Multilevel Security for Relational Databases  book cover
SAVE
$14.79
1st Edition

Multilevel Security for Relational Databases





ISBN 9781138374904
Published September 18, 2018 by Auerbach Publications
304 Pages - 76 B/W Illustrations

 
SAVE ~ $14.79
was $73.95
USD $59.16

Prices & shipping based on shipping country


Preview

Book Description

Since databases are the primary repositories of information for today’s organizations and governments, database security has become critically important. Introducing the concept of multilevel security in relational databases, this book provides a comparative study of the various models that support multilevel security policies in the relational database—illustrating the strengths and weaknesses of each model.

Multilevel Security for Relational Databases covers multilevel database security concepts along with many other multilevel database security models and techniques. It presents a prototype that readers can implement as a tool for conducting performance evaluations to compare multilevel secure database models.

The book supplies a complete view of an encryption-based multilevel security database model that integrates multilevel security for the relational database with a system that encrypts each record with an encryption key according to its security class level. This model will help you utilize an encryption system as a second security layer over the multilevel security layer for the database, reduce the multilevel database size, and improve the response time of data retrieval from the multilevel database.

Considering instance-based multilevel database security, the book covers relational database access controls and examines concurrency control in multilevel database security systems. It includes database encryption algorithms, simulation programs, and Visual studio and Microsoft SQL Server code.

Table of Contents

Concepts of Database Security
Database Concepts
Relational Database Security Concepts
Access Control in Relational Databases
     Discretionary Access Control 
     Mandatory Access Control 
     Role-Based Access Control
Work Objectives
Book Organization

Basic Concept of Multilevel Database Security
Introduction
Multilevel Database Relations
Polyinstantiation 
     Invisible Polyinstantiation 
     Visible Polyinstantiation 
     Types of Polyinstantiation 
     Architectural Considerations in Supporting Polyinstantiation
Multilevel Database Security Models 
     SeaView Model
     Jajodia–Sandhu Model 
     Smith–Winslett Model
     MLR Model
     Belief-Consistent Multilevel Secure Data Model
Performance Study 
     Experimental Database Structure
     Impact of Varying the Number of Tuples 
     Impact of Varying the Number of Attributes
     Impact of Varying the Number of Security Levels 
     Analysis of Experimental Results
Summary

Implementation of MLS /DBMS Models
Introduction
SeaView Model 
     Selected Operation Procedure 
     Insert Operation Procedure 
     Update Operation Procedure 
     Delete Operation Procedure
Jajodia–Sandhu Model 
     Select Operation Procedure
     Insert Operation Procedure 
     Update Operation Procedure 
     Delete Operation Procedure
Smith–Winslett Model
     Select Operation Procedure
     Insert Operation Procedure
     Update Operation Procedure 
     Delete Operation Procedure
Multilevel Relational (MLR) Model 
     Select Operation Procedure 
     Insert Operation Procedure 
     Update Operation Procedure 
     Delete Operation Procedure
     Uplevel Operation Procedure
Belief-Consistent Multilevel Secure Relational Data Model 
     Basic Procedures for Operations 
          Xview (Label) Procedure 
          Pl (Label) Procedure 
          Sl (Label) Procedure 
          Ib (Label) Procedure 
     Select Operation Procedure 
     Insert Operation Procedure 
     Verify Operation Procedure 
     Update Operation Procedure 
     Delete Operation Procedure
Comparative Study for Multilevel Database Models
Summary

Fundamentals of Information Encryption
Introduction
Basic Concepts of Cryptography
     Goals of Cryptography
     Principles of Encryption
Classification of Encryption Algorithms 
     Classification according to Encryption Structure 
     Classification according to Keys 
     Classification according to Percentage of Encrypted Data
Cryptanalysis
Conventional Symmetric Block Ciphers 
     Data Encryption Standard (DES) 
     Double DES 
     Triple DES 
     International Data Encryption Algorithm (IDEA)
     Blowfish 
     RC5 Algorithm
          RC5 Encryption Algorithm
          RC5 Decryption Algorithm 
          RC5 Key Expansion 
     RC6 Algorithm 
          RC6 Encryption Algorithm 
          RC6 Decryption Algorithm 
     The Advanced Encryption Standard (AES)
Modes of Operation 
     The ECB Mode 
     The CBC Mode 
     The CFB Mode 
     The OFB Mode

Encryption-Based Multilevel Model for DBMS
Introduction
The Encryption-Based Multilevel Database Model
Manipulation 
     The INSERT Statement 
     The DELETE Statement
     The SELECT Statement 
     The UPDATE Statement 
     The UPLEVEL Statement
Performance Study 
     Experimental Database Structure 
     SELECT Query 
          Impact of Varying the Number of Tuples 
          Impact of Varying the Number of Attributes
          Impact of Varying the Number of Security Levels 
     JOIN Query 
          Impact of Varying the Number of Tuples 
          Impact of Varying the Number of Attributes 
          Impact of Varying the Number of Security Levels 
     UPDATE Query
Analysis of Experimental Results
Summary

Formal Analysis for Encryption-Based Multilevel Model for DBMS
Introduction
The Encryption-Based Multilevel Model for DBMS Definition
     MLR Model Definition
     Encryption-Based Multilevel Model for DBMS Definition
Integrity Properties 
     Entity Integrity
     Polyinstantiation Integrity 
     Data-Borrow Integrity 
     Foreign Key Integrity
     Referential Integrity
Manipulation
     The INSERT Statement 
     The DELETE Statement 
     The SELECT Statement 
     The UPDATE Statement 
     The UPLEVEL Statement
Soundness 
     Case 1: In the INSERT Operation 
     Case 2: In the DELETE Operation 
     Case 3: In the UPDATE Operation
     Case 4: In the UPLEVEL Operation
Completeness
Security
Summary

Concurrency Control in Multilevel Relational Databases
Introduction
Related Work
Enhanced Secure Multiversion Concurrency Control Model
Performance Evaluation
     Workload Model 
     System Model 
     Experiments and Results
Correctness of the Enhanced Secure Multiversion Concurrency Control Model 
     Proof of Correctness
Summary

The Instance-Based Multilevel Security Model
Introduction
The Instance-Based Multilevel Security Model (IBMSM) 
     Definition 1: The Property View 
     Definition 2: The Class View 
     Definition 3: The Instance View at Classification Level Lj
The Advant address of IBMSM
The Select Operation Procedure of the IBMSM
Insert Operation Procedure of the IBMSM
The Update Operation Procedure of the IBMSM
The Delete Operation Procedure of the IBMSM
Comparative Study for Polyinstantiation Models
Summary

The Source Code
Introduction
Screen Shots of the Prototype
Source Code of the Microsoft SQL Server 
     Source Code of the Data Security Classification Level Tables 
     Source Code of the User Security Classification Levels 
     Source Code of the Modifications to the Base Table 
     Source Code of the View for Each Model of the Multilevel Relational Database Models
Source Code of the Microsoft Visual Studio C# 
     Source Code of the Classes 
     Source Code of the Login Form 
     Source Code of the Queries Form 
     Source Code of the Query Form 
     Source Code of the Concurrency
Control Form

References

Index

...
View More

Author(s)

Biography

Osama S. Faragallah received a B.Sc. (Hons.), M.Sc., and Ph.D. in computer science and engineering from Menoufia University, Egypt, in 1997, 2002, and 2007 respectively. He is currently an associate professor in the Department of Computer Science and Engineering, Faculty of Electronic Engineering, Menoufia University. He was a demonstrator from 1997 to 2002 and has been assistant lecturer from 2002 to 2007. Since 2007 he has been a member of the teaching staff of the Department of Computer Science and Engineering at Menoufia University. He is the co-author of about 100 papers in international journals, conference proceedings, and two textbooks. His current research interests include network security, cryptography, Internet security, multimedia security, image encryption, watermarking, steganography, data hiding, medical image processing, and chaos theory.

El-Sayed M. El-Rabaie (SM’92) was born in Sires Elian, Egypt, in 1953. He received a B.Sc. (Hons.) in radio communications from Tanta University, Tanta, Egypt in 1976, an M.Sc. in communication systems from Menoufia University, Menouf, Egypt in 1981, and a Ph.D. in microwave device engineering from Queen’s University of Belfast, Belfast, U.K. in 1986. Until 1989, Dr. El-Rabaie was a postdoctoral fellow in the Department of Electronic Engineering, Queen’s University of Belfast. He was invited to become a research fellow in the College of Engineering and Technology, Northern Arizona University, Flagstaff in 1992, and a visiting professor at the Ecole Polytechnique de Montreal, Montreal, QC, Canada in 1994. He has authored and co-authored of more than 180 papers and 18 textbooks. He has been awarded the Salah Amer Award of Electronics in 1993 and the Best (CAD) Researcher from Menoufia University in 1995. He acts as a reviewer and member of the editorial board for several scientific journals.

Professor El-Rabaie was the head of the Electronic and Communication Engineering Department at Menoufia University; and later the vice dean of postgraduate studies and research. Dr. El-Rabaie’s research interests include CAD of nonlinear microwave circuits, nanotechnology, digital communication systems, and digital image processing. He is a member of the National Electronic and Communication Engineering Promotion Committee and a reviewer of quality assurance and accreditation of Egyptian higher education.

Fathi E. Abd El-Samie received his B.Sc. (Hons.), M.Sc., and Ph.D. from Menoufia University, Menouf, Egypt, in 1998, 2001, and 2005, respectively. Since 2005, he has been a member of the teaching staff in the Department of Electronics and Electrical Communications, Faculty of Electronic Engineering, Menoufia University. He is currently a researcher at KACST-TIC in radio frequency and photonics for the e-Society (RFTONICs). He is a co-author of about 200 papers in international conference proceedings and journals, and 4 textbooks. His current research interests include image enhancement, image restoration, image interpolation, super-resolution reconstruction of images, data hiding, multimedia communications, medical image processing, optical signal processing, and digital communications.

In 2008, Dr. Abd El-Samie was the recipient of the Most Cited Paper Award from the journal Digital Signal Processing.

Ahmed I. Sallam was born in Tanta, Al Gharbia, Egypt in 1982. He received a B.Sc. (Hons.) in computer science and engineering from Al Azhar University, Faculty of Engineering, in 2005 and an M.Sc. in computer science and engineering from Menoufia University, Faculty of Electronic Engineering, Egypt in 2012. He is a senior software engineer at Qarun Petroleum Company. His research interests include database, database security, cryptography, multimedia security, and image encryption.

Hala S. El-Sayed received her B.Sc.(Hons.), M.Sc., and Ph.D. in electrical engineering from Menoufia University, Shebin El-kom, Egypt, in 2000, 2004, and 2010, respectively. She is currently assistant professor in the Department of Electrical Engineering, Faculty of Engineering, Menoufia University. She was a demonstrator from 2002 to 2004 and an assistant lecturer from 2004 to 2010. Since 2010, she has been a member of the teaching staff in the Department of Electrical Engineering, Faculty of Engineering, Menoufia University. Her research interests are database security, network security, data hiding, image encryption, signal processing, wireless sensor network, robotics, secure building automation systems, and biometrics.