×

System for multilevel secure database management using a knowledge base with release-based and other security constraints for query, response and update modification

  • US 5,355,474 A
  • Filed: 09/27/1991
  • Issued: 10/11/1994
  • Est. Priority Date: 09/27/1991
  • Status: Expired due to Term
First Claim
Patent Images

1. Apparatus for an integrated architecture for an extended multilevel secure database management system which processes security constraints to control unauthorized inference through logical deduction upon queries by users and implemented when the database is queried through the database management system, when the database is updated through the database management system, and when the database is designed, the integrated architecture comprising:

  • a knowledge base for storing the security constraints, application data and information on responses released from the multilevel secure database management system;

    a multilevel database which contains data classified at different security levels;

    a multilevel metadatabase to store schemes describing data in the multilevel database, the schemas classified at said different security levels;

    the multilevel secure database management system utilized to access the multilevel database for queries and updates and to access the multilevel metadatabase for querying and updating the schemas by users cleared to said different security levels;

    a query processor augmenting the multilevel secure database management system and accessing the knowledge base to examine the security constraints, application data and responses already released and to modify queries to prevent unauthorized inferences and to output a modified query for evaluation by the multilevel secure database management system, the multilevel secure database management system providing an output to the query processor which examines the security constraints, the application data, and responses already released, and modifies the responses to prevent unauthorized inferences,an update processor augmenting the multilevel secure database management system for examining some of said security constraints and to assign security levels to the data;

    the update processor complementing functions of the query processor such that if some of the constraints are processed during updates and the data is assigned appropriate security levels, said constraints need not be processed by the query processor, for performance enhancement the said update processor also being used as an off-line tool to determine the security levels of the data;

    a multilevel database design tool which examines some of the security constraints and assigns security levels to the schemas, the schemas then being input to the multilevel secure database management system for storage in the multilevel metadatabase at the appropriate security levels, the design tool thereby complementing the functions of the query processor so that said some of the constraints need not be processed by the query processor for performance enhancement; and

    a user interface which accepts query requests from the user and passes the query to the query processor and accepts update requests from the user and passes it to the update processor if operating on-line or the user interface accepts the request from the user and passes it to the multilevel database management system if it is off-line, the user interface accepting the schema query request from the user and passes the query request to the multilevel secure database management system, the user interface further accepting the schema update requests from the user and passes it to the multilevel secure database management system.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×