1. Field of the Invention
The present invention is directed to secure database systems.
2. Description of the Related Art
Databases often contain data having different permission levels required for access. In most instances, databases store data in vertical columns and horizontal rows. Thus, a database may have one row or cell for which a first level of permission is required and a second row or cell for which a second level of permission is required. This is typical in databases used by the Intelligence Community (IC). In these situations, some users are to have access to data that other users are not permitted to access. Access of data within a database may also be limited in other fields, such as healthcare, finance, and other areas.
Currently, some databases provide row level security by generating an access table for combinations of every possible user access level and rows of data to be accessed. For each combination of user access level and row of data, the table indicates whether or not the user has permission to access the row. This method for providing row level access requires a large amount of memory space as well as processing power each time a user requests access to the data.
Other database solutions place artificial limits on the set of permissions or number of possible labels. They do this because the database software does not provide the flexibility to handle many combinations of user permissions. For example, from a security lattice of 1024 possible permissions combinations, only 21 may be supported (Smith's Lattice). This is in spite of the fact that there are essentially only 9 permissions options to choose from.
Some databases provide data in a single row with different permission levels. Typically, databases assign a permission level to the row that matches the highest cell permission requirement in the row. This prevents access to users who should have access to a particular cell but don't have the permission level of the highest cell in the row.
Other database systems generate a pre-determined number of secure data sets associated with different security levels. Requests for data are then compared to each data set. If a predetermined secure data set matches the data request, the matching secure data set is provided. If no existing data set matches the request, a predetermined secure data set associated with a security level less than that associated with the request is provided in response to the request.
Still other database systems utilize a set of distributed databases and broker access to them. This allows a user to access data from the database(s) having information that the user is cleared to access. Other secure database systems utilize a codebook and schema information to decrypt data received by a user station from a remote database. Accessing different databases in a distributed database system requires more processing time and doesn't provide for a central storage means for data. Additionally, most of the distributed database schemes provide row level security only.
Secure database systems may receive data from different sources. The received data is inserted into a database and made available to the appropriate users. The data sources often present the data permissions associated with the sent data in different formats. This makes it difficult to collaborate secure data between data sources and is cause in part for the generation and use of access tables to describe permission levels for individual rows of data for users.