An information theoretic analysis of architectures for multilevel secure databases

This paper develops a framework for assessing the security cost of implementations of a class of distributed database architectures, a framework which has previously been lacking in the literature. The value of information in a relational database is first introduced, i.e. a value is ascribed to the thing the security is to protect. In identifying sources of security costs, both the hiding of information from authorised users and the disclosure of information to unauthorised users are considered. Parameters which describe the effects of implementation and system usage on the security of the architecture are then determined. Finally, guidelines for estimating the information values and the implementation parameters required in calculating the security cost model are provided. For simplicity only two security classes are considered, although the method would extend to any access control policies based on hierarchical classes. The cost model assumes nothing about the assurance of the implementation of the access control policy, and so applies equally to privacy considerations in the design of health care database systems or to national security considerations in military databases.