SDDM-a prototype of a distributed architecture for database security

Abstract

A description is given of the secure distributed data management (SDDM) system, which is a prototype of a distributed architecture for multilevel database security that meets the US Department of Defense's trusted computer system evaluation criteria at the B3 level. The distributed architecture separates data by its security classification onto multiple single-level back-end database hosts and uses distributed data-management technology to provide integrated access to the distributed multilevel database. Discretionary access control is provided by access views defined on the database. An overview of the SDDM system, particularly its security policy, design, and provisions for mandatory and discretionary access controls is provided.<>