Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.

Published byCarly Roback Modified over 9 years ago

Similar presentations

Presentation on theme: "Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application."— Presentation transcript:

1 Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application of mandatory policies in relational database systems. Based on the sec classifications introduced in BLP. It extends the standard relational model to consider the sec classification. Multilevel relations: Schema and multiple instances based on each access class. A multi- level relation consists of two parts:

2 (1) A state-independent multilevel relation scheme R (A 1, C 1,…, C n, TC), where each A i is a data attribute defined over domain D i, each C i is a classification attribute for A i, and TC is the tuple class attribute. The domain of C i is specified by a range [L i, H i ] which is specified as a sub-lattice of access classes. The domain of TC is [lub (L i ), lub (H i )]. Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

3 The Jajodia & Sandhu model (cont.) (2) A collection of state-dependant relation instances R c (A 1, C 1,…, A n, C n, TC), one for each access class c in the given lattice; each instance is a set of distinct tuples of the form (a 1, c 1, …, a n, c n, tc) where each element a i is either a value of domain D i or null, each c i is a value of the specified range and smaller than tc, that is, c i  [ L i, H i ] c i  tc, and tc is the least upper bound of the classes of the attribute in the tuple: that is, tc = lub { c i : i=1, …,n} Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

4 The Jajodia & Sandhu model (cont.) Example of a multilevel relation Employee TS Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

5 The Jajodia & Sandhu model (cont.) Instances at the S-level and TS-level of the Employee relation Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

6 The Jajodia & Sandhu model (cont.) Properties of the model: Read and writes are controlled to the satisfaction of the No-Read-Up and No-Write-Down principles. Other restrictions are put to regulate polyinstantiation. (1) Entity integrity: Let AK be the apparent key of a relation R. A multilevel relation R satisfies entity integrity if, and only if, for all instances R c of R and t  R c (1) A i  AK  t[A i ]  null (2) A i, A j  AK  t[C i ]=t[C j ], ie. AK is uniformly classified, and (3) A i  AK t[C i ]  t[C AK ] (where C AK is defined as the classification of the apparent key) Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

7 Null values! Null values have two meanings: –Corresponding to real null values or –To attributes at a classification higher than the classification of the instance. Two similar value tuples with different attribute sec class (so hidden, turned to null)! Subsumtion relationship: t subsumes s, if for every attribute Ai: –t [Ai, Ci] = s [Ai, Ci] or –t[Ai] != Null and s [Ai] == Null. Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

8 The Jajodia & Sandhu model (cont.) Properties of the model (cont.): (2) Null integrity: A mutilevel relation R satisfies null integrity if and only if for each instance R c of R both the following conditions are satisfied: (1) For all t  R c, t[A i ] = null  t[C i ] = t[C AK ]: that is, null values are classified at the level of the key. (2) R c is subsumption free in the sense that it does not contain two distinct tuples such that one subsumes the other A tuple t subsumes s if for every attribute Ai -t[Ai, Ci] = s[Ai, Ci] or -t[Ai] != null and s[Ai] = null. Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

9 3) Inter-instance integrity Controlling the consistency among the different instances of a relation A multilevel relation R satisfies inter-instance integrity if and only if for all c´  c, Rc´ =  (R c, c´ ), where the filter function  produces the c’- instance R c´ from R c as follows: (1) For every tuple t  R c such that t[C AK ]  c´, there is a tuple t´  Rc´, with t´[AK,C AK ]=t[AK,C AK ] and for Ai  AK t´ [ A i, C i ] = t [ A i, C i ] if t [Ci]  c´, && = otherwise Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

10 Inter-instance integrity (cont.): (2) There are no tuples in R c´ other than those derived by the above rule. (3) The end result is made subsumption free by exhaustive elimination of subsumed tuples. Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

11 (4) Polyinstantiation integrity property: A multilevel relation R satisfies Polyinstantiation integrity iff, for every R c, for all A i : (AK, C AK, C i )  A i. That is, the apparent key, together with the classification of the key and the classification of the attribute functionally determines the value of this attribute. Informally: null integrity and interinstance integrity ensure that, if a tuple value at some security level can be filtered or derived from a higher-classified tuple, then it is sufficient to store the higher classified tuple in the multi-level relation. Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

12 Access to Multilevel relations: –Deal with the write operations (Insert, Update, Delete) Read is processed through the Read-Down principle. Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

13 The Jajodia & Sandhu model (cont.) Insert operation: The insert operation, from a c-user, has the following from: INSERT INTO R c [A i [, A j ]…)] VALUES (a i [, a j ]…) The insert operation is granted, if and only if, the following conditions are satisfied: (1) t [AK] does not contain any nulls (2) For all u  R c : u [AK]  t[AK] If the conditions are satisfied, the tuple is inserted into R c and all the instances R c’>c Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

14 Rasool Jalili; 2 nd semester 1384-1385; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model (cont.) Results of the operation INSERT VALUES “ John, Dept2,20K” on S and TS instances of Employee from S subject S S TS Instance

15 The Jajodia & Sandhu model (cont.) Update operation: An update operation from a c user has the following form: UPDATE R c SET Ai = S i [, A j = S j ]… [WHERE P] Where each s i is a scalar expression, and p is a predicate expression which identifies those tuples in R c that are to be modified If the conditions are satisfied, the update is propagated into R c’>c according to the minimum propagation delay policy: only those tuples which are needed to preserve the inter-instance property are inserted in R c’>c Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

16 The Jajodia & Sandhu model (cont.) Results of the operation UPDATE salary = “30K” WHERE Name = “Ann” on S and TS instances of Employee from TS subject Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

17 The Jajodia & Sandhu model (cont.) Result of the operation UPDATE Department= “Dept1” WHERE Name = “Ann”” and S and TS instances of Employee from TS subject Sam Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

18 Delete Propagation of Delete to Rc’>c due to DELETE FROM R C [WHERE P] –If t[C AK ] = c, delete any polyinstantiated tuple in Rc’>c –If t[C AK ] =t[AK]. Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech.

Download ppt "Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application."

Similar presentations

IS698: Database Management Min Song IS NJIT. The Relational Data Model.

IS698: Database Management Min Song IS NJIT. The Relational Data Model.
Relational Database. Relational database: a set of relations Relation: made up of 2 parts: − Schema : specifies the name of relations, plus name and type.

Relational Database. Relational database: a set of relations Relation: made up of 2 parts: − Schema : specifies the name of relations, plus name and type.
Chapter 3 : Relational Model

Chapter 3 : Relational Model
SQL Lecture 10 Inst: Haya Sammaneh. Example Instance of Students Relation  Cardinality = 3, degree = 5, all rows distinct.

SQL Lecture 10 Inst: Haya Sammaneh. Example Instance of Students Relation  Cardinality = 3, degree = 5, all rows distinct.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Monash University 20041 Week 7 Data Modelling Relational Database Theory IMS1907 Database Systems.

Monash University Week 7 Data Modelling Relational Database Theory IMS1907 Database Systems.
Chapter 3 The Relational Model Transparencies © Pearson Education Limited 1995, 2005.

Chapter 3 The Relational Model Transparencies © Pearson Education Limited 1995, 2005.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 3 The Basic (Flat) Relational Model.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 3 The Basic (Flat) Relational Model.
Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja.

Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Chapter 3. 2 Chapter 3 - Objectives Terminology of relational model. Terminology of relational model. How tables are used to represent data. How tables.

Chapter 3. 2 Chapter 3 - Objectives Terminology of relational model. Terminology of relational model. How tables are used to represent data. How tables.
Introduction Declarative Data Procedural Data -when both declarative & procedural data are stored, the database is sometimes called a knowledge base.

Introduction Declarative Data Procedural Data -when both declarative & procedural data are stored, the database is sometimes called a knowledge base.
Database Systems Relational Model Concepts Toqir Ahmad Rana Database Management Systems 1 Lecture 17.

Database Systems Relational Model Concepts Toqir Ahmad Rana Database Management Systems 1 Lecture 17.
CONSTRAINTS AND UPDATES CHAPTER 3 (6/E) CHAPTER 5 (5/E) 1.

CONSTRAINTS AND UPDATES CHAPTER 3 (6/E) CHAPTER 5 (5/E) 1.
Survey Presentation in Multilevel Secure Database 60-564: Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented By: Vic Ho & Kashif.

Survey Presentation in Multilevel Secure Database : Security and Privacy on the Internet Instructor: Dr. A. K. Aggarwal Presented By: Vic Ho & Kashif.
©Silberschatz, Korth and Sudarshan6.1Database System Concepts Chapter 6: Integrity and Security Domain Constraints Referential Integrity Assertions Triggers.

©Silberschatz, Korth and Sudarshan6.1Database System Concepts Chapter 6: Integrity and Security Domain Constraints Referential Integrity Assertions Triggers.
Relational Model & Relational Algebra. 2 Relational Model u Terminology of relational model. u How tables are used to represent data. u Connection between.

Relational Model & Relational Algebra. 2 Relational Model u Terminology of relational model. u How tables are used to represent data. u Connection between.
Lecture 2 The Relational Model. Objectives Terminology of relational model. How tables are used to represent data. Connection between mathematical relations.

Lecture 2 The Relational Model. Objectives Terminology of relational model. How tables are used to represent data. Connection between mathematical relations.

Similar presentations

Ads by Google