Analysis of formal models for ensuring data integrity and their applicability to databases
DOI:
https://doi.org/10.30837/rt.2021.1.204.04Keywords:
security model, data integrity, information system, databaseAbstract
Information systems in general and databases in particular are vulnerable to accidental or malicious attacks aimed at compromising data integrity. Security is easier if you have a clear model that is the formal expression of security policy. The paper explores known security models related to data integrity, their applicability and significance for databases. The analysis of formal models for ensuring data integrity revealed that each of them, having certain advantages and disadvantages, has the right to use. The decisive factor in making a decision is an assessment of a specific situation, which will make it possible to make the right choice, including their complex application. In this regard, the paper notes that the Clark-Wilson model, the undoubted advantages of which are its simplicity and ease of joint use with other security models, is advisable to use as a set of practical recommendations for building an integrity assurance system in information systems. While stating the fact that traditional DBMSs support many of the mechanisms of the Clark-Wilson model, the article points out that implementations based on standard SQL require some compromise solutions. Analyzing the Biba model, the paper concludes about its relative simplicity and the use of a well-studied mathematical apparatus. It is noted that in practice, for the creation of secure information systems, as systems that ensure the confidentiality and data integrity, it is important to unite the Bell-LaPadula and Biba models. Moreover, this union should be on the basis of one common lattice, but with two security labels (confidentiality and integrity) with the opposite character of their definition. This is exactly the variant of combining the Bell-LaPadula and Biba models that is recommended for use in modern information systems and DBMSs, where a mandatory security policy is implemented.
References
Девянин П. Н. Модели безопасности компьютерных систем. Управление доступом и информационными потоками. 2-е изд. Москва : Горячая линия–Телеком, 2013. 338 с.
Chapple M., Stewart J. M., Gibson D. CISSP Certified Information Systems Security Professional Official Study Guide, 8th ed. Sybex, John Wiley & Sons, Inc.: Indianapolis, Indiana, 2018. 1050 p.
Гайдамакин H. A. Теоретические основы компьютерной безопасности. Екатеринбург : Изд-во Уральского ун-та, 2008. 212 с.
Tanenbaum A. S., Herbert Bos H. Modern Operating Systems. Fourth edition. Pearson, 2015. 1136 p.
Смирнов С. Н. Безопасность систем баз данных. Москва : Гелиос АРВ, 2007. 352 с.
Clark D. D., Wilson D. R. A Comparison of Commercial and Military Computer Security Policies // Proceedings of the 1987 IEEE Symposium on Research in Security and Privacy (SP'87), May 1987, Oakland, CA : IEEE Press, 1987. P. 184–193.
Gollmann D. Computer Security. 3rd ed. Wiley, 2011. 436 p.
Yesin V.I., Yesina M.V., Vilihura V.V. Monitoring the integrity and authenticity of stored database objects // Telecommunications and Radio Engineering. 2020. Vol. 79, Issue 12. P. 1029-1054.
Sandhu R. S., Jajodia S. Data and database security and controls // Handbook of information security management, Auerbach Publishers. 1993. P. 481-499.
Девянин П. Н., Михальский О. О., Правиков Д. И. и др. Теоретические основы компьютерной безопасности. Москва : Радио и связь, 2000. 192 с.
Ge X., Polack F., Laleau R. Secure databases: an analysis of Clark-Wilson model in a database environment // International Conference on Advanced Information Systems Engineering. Springer, Berlin, Heidel-berg, 2004. P. 234-247.
Щеглов А. Ю. Защита компьютерной информации от несанкционированного доступа. СПб. : Наука и Техника, 2004. 384 с.
Biba K. J. Integrity considerations for secure computer systems. MTR-3153-REV-1. Mitre Corp Bedford MA, 1977. 64 p.
Bell D. E., LaPadula L. J. Secure Computer Systems: Unified Exposition and Multics Interpretation (MTR-2997 Rev. 1). Bedford, Mass.: MITRE Corp., 1976. 129 p.
Цирлов В. Л. Основы информационной безопасности автоматизированных систем. Ростов-на-Дону : Феникс, 2008. 173 с.
Зегжда Д. П. Информационная безопасность. Москва : МГТУ им. Н.Э. Баумана, 2010. 236 с.
Зегжда Д. П., Ивашко А. М. Основы безопасности информационных систем. Москва : Горячая линия–Телеком, 2000. 452 с.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).