Secure DBMS.
Abstract
This study effort evaluates the feasibility of employing a distributed computer system architecture to support the secure data base management activities of the Air Force. Various distributed system architecture and the means of implementing the required security enforcing mechanisms are described. The basic approach places a security filter between a group of independent single-level user data base management processors and a common shared, multi-level data base. This security filter is capable of enforcing a different DoD non-discretionary security policy (consisting of read and write access controls, security classification and compartment) for each DBMS processor through provable hardware means. In addition, the security filter can either provide or support enforcement of discretionary security (need-to-know) and integrity protection (data Quality) through software (or firmware) external to the DBMS processors. This approach isolates such security related software from user control. Consequently, there is less need for software certification; that is, trusted software may be adequate for discretionary and integrity security. The study concludes that the use of a distributed architecture does make it feasible to provide provable multi-level security for data base operations.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 01, 1982
- Accession Number
- ADA113690
Entities
People
- C. E. Giesler
- T. D. Wormington
Organizations
- Harris Corporation