Apparatus and method for the detection of security violations in multilevel secure databases
First Claim
Patent Images
1. Apparatus for detecting security violations by inference in a multilevel database application, comprising:
- a module whose design utilizesa) conceptual structures for representing the multilevel database application in which the conceptual structures comprise a collection of nodes to represent the entities of the application and links to represent the relationships between the entities, andb) first methods for reasoning with the conceptual structures, whereby security violations in the application are detected by inference and a modified representation of the multilevel database application is produced;
a multilevel secure database management system that manages a multilevel database which stores the modified representation; and
an expert system for reasoning with the modified representation and with information released by the multilevel secure database management system to the expert system, whereby additional security violations in the application are detected by inference;
wherein the conceptual structures of the module comprise multilevel semantic nets and multilevel conceptual graphs, said multilevel semantic nets and multilevel conceptual graphs being derived from semantic nets and conceptual graphs by second methods, andthe first methods comprise techniques for reasoning with multilevel semantic nets and multilevel conceptual graphs; and
wherein the multilevel semantic nets comprise nodes and links at a plurality of security levels, the multilevel conceptual graphs comprise concepts and relationships at a plurality of security levels, and the first methods further comprise techniques for reasoning with the nodes and links and with the concepts and relationships.
2 Assignments
0 Petitions
Accused Products
Abstract
A tool for assisting an operator to detect security violations in a multilevel secure database. The database stores data classified at a plurality of security levels, where the different users of the database are cleared to different security levels and access the database through a multilevel secure database management system. Security constraints are represented in conceptual structures, rules, or frames, and operator communication with the constraint representation is provided by a user interface. An inference engine uses reasoning strategies on the security-constraint representations base to detect security violations in the database by inference.
131 Citations
2 Claims
-
1. Apparatus for detecting security violations by inference in a multilevel database application, comprising:
-
a module whose design utilizes a) conceptual structures for representing the multilevel database application in which the conceptual structures comprise a collection of nodes to represent the entities of the application and links to represent the relationships between the entities, and b) first methods for reasoning with the conceptual structures, whereby security violations in the application are detected by inference and a modified representation of the multilevel database application is produced; a multilevel secure database management system that manages a multilevel database which stores the modified representation; and an expert system for reasoning with the modified representation and with information released by the multilevel secure database management system to the expert system, whereby additional security violations in the application are detected by inference; wherein the conceptual structures of the module comprise multilevel semantic nets and multilevel conceptual graphs, said multilevel semantic nets and multilevel conceptual graphs being derived from semantic nets and conceptual graphs by second methods, and the first methods comprise techniques for reasoning with multilevel semantic nets and multilevel conceptual graphs; and wherein the multilevel semantic nets comprise nodes and links at a plurality of security levels, the multilevel conceptual graphs comprise concepts and relationships at a plurality of security levels, and the first methods further comprise techniques for reasoning with the nodes and links and with the concepts and relationships. - View Dependent Claims (2)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeGreen Wireless LLC (Intellectual Ventures LLC)
-
Original AssigneeMitre Corporation
-
InventorsThuraisingham, Bhavani Marienne, Ford, William Rose Barlett
-
Primary Examiner(s)Black, Thomas G.
-
Assistant Examiner(s)AMSBURY, WAYNE P
-
Application NumberUS07/843,012Time in Patent Office2,104 DaysField of Search395/600, 395/61, 395/55, 380/25US Class Current1/1CPC Class CodesG06F 21/55 Detecting local intrusion o...G06F 21/6218 to a system of files or obj...G06F 21/6227 where protection concerns t...G06F 2221/2113 Multi-level security, e.g. ...Y10S 706/934 Information retrieval or In...Y10S 707/99939 Privileged accessY10S 707/99945 Object-oriented database st...
