Unlike previous approaches to developing a trusted database system, the replicated architecture approach provides access control at a high level of assurance through replication of data and operations. We present a model of the SINTRA replicated architecture trusted database system which shows how the logical (users') view of the system and its security policy is translated into the physical structure and operations of the SINTRA system. We formalize the intended security policy for replicated architecture and demonstrate that a high level of assurance can be obtained solely from replication with virtually no change to the structure of the underlying database systems or the security kernel.
展开▼