Secure multilevel object oriented database management system

US 5,826,268 A
Filed: 12/23/1996
Issued: 10/20/1998
Est. Priority Date: 04/12/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A multilevel object database management system method for a database having levels 0 to N where each successive level from 0 to N exists at a higher level of security, comprising the steps of:

creating a plurality of views within at least one object, said views each existing at a different level of security; and

in response to a request by an entity to access the object,determining the security clearance level of the entity;

if a view exists at the determined security clearance level, providing the view existing at the determined security clearance level; and

if a view does not exist at the determined security clearance level and a view exists at a lower level of security, providing the nearest existing lower level view,whereby an element of data of a given security level can be accessed by an entity at a higher security level, thereby avoiding wasteful duplicative data storage.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure multilevel object oriented database management system which maintains data confidentiality and optimizes data integrity. All requests for database operations are mediated through an access validation monitor (AVM). The AVM is responsible for performing the following duties: applying mandatory and discretionary access control rules for each request it services to ensure the request is allowable; constructing views of multilevel objects ensuring that the clearance level of the subject making the request dominates the classification of the data being requested; managing data update requests so as to allow polyinstantiation only upon receiving explicit requests from the subject, the explicit request being accomplished through an update to the associated semantic vector (Semantic vectors are employed to maintain data integrity); detecting erroneous polyinstantiation attempts and flagging such errors to the requesting subject; and managing the creation of new multilevel objects, and enforces entity integrity constraints. The AVM constructs the requesting subject'"'"'s view of a multilevel object at a particular security level by computing a value for each property of the object. Each property value of the object if determined by inspecting the object'"'"'s semantic vector. The semantic vector indicates, for each property of a multilevel object and at every populated level of said object, whether the property'"'"'s value is dynamic (i.e., derived from an instantiation stored at the nearest populated dominated sensitivity level of the object where the semantic vector mark such property static).

Citations

21 Claims

1. A multilevel object database management system method for a database having levels 0 to N where each successive level from 0 to N exists at a higher level of security, comprising the steps of:
- creating a plurality of views within at least one object, said views each existing at a different level of security; and
  
  in response to a request by an entity to access the object,determining the security clearance level of the entity;
  
  if a view exists at the determined security clearance level, providing the view existing at the determined security clearance level; and
  
  if a view does not exist at the determined security clearance level and a view exists at a lower level of security, providing the nearest existing lower level view,whereby an element of data of a given security level can be accessed by an entity at a higher security level, thereby avoiding wasteful duplicative data storage.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The multilevel object management system method of claim 1 including the further step of providing a semantic vector for each existing view, said semantic vector indicating whether the respective view is scooped or static, a scooped view being provided by reading down from a lower level representation, and a static view being defined statically at the security clearance level at which the view exist and being decoupled from lower security clearance levels.
  - 3. The method of claim 1 including the further step of, in response to a request to enter data associated with an object, joining the entered data with any pre-existing, matching object by differentiating the object into a plurality of l-views.
  - 4. The method of claim 1 including the further step of, in response to a request to delete an object,determining whether a plurality of l-views exist for the object;
    - provided only one l-view exists, deleting the object; and
      
      provided a plurality of l-views exist, determining which l-view is associated with the request and marking that l-view with a token which provides an appearance of object deletion at the l-view.
  - 5. The method of claim 4 including the further step of presenting views which are scooped from the token as being deleted.

6. A multilevel object database management system method for updating multilevel objects existing at levels from 0 to N where each successive level from 0 to N exists at a higher level of security, comprising the steps of:
- in response to a request to create an object having a view at a given level of security, determining whether said object is already in existence; and
  
  if said object is already in existence, matching said request to the object in existence in order to provide a single object having a plurality of views, said views each existing at a different level of security.
- View Dependent Claims (7)
- - 7. The method of claim 6 including the further step of determining a sensitivity level associated with the request to create the object, and vectoring actions associated with object creation to an l-view at the determined sensitivity level.

8. A method for implementing deletions in a multilevel object database having levels 0 to N where each successive level from 0 to N exists at a higher level of security, comprising:
- in response to a request for deletion of an object originating at a given level of security, marking the level at which the request originates with a token which provides an appearance of deletion.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8 including the further step of, if no instantiations of the object exist at levels other than the level at which the request originates, deleting the object completely.
  - 10. The method of claim 9 including the further step of, if instantiations of the object exist at lower levels of security, allowing such lower level instantiations to remain visible at their respective levels.
  - 11. The method of claim 10 including the further step of, if there are instantiations of the object at higher levels of security, allowing such higher level instantiations to remain visible at their respective levels.
  - 12. The method of claim 11 including the further step of writing upwards any values scooped by such higher level instantiations from the marked level instantiation to maintain coherence of such views.
  - 13. The method of claim 12 including the further step of reviving the object by replacing the token with an l-instantiation which, when coupled with lower level instantiations and a semantic vector provides sufficient information for constructing a corresponding l-view.

14. A method of representing aggregates in a multilevel object database having levels 0 to N where each successive level from 0 to N is associated with a higher level of security, comprising the steps of:
- providing an initial entry of membership information at a level l;
  
  providing a modification to the level l information at a level l'"'"', where level l'"'"' is higher than level l.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 including the further step of, where a first object is a member of a first aggregate, providing membership information only at a sensitivity level which is higher than that of both the object and the aggregate.
  - 16. The method of claim 15 including the further step of treating aggregates as atomic objects when an array or list is employed such that, if a semantic vector at a level l indicates that the aggregate is static, an l-view for the associated l-instantiation does not require information from lower levels of visibility to provide membership information.
  - 17. The method of claim 16 including the further step of representing the l-instantiation for a set as a 3-tuple including an initial state of the set, a set of objects which must be in the set at the respective level, and a set of objects which must be excluded from the set at the respective level.

18. A database management system for providing an interface between an untrusted client application with a sensitivity level associated therewith and a database, comprising:
- multilevel objects which include instantiations at a plurality of sensitivity levels;
  
  an access validation monitor which associates matching instantiations of objects, whereby polyinstantiation is prevented.
- View Dependent Claims (19, 20, 21)
- - 19. The database management system of claim 18 including semantic vectors which direct a traversing client application to an instantiation at a sensitivity level corresponding to the sensitivity level of the client application.
  - 20. The database management system of claim 19 wherein, when no instantiation exists at the sensitivity level corresponding to the sensitivity level of the client application, said semantic vectors scoop an instantiation from a nearest occurring lower sensitivity level instantiation.
  - 21. The database management system of claim 20 including, when a request is made to delete an object at a first level, a tombstone token which replaces the l-instantiation occurring at the first level in order to provide an appearance of object deletion at the first level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ontos
Original Assignee
Ontos
Inventors
Martel, Paul A., Schaefer, Marvin, Kanawati, Antoun J., Wade, Sandra A.
Primary Examiner(s)
Black, Thomas G.
Assistant Examiner(s)
JUNG, DAVID YIUK

Application Number

US08/772,315
Time in Patent Office

666 Days
Field of Search

707/1-10, 707/100-104, 707/200-206, 370/338, 370/349, 370/346, 370/440, 370/455, 370/463
US Class Current

1/1
CPC Class Codes

G06F 16/289   Object oriented databases

Y10S 707/99936   Pattern matching access

Y10S 707/99938   Concurrency, e.g. lock mana...

Y10S 707/99939   Privileged access

Y10S 707/99952   Coherency, e.g. same view t...

Secure multilevel object oriented database management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure multilevel object oriented database management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links