Secure multilevel object oriented database management system
First Claim
1. A multilevel object database management system method for a database having levels 0 to N where each successive level from 0 to N exists at a higher level of security, comprising the steps of:
- creating a plurality of views within at least one object, said views each existing at a different level of security; and
in response to a request by an entity to access the object,determining the security clearance level of the entity;
if a view exists at the determined security clearance level, providing the view existing at the determined security clearance level; and
if a view does not exist at the determined security clearance level and a view exists at a lower level of security, providing the nearest existing lower level view,whereby an element of data of a given security level can be accessed by an entity at a higher security level, thereby avoiding wasteful duplicative data storage.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure multilevel object oriented database management system which maintains data confidentiality and optimizes data integrity. All requests for database operations are mediated through an access validation monitor (AVM). The AVM is responsible for performing the following duties: applying mandatory and discretionary access control rules for each request it services to ensure the request is allowable; constructing views of multilevel objects ensuring that the clearance level of the subject making the request dominates the classification of the data being requested; managing data update requests so as to allow polyinstantiation only upon receiving explicit requests from the subject, the explicit request being accomplished through an update to the associated semantic vector (Semantic vectors are employed to maintain data integrity); detecting erroneous polyinstantiation attempts and flagging such errors to the requesting subject; and managing the creation of new multilevel objects, and enforces entity integrity constraints. The AVM constructs the requesting subject'"'"'s view of a multilevel object at a particular security level by computing a value for each property of the object. Each property value of the object if determined by inspecting the object'"'"'s semantic vector. The semantic vector indicates, for each property of a multilevel object and at every populated level of said object, whether the property'"'"'s value is dynamic (i.e., derived from an instantiation stored at the nearest populated dominated sensitivity level of the object where the semantic vector mark such property static).
-
Citations
21 Claims
-
1. A multilevel object database management system method for a database having levels 0 to N where each successive level from 0 to N exists at a higher level of security, comprising the steps of:
-
creating a plurality of views within at least one object, said views each existing at a different level of security; and in response to a request by an entity to access the object, determining the security clearance level of the entity; if a view exists at the determined security clearance level, providing the view existing at the determined security clearance level; and if a view does not exist at the determined security clearance level and a view exists at a lower level of security, providing the nearest existing lower level view, whereby an element of data of a given security level can be accessed by an entity at a higher security level, thereby avoiding wasteful duplicative data storage. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A multilevel object database management system method for updating multilevel objects existing at levels from 0 to N where each successive level from 0 to N exists at a higher level of security, comprising the steps of:
-
in response to a request to create an object having a view at a given level of security, determining whether said object is already in existence; and if said object is already in existence, matching said request to the object in existence in order to provide a single object having a plurality of views, said views each existing at a different level of security. - View Dependent Claims (7)
-
-
8. A method for implementing deletions in a multilevel object database having levels 0 to N where each successive level from 0 to N exists at a higher level of security, comprising:
in response to a request for deletion of an object originating at a given level of security, marking the level at which the request originates with a token which provides an appearance of deletion. - View Dependent Claims (9, 10, 11, 12, 13)
-
14. A method of representing aggregates in a multilevel object database having levels 0 to N where each successive level from 0 to N is associated with a higher level of security, comprising the steps of:
-
providing an initial entry of membership information at a level l; providing a modification to the level l information at a level l'"'"', where level l'"'"' is higher than level l. - View Dependent Claims (15, 16, 17)
-
-
18. A database management system for providing an interface between an untrusted client application with a sensitivity level associated therewith and a database, comprising:
-
multilevel objects which include instantiations at a plurality of sensitivity levels; an access validation monitor which associates matching instantiations of objects, whereby polyinstantiation is prevented. - View Dependent Claims (19, 20, 21)
-
Specification