Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
Securing the Multilevel Information System

Securing the Multilevel Information System

Ratings: (0)|Views: 26|Likes:
Published by ijcsis
Nowadays, multilevel secure database is common in distributed systems. These databases require a generalized software system for multiuser and simultaneous access in the distributed system, as the client systems may be dissimilar (heterogeneous hardware and software.) The information system will usually be a blend of both information retrieval system and information management (create and maintain) system. This paper gives an approach in developing a generalized multilevel secure information system using three-tier architecture. The approach shows how data level integrity can be achieved using access and security levels on users/subjects and data/objects respectively.
Nowadays, multilevel secure database is common in distributed systems. These databases require a generalized software system for multiuser and simultaneous access in the distributed system, as the client systems may be dissimilar (heterogeneous hardware and software.) The information system will usually be a blend of both information retrieval system and information management (create and maintain) system. This paper gives an approach in developing a generalized multilevel secure information system using three-tier architecture. The approach shows how data level integrity can be achieved using access and security levels on users/subjects and data/objects respectively.

More info:

Published by: ijcsis on Oct 12, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/20/2012

pdf

text

original

 
Securing the Multilevel Information System
MOHAN H.S.
Research ScholarDr. MGR University, Chennai, INDIA
A.RAJI REDDY
Professor & Head, Dept of ECE,Madanapalle Institute of Technology & Science,Madanapalle, Chittoor, INDIA. 
 Abstract 
 
Nowadays, multilevel secure database is common indistributed systems. These databases require a generalizedsoftware system for multiuser and simultaneous access in thedistributed system, as the client systems may be dissimilar(heterogeneous hardware and software.) The information systemwill usually be a blend of both information retrieval system andinformation management (create and maintain) system. Thispaper gives an approach in developing a generalized multilevelsecure information system using three-tier architecture. Theapproach shows how data level integrity can be achieved usingaccess and security levels on users/subjects and data/objectsrespectively.
 Keywords- multilevel secure database; information system; generalized software system
I.
 
I
NTRODUCTION
The continuing growth of essential data is leading to thepopularity of databases and database management system. Adatabase is a collection of related data. Database managementsystem (DBMS) is a collection of programs that enable users tocreate and maintain a database. A good database managementsystem generally has the ability to protect data and systemresources from security breaches like intrusions, unauthorizedmodification, unauthorized copying and observation, etc [2].Damage to the important data will not only affect a single useror application, but the entire information system and thecorporation will be affected. Secrecy and integrity of data areof major concern in information system while handling thedata. Secrecy means preventing unauthorized users fromcopying and observation while retrieving data. Integrity meanspreventing unauthorized users from creating, modifying anddeleting the data.In a multilevel secure database, the data is assigned withsecurity levels for attaining secrecy and integrity [2]. Everyonecannot access all the data in such a database. This databaseexists in a distributed system and is simultaneously accessed bymultiple users. This requires a generalization of softwaresystem that enables multiple users to simultaneously access themultilevel secure database.The new approach uses the three-tier architecture [4] todevelop a software system that allows users of different levelsto retrieve, create and maintain data simultaneously. Theauthentication of users is handled both at client end as well asthe server end, which ensures high security. The approach usesmultilevel secure data model at the database and multilevelusers to access the data. The classification of data/objects andusers/subjects has been done in two ways –top secure modeland secure model. The users have been categorized into Viewonly (V) users and Privileged (P) users. The view only user’saccess levels have been categorized into Top Secret (TS,)Secret (S,) Confidential (C) and Unclassified (U.) Theprivileged user’s access levels have been categorized into twohierarchical levels –the first being Top Secret (TS,) Secret (S,)Confidential (C) and Unclassified (U) and the second levelbeing create-modify (CM) and create-modify-delete (CMD).The top secure model uses the both the hierarchical levels of classification for privileged user. The secure model uses onlyfirst level of hierarchical classification for privileged user. Theaccess levels for view only user is same for both –top securemodel and secure model. The configurable data elements areclassified into Top Secret (TS,) Secret (S,) Confidential (C) andUnclassified (U.) The classification of data/object is given indetail in section 3. With the levels defined for both, users anddata, the approach proceeds in achieving such a softwaresystem. This approach helps in the development of a multilevelsecure information system.The remaining part of the paper is organized as follows.Section 2 gives a brief description of related work carried outin this direction. Section 3 describes the new approach. Section4 gives the implementation of this approach in a simpledistributed system using Java. Section 5 discusses theadvantages of the said approach. Section 6 discusses thelimitations of said approach and section 7 concludes.II.
 
RELATED
 
WORKDifferent authors have given different types of multilevelrelational data model until now. Some of the related scenariosare as discussed next. Sea View is a multilevel relational datamodel, developed in the context of the Sea View project [3, 6].The Sea View project is a joint project by SRI International andGemini Computers, Inc. The project also defined MSQL, anextension of SQL to handle multilevel data. The Sea Viewsecurity model consists of two components –the MAC(Mandatory Access Control) model and TLB (TrustedComputing Base) model [6]. The MAC model defines themandatory security policy. Each subject is assigned a readclassand a writeclass. A subject can read an object if the subject’sreadclass dominates the access class of the object. A subjectcan write into an object if the object’s class dominates thewriteclass of the subject. The TCB model defines discretionarysecurity and supporting policies for multilevel relations, views,
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 9, September 201129http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
and integrity constraints, among others. The data model onwhich Sea View is based is a multilevel relational data model.Multilevel relations are implemented as views over single levelrelations, that is, over relations having a single access classassociated with them.Jajodia and Sandhu proposed a reference model formultilevel relational DBMSs and addressed on a formal basisentity integrity and update operations in the context of multilevel databases [7]. In the model by Jajodia and Sandhu amultilevel relation schema is denoted asR(A1,C1,………,An,Cn,TC), where Ai is an attribute over adomain Di, and Ci is a classification attribute for Ai, i = 1,…,n.The domain of Ci is the set of access classes that can beassociated with attribute Ai. TC is the classification attribute of the tuples. Furthermore, for each access class c, a relationinstance Rc is defined. Elements of Rc are of the formR(a1,c1,….an,cn,tc), where ai is a value in the domain Di, ci isa classification attribute for ai, i =1,…..,n, and tc is theclassification attribute of the tuples; tc is determined bycomputing the least upper bound of each ci in the tuple. Therelation instance Rc represents a view of the multilevel relationfor subjects having access class c. The instance at level c isobtained from the multilevel relation by masking all attributevalues whose classification s higher than or incomparable withc. This is obtained by substituting them with null values. Thus,subjects with different access classes have different views of the same multilevel relation data model is restated as follows: amultilevel relation R satisfies the entity integrity property if, forall instances Rc of R, and for each tuple t of Rc, the followingconditions are satisfied:a) The attributes of the primary key must be not null in t;b) The attributes of the primary key must have the sameaccess class in t;c) The access class associated with a nonkey attribute mustdominate the access classes associated with the attributes in theprimary key.The model by Jajodia and Sandhu supports both attributeand tuple polyinstantiation. Similar to the Sea View model [3,6], the key of a multilevel relation is defined as a combinationof attributes, their classifications, and the classification of allthe other attributes in the relation.The Multilevel Relational (MLR) data model proposed byChen and Sandhu in [8] is an extension of the model proposedby Jajodia and Sandhu [7]. The data model is basically the onepresented in previous paragraph, the main difference being thatin the MLR data model the constraint that there can be at mostone tuple in each access for a given entity is imposed. TheMLR model tries to overcome some of the ambiguitiescontained in the Jajodia and Sandhu model. In the MLR modela new semantics for data classified at different levels isproposed, based on the following principles:a) The data accepted by a subject at a given security levelconsist of two parts: (i) the data classified at his/her level and(ii) the data borrowed from lower levels;b) The data a subject can view are those accepted bysubjects at his/her level and by subjects at lower levels;c) A tuple with classification attribute c contains all the dataaccepted by subjects of level c.III.
 
MULTI-LEVEL
 
SECURITYA generalization of software system (for informationsystem) that enables multiple users to simultaneously access,create and maintain (insert, update, delete) can be achieved byusing a three-tier architecture. A software system in adistributed system using three-tier architecture must have threecomponents –clients, server and database. The database systemused may be an open source or commercial systems. In three-tier architecture the client systems can be dissimilar but thegeneralization of software systems achieves single applicationspecific server for all these clients.Fig. 1 shows the three-tier architecture. The database willbe a shared resource among all clients using the softwaresystem. The client software can be written using anyprogramming language but the clients must have theknowledge of communicating with the server. The applicationspecific business rules (procedures, constraints) are stored atserver. The server ensures the identity of the client andaccesses the data from the database on behalf of client [5]. Inthis way even in a distributed system the business rules can becommon for all clients requesting the data from server. Thegeneralization can be achieved by the development of themiddle-tier i.e., server. Any upgradation in a business rule or adatabase change requires upgradation only in server and do notaffect the client softwares in that system.Fig. 2 describes how the security levels can be expressed asa linear order with four security levels: Top Secret (TS,) Secret(S,) Confidential (C) and Unclassified (U.) Partial ordering hasbeen omitted intentionally to make the model less complicated.
Figure 1. Three-tier ArchitectureFigure 2. Security levels in linear order
ClientApplication ServerRequestReplyDatabaseRetrievedataClientRequestReplyTop SecretSecretConfidentialUnclassified
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 9, September 201130http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
IV.
 
APPROACH FOR MULTI LEVEL SECURE INFORMATIONSYSTEM
 
Figure 3. Various users accessing data at various security levels
Fig. 1, three-tier architecture, when observed indicates thatto make such an information system multilevel secured, theclients and data in database, both must be classified at variouslevels. These levels together define the levels for security in aninformation system.First let us classify the clients. The users have to becategorized into View only (V) users and Privileged (P) users.The view only user can just retrieve the data but he cannotmodify the data. The privileged user can both retrieve andmaintain the data. The view only user’s access levels have beencategorized into Top Secret (TS,) Secret (S,) Confidential (C)and Unclassified (U.) The privileged user’s access levels havebeen categorized into two hierarchical levels –the first beingTop Secret (TS,) Secret (S,) Confidential (C) and Unclassified(U) and the second level being create-modify (CM) and create-modify-delete (CMD). Finally the classification or accesslevels of users can be in two forms: {(V,TS,) (V,S,) (V,C,)(V,U,) (P,TS,CM,) (P,S,CM,) (P,C,CM,) (P,U,CM,)(P,TS,CMD,) (P,S,CMD,) (P,C,CMD,) (P,U,CMD)} and{(V,TS,) (V,S,) (V,C,) (V,U,) (P,TS,) (P,S,) (P,C,) (P,U)}.Secondly, the data in database must be classified. Theconfigurable data elements are classified into Top Secret (TS,)Secret (S,) Confidential (C) and Unclassified (U.) Themultilevel relation schema ‘R’ can be denoted in two forms asR(A1,C1,A2,C2, A3,C3,………,An,Cn,TC) andR(A1,A2,A3,………,An,TC), where Ai is an attribute over adomain Di, and Ci is a classification attribute for Ai, i = 1,…,n.The domain of Ci is the set of access classes {Top secret (TS,)Secret (S,) Confidential (C,) Unclassified (U)} or {Ci} that canbe associated with attribute Ai and defines security level of theattribute. TC (tuple classification) is the classification attributeof the tuples and takes value {TS,S,C,U} to define the securitylevel of the tuple.The combination of the above two classifications (users anddata) give rise to four various ways in which an informationsystem can be made multilevel secured. The two models, usedto achieve secrecy and integrity of data in information systemare –top secure model and secure model. They are as discussedbelow.
 A.
 
Top Secure modelCase 1: High multilevel security (some attributes must beaccessible by certain level users) is needed for data and highmultilevel access for users.The two components to be implemented are multilevelrelational data model and access control. Multilevel relationaldata model used for top secure model is as follows: themultilevel relation schema is denoted asR(A1,C1,………,An,Cn,TC), where Ai is an attribute over adomain Di, and Ci is a classification attribute for Ai, i = 1,…,n.The domain of Ci is the set of access classes {Top secret (TS,)Secret (S,) Confidential(C,) Unclassified (U)} or {Ci} that canbe associated with attribute Ai. TC is the classification attributeof the tuples and takes value {TS,S,C,U.}The users are classified as {(V,TS,) (V,S,) (V,C,) (V,U,)(P,TS,CM,) (P,S,CM,) (P,C,CM,) (P,U,CM) (P,TS,CMD,)(P,S,CMD,) (P,C,CMD,) (P,U,CMD)} described above. If user/password authentication scheme [5] is used to achieve thisuser classification then the schema for the multilevel relationuser can be R(userid, username, password, viewLevel,accessLevel, updateLevel) where viewLevel takes the value{V,P,} accessLevel takes the value {TS,S,C,U,} andupdateLevel takes the value {C,CMD.} Fig. 4 and Fig. 5 showthe top-secret and secret instances for an example of top securemodel.
Employee C1 Job C2 Salary C3 TC
Laxmi S Architect S 20K TS TSVidya TS Agent TS 17.5K TS TSParvathi U AT U 8K C CPriya U PT U Null U ULolitha C Sr. Engi. S 19K S S
Figure 4. Top-Secret Instance for Top Secure model
Employee C1 Job C2 Salary C3 TC
Laxmi S Architect S Null TS TSParvathi U AT U 8K C CPriya U PT U Null U ULolitha C Sr. Engi. S 19K S S
Figure 5. Secret Instance for Top Secure model
 
DataTop SecretSecretConfidentialUnclassifiedUsers
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 9, September 201131http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->