Designing secure databases for OLS

Abstract

Some Database Management Systems (DBMS) allow to implement multilevel databases, but there are no methodologies for designing these databases. Security must be considered as a fundamental requirement in Information Systems (IS) development, and has to be taken into account at all stages of the development. We propose a methodology for designing secure databases, which allows to design and implement secure databases considering constraints regarding sensitive information from the requirements phase. The models and languages included in the methodology provide tools to specify constraints and to classify the information into different security levels and to specify which roles users need to play to access information. The methodology prescribes rules to specify the database and the security information with the Oracle9i Label Security (OLS) DBMS. It also has been applied in an actual case by the Data Processing Center of the Ciudad Real Provincial Government. © Springer-Verlag Berlin Heidelberg 2003.