In order to overcome certain limitations when applied to relational databases, a data model is introduced that is not fully based on the bell-LaPadula security paradigm. The starting point is a conceptual relational database schema and a set of views, representing user groups and applications. Based on the definition of views, the relations of the conceptual schema are decomposed in a set of disjoint fragments. Fragments and views are the granularity of data to which they provide automated security labeling. In order to keep fragmented databases consistent during database update, they give algorithms useful to keep the integrity. Databases based on this model contain data at a variety of classifications, serve a set of users cleared only to access certain data items and may be implemented by using a general purpose database management system extended by a trusted component supporting mandatory access control.
展开▼