Title :
Assigning probabilities for assurance in MLS database design
Author_Institution :
Argonne Nat. Lab., IL, USA
Abstract :
The author discusses the management of a possible breach of the security policy in multilevel secure systems using data managed by a database management system. Systems containing a multilevel secure database are subject to compromise when data collections from the database are used to obtain data values classified at higher security levels. There are two types of such problems, described as aggregation and inference problems. The cost of eliminating these problems by considering every case is exponential, so an approach of risk estimation based upon a probability measure should be considered. Probability has two orthogonal interpretations known as Pascalian and Baconian, suited respectively to aggregation and inference. Using the functional data model as the mathematical description of databases, formalisms for mapping measures of each to a database are provided. Mappings are presented that represent the probability semantics of each type of probability measure
Keywords :
distributed databases; probability; security of data; Baconian; MLS database design; Pascalian; aggregation; data collections; database management system; functional data model; inference problems; mathematical description; multilevel secure database; multilevel secure systems; orthogonal interpretations; probability measure; probability semantics; risk estimation; security levels; security policy; Computer security; Costs; Data models; Data security; Databases; Information security; Laboratories; Multilevel systems; National security; Operating systems;
Conference_Titel :
Computer Assurance, 1993. COMPASS '93, Practical Paths to Assurance. Proceedings of the Eighth Annual Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
0-7803-1251-1
DOI :
10.1109/CMPASS.1993.288853
