Accession Number : ADA113690

Title :   Secure DBMS.

Descriptive Note : Final technical rept. Jul 80-Jul 81,


Personal Author(s) : Wormington,T D ; Giesler,C E

PDF Url : ADA113690

Report Date : Feb 1982

Pagination or Media Count : 319

Abstract : This study effort evaluates the feasibility of employing a distributed computer system architecture to support the secure data base management activities of the Air Force. Various distributed system architecture and the means of implementing the required security enforcing mechanisms are described. The basic approach places a security filter between a group of independent single-level user data base management processors and a common shared, multi-level data base. This security filter is capable of enforcing a different DoD non-discretionary security policy (consisting of read and write access controls, security classification and compartment) for each DBMS processor through provable hardware means. In addition, the security filter can either provide or support enforcement of discretionary security (need-to-know) and integrity protection (data Quality) through software (or firmware) external to the DBMS processors. This approach isolates such security related software from user control. Consequently, there is less need for software certification; that is, trusted software may be adequate for discretionary and integrity security. The study concludes that the use of a distributed architecture does make it feasible to provide provable multi-level security for data base operations.

Descriptors :   *Data processing security, *Distributed data processing, *Computer architecture, *Data management, Data bases, Test and evaluation, Feasibility studies, Air Force equipment, Classified materials, Mathematical models, Trade off analysis, User needs

Subject Categories : Computer Hardware
      Computer Systems

Distribution Statement : APPROVED FOR PUBLIC RELEASE