TCB Subset DBMS Architecture Project.
Abstract
This report documents the results of an effort to investigate a Multilevel Secure (MLS) Database Management System (DBMS) architecture derived by applying the concepts of Trusted Computing Base (TCB) subsetting as described in the Trusted Database Interpretation of the Trusted Computer System Evaluation Criteria (TCSEC) to a trusted subject MLS DBMS architecture. A TCB subset architecture is a trusted systems architecture in which the overall system security policy is hierarchically partitioned and allocated to different parts (subsets) of the system. Each of these parts implements a reference monitor enforcing the corresponding policy. Each part is similar to a conventional reference monitor, with the exception that it may use the resources of the more primitive subsets (lower in the hierarchy) to enforce its security policy (the most primitive subsets use only the hardware). A subset architecture provides significant benefits in the areas of assurance and evaluability. An alternative to a TCB subset DBMS architecture is a 'trusted subject architecture', wherein the DBMS contains some subjects that are not completely constrained by the underlying security kernel. In this report, the design and implementation of a new MLS DBMS architecture that is a hybrid of these two architectures is presented.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 1996
- Accession Number
- ADA306601
Entities
People
- James P. O'connor
- Mark S. Smith
- Mohammed S. Hasan