Submodule 3: Database Security Models
In this project, students will make sure that they know the concepts of the Sea View Model for enforcing the security of a relational database.
(1) The Sea View model governs access to the data stored in the database on
the basis of mandatory as well as discretionary policies, and consists of two
layers.
The top layer supports discretionary controls for multilevel
relations and views, and formulizes the supporting policies using TCB (Trusted
Computing Base) Model.
In the bottom layer, all the information of the top
layer in TCB model is stored in objects mediated by the MAC (Mandatory Access
Control) refernce monitor.
|
Name |
C-Name |
Department |
C-Department |
Salary |
C-Salary |
C-Tuple |
|
Bob |
S |
Dept1 |
S |
10K |
S |
S |
|
Ann |
S |
Dept2 |
S |
30K |
TS |
TS |
|
Sam |
TS |
Dept2 |
TS |
30K |
TS |
TS |
Assuming the Sea View model is used for enforcing the database security, answer the following questions:
(1) Show the S(ecret)-Instance and T(op)S(ecret)-Instance of the multilevel
relation EMPLOYEE.
(2) Suppose an S(ecret)-Subject needs to insert (Sam,
Dept1, 10K) to the EMPLOYEE relation, show the resulting relation and the
polyinstantiated tulpe.
(3) Suppose an S-Subject needs to update Ann's salary
to "20K" to the original EMPLOYEE relation, show the resulting relation
EMPLOYEE' and the polyinstantiated element.
(4) Suppose an
T(op)S(ecret)-Subject needs to update Ann's department to "Dept1" again to the
EMPLOYEE' relation of (3), show the resulting relation and the polyinstantiated
tulpes.
(5) Suppose an TS-Subject needs to update Bob's department to "Dept2"
and salary to "20K" to the EMPLOYEE' relation of (3), show the resulting
relation and the polyinstantiated tulpes.
Acess class
Secrecy class
Integrity class
Object
Subject
Write
class
Read class
Trusted
Untrusted
Multi-level
relation
Polyinstantiation
Security kernel
...