Title :
View-based access control with high assurance
Author_Institution :
Comput. Sci. Lab., SRI Int., Menlo Park, CA, USA
Abstract :
View-based access control enables content-based and context-based security, as opposed to the container-based security provided in operating systems. However, view-based access control in multilevel secure (MLS) databases suffers from two problems: safety and assurance. We investigate view-based access control in MLS relational databases for a large class of views expressible as project-select-join queries. We develop a polynomial-time label compilation algorithm that transforms view-level labelling to tuple-level labelling in such a way that guarantees safety and high assurance. We identify two problems related to optimal label compilation, and show that they are both NP-complete even for totally ordered security lattices of size two
Keywords :
authorisation; computational complexity; database theory; query processing; relational databases; safety; NP-complete problems; assurance; content-based security; context-based security; multilevel secure databases; optimal label compilation; polynomial-time label compilation algorithm; project-select-join queries; relational databases; safety; totally ordered security lattices; tuple-level labelling; view-based access control; view-level labelling; Access control; Computer security; Containers; Data security; Laboratories; Operating systems; Payloads; Relational databases; Safety; Weapons;
Conference_Titel :
Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7417-2
DOI :
10.1109/SECPRI.1996.502672