1st Edition
Multilevel Security for Relational Databases
Since databases are the primary repositories of information for today’s organizations and governments, database security has become critically important. Introducing the concept of multilevel security in relational databases, this book provides a comparative study of the various models that support multilevel security policies in the relational database—illustrating the strengths and weaknesses of each model.
Multilevel Security for Relational Databases covers multilevel database security concepts along with many other multilevel database security models and techniques. It presents a prototype that readers can implement as a tool for conducting performance evaluations to compare multilevel secure database models.
The book supplies a complete view of an encryption-based multilevel security database model that integrates multilevel security for the relational database with a system that encrypts each record with an encryption key according to its security class level. This model will help you utilize an encryption system as a second security layer over the multilevel security layer for the database, reduce the multilevel database size, and improve the response time of data retrieval from the multilevel database.
Considering instance-based multilevel database security, the book covers relational database access controls and examines concurrency control in multilevel database security systems. It includes database encryption algorithms, simulation programs, and Visual studio and Microsoft SQL Server code.
Concepts of Database Security
Database Concepts
Relational Database Security Concepts
Access Control in Relational Databases
Discretionary Access Control
Mandatory Access Control
Role-Based Access Control
Work Objectives
Book Organization
Basic Concept of Multilevel Database Security
Introduction
Multilevel Database Relations
Polyinstantiation
Invisible Polyinstantiation
Visible Polyinstantiation
Types of Polyinstantiation
Architectural Considerations in Supporting Polyinstantiation
Multilevel Database Security Models
SeaView Model
Jajodia–Sandhu Model
Smith–Winslett Model
MLR Model
Belief-Consistent Multilevel Secure Data Model
Performance Study
Experimental Database Structure
Impact of Varying the Number of Tuples
Impact of Varying the Number of Attributes
Impact of Varying the Number of Security Levels
Analysis of Experimental Results
Summary
Implementation of MLS /DBMS Models
Introduction
SeaView Model
Selected Operation Procedure
Insert Operation Procedure
Update Operation Procedure
Delete Operation Procedure
Jajodia–Sandhu Model
Select Operation Procedure
Insert Operation Procedure
Update Operation Procedure
Delete Operation Procedure
Smith–Winslett Model
Select Operation Procedure
Insert Operation Procedure
Update Operation Procedure
Delete Operation Procedure
Multilevel Relational (MLR) Model
Select Operation Procedure
Insert Operation Procedure
Update Operation Procedure
Delete Operation Procedure
Uplevel Operation Procedure
Belief-Consistent Multilevel Secure Relational Data Model
Basic Procedures for Operations
Xview (Label) Procedure
Pl (Label) Procedure
Sl (Label) Procedure
Ib (Label) Procedure
Select Operation Procedure
Insert Operation Procedure
Verify Operation Procedure
Update Operation Procedure
Delete Operation Procedure
Comparative Study for Multilevel Database Models
Summary
Fundamentals of Information Encryption
Introduction
Basic Concepts of Cryptography
Goals of Cryptography
Principles of Encryption
Classification of Encryption Algorithms
Classification according to Encryption Structure
Classification according to Keys
Classification according to Percentage of Encrypted Data
Cryptanalysis
Conventional Symmetric Block Ciphers
Data Encryption Standard (DES)
Double DES
Triple DES
International Data Encryption Algorithm (IDEA)
Blowfish
RC5 Algorithm
RC5 Encryption Algorithm
RC5 Decryption Algorithm
RC5 Key Expansion
RC6 Algorithm
RC6 Encryption Algorithm
RC6 Decryption Algorithm
The Advanced Encryption Standard (AES)
Modes of Operation
The ECB Mode
The CBC Mode
The CFB Mode
The OFB Mode
Encryption-Based Multilevel Model for DBMS
Introduction
The Encryption-Based Multilevel Database Model
Manipulation
The INSERT Statement
The DELETE Statement
The SELECT Statement
The UPDATE Statement
The UPLEVEL Statement
Performance Study
Experimental Database Structure
SELECT Query
Impact of Varying the Number of Tuples
Impact of Varying the Number of Attributes
Impact of Varying the Number of Security Levels
JOIN Query
Impact of Varying the Number of Tuples
Impact of Varying the Number of Attributes
Impact of Varying the Number of Security Levels
UPDATE Query
Analysis of Experimental Results
Summary
Formal Analysis for Encryption-Based Multilevel Model for DBMS
Introduction
The Encryption-Based Multilevel Model for DBMS Definition
MLR Model Definition
Encryption-Based Multilevel Model for DBMS Definition
Integrity Properties
Entity Integrity
Polyinstantiation Integrity
Data-Borrow Integrity
Foreign Key Integrity
Referential Integrity
Manipulation
The INSERT Statement
The DELETE Statement
The SELECT Statement
The UPDATE Statement
The UPLEVEL Statement
Soundness
Case 1: In the INSERT Operation
Case 2: In the DELETE Operation
Case 3: In the UPDATE Operation
Case 4: In the UPLEVEL Operation
Completeness
Security
Summary
Concurrency Control in Multilevel Relational Databases
Introduction
Related Work
Enhanced Secure Multiversion Concurrency Control Model
Performance Evaluation
Workload Model
System Model
Experiments and Results
Correctness of the Enhanced Secure Multiversion Concurrency Control Model
Proof of Correctness
Summary
The Instance-Based Multilevel Security Model
Introduction
The Instance-Based Multilevel Security Model (IBMSM)
Definition 1: The Property View
Definition 2: The Class View
Definition 3: The Instance View at Classification Level Lj
The Advant address of IBMSM
The Select Operation Procedure of the IBMSM
Insert Operation Procedure of the IBMSM
The Update Operation Procedure of the IBMSM
The Delete Operation Procedure of the IBMSM
Comparative Study for Polyinstantiation Models
Summary
The Source Code
Introduction
Screen Shots of the Prototype
Source Code of the Microsoft SQL Server
Source Code of the Data Security Classification Level Tables
Source Code of the User Security Classification Levels
Source Code of the Modifications to the Base Table
Source Code of the View for Each Model of the Multilevel Relational Database Models
Source Code of the Microsoft Visual Studio C#
Source Code of the Classes
Source Code of the Login Form
Source Code of the Queries Form
Source Code of the Query Form
Source Code of the Concurrency
Control Form
References
Index
Biography
Osama S. Faragallah received a B.Sc. (Hons.), M.Sc., and Ph.D. in computer science and engineering from Menoufia University, Egypt, in 1997, 2002, and 2007 respectively. He is currently an associate professor in the Department of Computer Science and Engineering, Faculty of Electronic Engineering, Menoufia University. He was a demonstrator from 1997 to 2002 and has been assistant lecturer from 2002 to 2007. Since 2007 he has been a member of the teaching staff of the Department of Computer Science and Engineering at Menoufia University. He is the co-author of about 100 papers in international journals, conference proceedings, and two textbooks. His current research interests include network security, cryptography, Internet security, multimedia security, image encryption, watermarking, steganography, data hiding, medical image processing, and chaos theory.
El-Sayed M. El-Rabaie (SM'92) was born in Sires Elian, Egypt, in 1953. He received a B.Sc. (Hons.) in radio communications from Tanta University, Tanta, Egypt in 1976, an M.Sc. in communication systems from Menoua University, Menouf, Egypt in 1981, and a Ph.D. in microwave device engineering from Queen's University of Belfast, Belfast, U.K. in 1986. Until 1989, Dr. El-Rabaie was a postdoctoral fellow in the Department of Electronic Engineering, Queen's University of Belfast. He was invited to become a research fellow in the College of Engineering and Technology, Northern Arizona University, Flagstaff in 1992, and a visiting professor at the Ecole Polytechnique de Montreal, Montreal, QC, Canada in 1994. He has authored and co-authored of more than 180 papers and 18 textbooks. He has been awarded the Salah Amer Award of Electronics in 1993 and the Best (CAD) Researcher from Menoufia University in 1995. He acts as a reviewer and member of the editorial board for several scientific journals.
Professor El-Rabaie was the head of the Electronic and Communication