Using formal security models in secure databases

Fìz.-mat. model. ìnf. tehnol. 2021, 32:70-74

  • Vladislav Vilihura V. N. Karazin Kharkiv National University
  • Yuriy Gorbenko JSC "Institute of Information Technology", st. Bakulina, 12, 61000, Kharkiv
  • Vitaliy Yesin V. N. Karazin Kharkiv National University
  • Serhiy Rassomakhin V. N. Karazin Kharkiv National University
DOI: https://doi.org/10.15407/fmmit2021.32.070
Keywords: control models, access control models, information system, database

Abstract

The paper contains key provisions (requirements) that should be followed when building secure databases using the capabilities of the main formal access control models, such as discretionary access control models, mandatory access control models, role-based access control models. At the same time, it is noted that any security model does not provide protection but only provides the principle of building a secure database, the implementation of which should ensure the security properties inherent in the model. The security of the database is equally determined by: the properties of the model itself (one or more), its (their) adequacy to the threats affecting the system, and how it (they) is correctly implemented(s). The decisive factor in making a decision is always an assessment of a specific situation, which will allow you to make the right choice, including the complex use of formal models.

References
  1. Harrison, M. A., Ruzzo, W. L., Ullman, J. D. (1976). Protection in Operating Systems. Communications of the ACM, 19(8), 461–471.
    DOI doi.org/10.1145/360303.360333
  2. Lipton, R. J., Snyder, L. (1977). A linear time algorithm for deciding subject security. Journal of the ACM (JACM), 24(3), 455-464.
    DOI doi.org/10.1145/322017.322025
  3. Weissman, C. 1969. Security controls in the ADEPT-50 time-sharing system. Proceedings of the November 18-20, 1969, fall joint computer conference.
    DOI doi.org/10.1145/1478559.1478574
  4. Garcia-Molina, H., Ullman, J. D., Widom, J. (2009). Database Systems. The Complete Book, 2th ed. – Pearson Prentice Hall.
  5. Bell, D. E., LaPadula, L. J. (1976). Secure Computer Systems: Unified Exposition and Multics Interpretation (MTR-2997 Rev. 1). – Bedford, Mass.: MITRE Corp.
    DOI doi.org/10.21236/ada023588
  6. McLean J. (1990). The specification and modeling of computer security. Computer, 23(1), 9-16.
  7. Miller, R. L. (2018). Patent 8.478,713 B2. United States: Row-level security in a relational database management system. Curt Cotner, Gilroy, CA (US); , San Jose, CA (US); International Business Machines Corporation, Armonk, NY (US). – N 15/343,568.
  8. Oracle Database 19c. Administrator's Guide. Understanding Data Labels and User Labels. URL: https://docs.oracle.com/en/database/oracle/oracle-database/19/olsag/understanding-data-labels-and-user-labels.html#GUID-2C0383D3-4AA5-4263-B938-827E2CCC40C0.
    DOI doi.org/10.1007/978-1-4842-4321-3_14
  9. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., Youman, C. E. (1996). Role-based access control models. IEEE Computer, 2, 38-47.
    DOI doi.org/10.1109/2.485845
Published
2021-07-07
How to Cite
Vilihura, V., Gorbenko, Y., Yesin, V., & Rassomakhin, S. (2021). Using formal security models in secure databases. PHYSICO-MATHEMATICAL MODELLING AND INFORMATIONAL TECHNOLOGIES, (32), 70-74. https://doi.org/10.15407/fmmit2021.32.070
Issue
No 32 (2021): Physico-mathematical modeling and informational technologies, 2021, Issue 32
Section
Articles

Copyright (c) 2021 Vladislav Vilihura, Yuriy Gorbenko, Vitaliy Yesin, Serhiy Rassomakhin (Автор)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.