1996 Fiscal Year Final Research Report Summary
On Desing of Access Control for Database Systems
Project/Area Number |
07455163
|
Research Category |
Grant-in-Aid for Scientific Research (B)
|
Allocation Type | Single-year Grants |
Section | 一般 |
Research Field |
情報通信工学
|
Research Institution | Chuo University |
Principal Investigator |
TSUJII Shigeo Dept.of Inf.and Sys.Chuo University, Professor, 理工学部, 教授 (50020350)
|
Co-Investigator(Kenkyū-buntansha) |
KINOSHITA Hirotsugu Kanagawa University, Faculty of Eng., Assoc.Prof, 工学部, 助教授 (70202041)
|
Project Period (FY) |
1995 – 1996
|
Keywords | data base / access control / information security |
Research Abstract |
To control the access right of users to data base systems concentrically is one of the approaches for solving to the problem. A systematic model for the approach is called the security model. Typical security models are a mandatory model of the Bell and LaPadula model (summarize BLP) and a discretionaly model using an access matrix. The BLP is defined security levels for information and users. An access right of users is controlled by comparing the security levels of the users and the information. Direction of the information flows are defined by the security levels. On the other haid, the discretionaly model using an access matrix an access matrix has an advantage to be able to look aroud information flows all over the users. But there is a problem that the indirect information flows are caused by writing any information to the other information, and consequently, confidentiality and integrity for the information are damaged. And if access right is changed, we have a further problem th
… More
at the access matrix which has been secure before changing access right is not secure. But reports of this type of research have apparently not been published to date. This research proposes a security model and reification method to detect the indirect information flows and to verify whether information is secure or not. For the security model proposed, a Hierarchical Time Petri Net (H-TPN), which is an extended not of the Hierarchical Petri Net, is defimed. The H-TPN is introduced time parameter and colored tokens in the Hierarchical Petri Net. The information flows in the access matrix are described by the paths on the H-TPN whose places describe users and information. The time parameter is defined in the transitions of the H-TPN.Colored tokens, which are divided into two types, are introduced to reduce complexity of toke'n propagation paths, The one type of the colored tokens describes information to be verified, the others describe information not to be verified. Operation rules between colored tokens are defined. In the proposed security model, we will show very interesting properties for the security with regard to the time. The properites are a condition to be secure till a certain time and a condition to be secure from a certain time to a certain future time. Less
|
Research Products
(6 results)