MAC Security Issues

  • Inference: Derivation of new information from known information. The inference problem refers to the fact that the derived information may be classified at a level for which the user is not cleared. The inference problem is that of users deducing unauthorized information from the legitimate information they acquire.
  • Aggregation: The result of assembling or combining distinct units of data when handling sensitive information. Aggregation of data at one sensitivity level may result in the total data being designated at a higher sensitivity level.
  • Polyinstantiation: Polyinstantiation allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels.
  • Referential integrity: A database has referential integrity if all foreign keys reference existing primary keys.
  • Entity integrity: A tuple in a relation cannot have a null value for any of the primary key attributes.
  • Granularity: The degree to which access to objects can be restricted. Granularity can be applied to both the actions allowable on objects, as well as to the users allowed to perform those actions on the object.

Source: NIST SP 800-8 (obsoleted)


Leave a Reply