Supporting object-based high-assurance write-up in multilevel databases for the replicated architecture

Abstract

We discuss the support of high-assurance write-up actions in multilevel secure object-oriented databases under the replicated architecture. In this architecture, there exists a separate untrusted singlelevel database for each security level. Data is replicated across these databases (or containers), as each database stores a copy of all the data whose class is dominated by that of the database. Our work utilizes an underlying message filter based object-oriented security model. Supporting message-based write-up actions with synchronous semantics directly impacts condidentiality, integrity, and performance issues. Also, an important concern in the replicated architecture is the maintenance of the mutual consistency of the replicated data. In this paper we offer solutions to support write-up actions while preserving the conflicting goals of confidentiality, integrity, and efficiency and at the same time demonstrate how the effects of updates arising from write-up actions are replicated correctly to guarantee such mutual consistency. Finally, we wish to emphasize that our elaboration of the message filter model demands minimum functionality from the TCB that is hosted within the trusted front end (TFE), and further requires no trusted subjects (i.e. subjects who are exempted, perhaps partially, from the usual mandatory controls). Collectively, these make verification of our solutions easier, since we have the assurance that covert channels cannot be introduced through the TFE.