The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data...The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data integrity of the system are seriously constrained by it′s 'No Read Up, No Write Down' property in the basic MLS model. In order to eliminate the covert channels, the polyinstantiation and the cover story are used in the new data model. The read and write rules have been redefined for improving the agility and usability of the system based on the MLS model. All the methods in the improved data model make the system more secure, agile and usable.展开更多
A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for cov...A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for covert channel auditing are given. Whereas TCSEC (Trusted Computer System Evaluation Criteria) or CC (Common Criteria for Information Technology Security Evaluation) only use the bandwidth to evaluate the threat of covert channels, our new criteria integrate the security level difference, the bandwidth sensitive parameter, bandwidth, duration and instantaneous time of covert channels, so as to give a comprehensive evaluation of the threat of covert channels in a multilevel security system.展开更多
The purpose of this paper is to design and implement a secure open database system for organizations that are increasingly opened up their information for easy access by different users. The work proposed some functio...The purpose of this paper is to design and implement a secure open database system for organizations that are increasingly opened up their information for easy access by different users. The work proposed some functionalities such as open password entry with active boxes, combined encryption methods and agent that can be incorporated into an open database system. It designed and implemented an algorithm that would not allow users to have free access into open database system. A user entering his password only needs to carefully study the sequence of codes and active boxes that describe his password and then enter these codes in place of his active boxes. The approach does not require the input code to be hidden from anyone or converted to place holder characters for security reasons. Integrating this scheme into an open database system is viable in practice in term of easy use and will improve security level of information.展开更多
文摘The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data integrity of the system are seriously constrained by it′s 'No Read Up, No Write Down' property in the basic MLS model. In order to eliminate the covert channels, the polyinstantiation and the cover story are used in the new data model. The read and write rules have been redefined for improving the agility and usability of the system based on the MLS model. All the methods in the improved data model make the system more secure, agile and usable.
基金the National Natural Science Foundation of China (No. 60773049)the Natural Science Foundation of Jiangsu Province (No. BK2007086)+1 种基金the Fundamental Research Project of the Natural Science in Colleges of Jiangsu Province (No. 07KJB520016)the Person with Ability Project of Jiangsu University (No. 07JDG053), China
文摘A new concept, the security level difference of a covert channel, is presented, which means the security level span from the sender to the receiver of the covert channel. Based on this, the integrated criteria for covert channel auditing are given. Whereas TCSEC (Trusted Computer System Evaluation Criteria) or CC (Common Criteria for Information Technology Security Evaluation) only use the bandwidth to evaluate the threat of covert channels, our new criteria integrate the security level difference, the bandwidth sensitive parameter, bandwidth, duration and instantaneous time of covert channels, so as to give a comprehensive evaluation of the threat of covert channels in a multilevel security system.
文摘The purpose of this paper is to design and implement a secure open database system for organizations that are increasingly opened up their information for easy access by different users. The work proposed some functionalities such as open password entry with active boxes, combined encryption methods and agent that can be incorporated into an open database system. It designed and implemented an algorithm that would not allow users to have free access into open database system. A user entering his password only needs to carefully study the sequence of codes and active boxes that describe his password and then enter these codes in place of his active boxes. The approach does not require the input code to be hidden from anyone or converted to place holder characters for security reasons. Integrating this scheme into an open database system is viable in practice in term of easy use and will improve security level of information.
