Reference from ESORICS proceedings

Third European Symposium on Research in Computer Security (ESORICS 94)

Supporting Object-based High-assurance Write-up in Multilevel Databases for the Replicated Architecture

Roshan K. Thomas, Ravi S. Sandhu

Keywords : Replicated architecture, object-oriented databases, write-up, serial correctness, message-filtering, signaling channels

Abstract : We discuss the support of high-assurance write-up actions in multilevel secure object-oriented databases under the replicated architecture. In this architecture, there exists a separate untrusted single-level database for each security level. Data is replicated across these databases (or containers), as each databases stores a copy of all the data whose class is dominated by that of the database. Our work utilizes an underlying message filter based upon object-oriented security model. Supporting message-based write-up actions with synchronous semantics directly impacts confidentiality, integrity, and performance issues. Also, an important concern in the replicated architecture is the maintenance of the mutual consistency of the replicated data. In this paper we offer solutions to support write-up actions while preserving the conflicting goals of confidentiality, integrity and efficiency and at the same time demonstrate how the effects of updates arising from write-up actions are replicated correctly to guarantee such mutual consistency. Finally, we wish to emphasize that our elaboration of the message filter model demands minimum functionality form the TCB that is hosted within the trusted front end (TFE), and further requires no trusted subjects (i.e. subjects who are exempted, perhaps partially, from the usual mandatory controls). Collectively, these make verification of our solutions easier, since we have the assurance that covert channels cannot be introduced through the TFE.

(Pages 403-428)

Proceedings table of contents