevel object-based computing
Supporting secure and efficient write-up in high-assurance multilevel object-based computing
A lattice model of secure information flow
Communications of the ACM
Lattice-Based Access Control Models
Computer
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Security for Object-Oriented Database Systems
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Research Frontiers in Object Technology
Information Systems Frontiers
Hi-index | 0.00 |
In this paper, we address security in object-oriented database systems for multilevel secure environments. Such an environment consists of users cleared to various security levels, accessing information labeled with varying classifications. Our purpose is three-fold. First, we show how security can be naturally incorporated into the object model of computing so as to form a foundation for building multilevel secure object-oriented database management systems. Next, we show how such an abstract security model can be realized under a cost-effective, viable, and popular security architecture. Finally, we give security arguments based on trusted subjects and a formal proof to demonstrate the confidentiality of our architecture and approach.A notable feature of our solution is the support for secure synchronous write-up operations. This is useful when low level users want to send information to higher level users. In the object-oriented context, this is naturally modeled and efficiently accomplished through write-up messages sent by low level subjects. However, such write-up messages can pose confidentiality leaks (through timing and signaling channels) if the timing of the receipt and processing of the messages is observable to lower level senders. Such covert channels are a formidable obstacle in building high-assurance secure systems. Further, solutions to problems such as these have been known to involve various tradeoffs between confidentiality, integrity, and performance. We present a concurrent computation model that closes such channels while preserving the conflicting goals of confidentiality, integrity, and performance. Finally, we give a confidentiality proof for a trusted subject architecture and implementation and demonstrate that the trusted subject (process) cannot leak information in violation of multilevel security.