Analysis of formal models for ensuring data integrity and their applicability to databases

Authors

DOI:

https://doi.org/10.30837/rt.2021.1.204.04

Keywords:

security model, data integrity, information system, database

Abstract

Information systems in general and databases in particular are vulnerable to accidental or malicious attacks aimed at compromising data integrity. Security is easier if you have a clear model that is the formal expression of security policy. The paper explores known security models related to data integrity, their applicability and significance for databases. The analysis of formal models for ensuring data integrity revealed that each of them, having certain advantages and disadvantages, has the right to use. The decisive factor in making a decision is an assessment of a specific situation, which will make it possible to make the right choice, including their complex application. In this regard, the paper notes that the Clark-Wilson model, the undoubted advantages of which are its simplicity and ease of joint use with other security models, is advisable to use as a set of practical recommendations for building an integrity assurance system in information systems. While stating the fact that traditional DBMSs support many of the mechanisms of the Clark-Wilson model, the article points out that implementations based on standard SQL require some compromise solutions. Analyzing the Biba model, the paper concludes about its relative simplicity and the use of a well-studied mathematical apparatus. It is noted that in practice, for the creation of secure information systems, as systems that ensure the confidentiality and data integrity, it is important to unite the Bell-LaPadula and Biba models. Moreover, this union should be on the basis of one common lattice, but with two security labels (confidentiality and integrity) with the opposite character of their definition. This is exactly the variant of combining the Bell-LaPadula and Biba models that is recommended for use in modern information systems and DBMSs, where a mandatory security policy is implemented.

References

Девянин П. Н. Модели безопасности компьютерных систем. Управление доступом и информационными потоками. 2-е изд. Москва : Горячая линия–Телеком, 2013. 338 с.

Chapple M., Stewart J. M., Gibson D. CISSP Certified Information Systems Security Professional Official Study Guide, 8th ed. Sybex, John Wiley & Sons, Inc.: Indianapolis, Indiana, 2018. 1050 p.

Гайдамакин H. A. Теоретические основы компьютерной безопасности. Екатеринбург : Изд-во Уральского ун-та, 2008. 212 с.

Tanenbaum A. S., Herbert Bos H. Modern Operating Systems. Fourth edition. Pearson, 2015. 1136 p.

Смирнов С. Н. Безопасность систем баз данных. Москва : Гелиос АРВ, 2007. 352 с.

Clark D. D., Wilson D. R. A Comparison of Commercial and Military Computer Security Policies // Proceedings of the 1987 IEEE Symposium on Research in Security and Privacy (SP'87), May 1987, Oakland, CA : IEEE Press, 1987. P. 184–193.

Gollmann D. Computer Security. 3rd ed. Wiley, 2011. 436 p.

Yesin V.I., Yesina M.V., Vilihura V.V. Monitoring the integrity and authenticity of stored database objects // Telecommunications and Radio Engineering. 2020. Vol. 79, Issue 12. P. 1029-1054.

Sandhu R. S., Jajodia S. Data and database security and controls // Handbook of information security management, Auerbach Publishers. 1993. P. 481-499.

Девянин П. Н., Михальский О. О., Правиков Д. И. и др. Теоретические основы компьютерной безопасности. Москва : Радио и связь, 2000. 192 с.

Ge X., Polack F., Laleau R. Secure databases: an analysis of Clark-Wilson model in a database environment // International Conference on Advanced Information Systems Engineering. Springer, Berlin, Heidel-berg, 2004. P. 234-247.

Щеглов А. Ю. Защита компьютерной информации от несанкционированного доступа. СПб. : Наука и Техника, 2004. 384 с.

Biba K. J. Integrity considerations for secure computer systems. MTR-3153-REV-1. Mitre Corp Bedford MA, 1977. 64 p.

Bell D. E., LaPadula L. J. Secure Computer Systems: Unified Exposition and Multics Interpretation (MTR-2997 Rev. 1). Bedford, Mass.: MITRE Corp., 1976. 129 p.

Цирлов В. Л. Основы информационной безопасности автоматизированных систем. Ростов-на-Дону : Феникс, 2008. 173 с.

Зегжда Д. П. Информационная безопасность. Москва : МГТУ им. Н.Э. Баумана, 2010. 236 с.

Зегжда Д. П., Ивашко А. М. Основы безопасности информационных систем. Москва : Горячая линия–Телеком, 2000. 452 с.

Published

2021-04-09

How to Cite

Yesin, V., Rassomakhin, S., & Vilihura, V. (2021). Analysis of formal models for ensuring data integrity and their applicability to databases. Radiotekhnika, 1(204), 30–39. https://doi.org/10.30837/rt.2021.1.204.04

Issue

Section

Articles