Relational database specialist Sybase Inc chose the UK’s Milcomp 88 show at Wembley for the worldwide announcement of its Secure SQL Server database, which it claims will be the first multi level secure database to conform to the US National Computer Security Centre’s Orange Book B1 and B2 classifications. The B1 product has been implemented on DEC’s VAX under Ultrix – to take advantage of both government procurement requirements and work underway at DEC on secure operating systems, according to Sybase. The more secure B2 version runs on bare VAX hardware, with the Sybase software taking over the operating system functions. The product was developed in conjunction with US defence contractor TRW Inc, which supplied the security expertise, and allows a single relational database to store data subject to multiple security classifications. According to Sybase, the product goes beyond the usual file level security controls to provide mandatory security at the RDBMS row level, and has up to 16 hierarchical classifications and 64 compartment categories. Security auditing and tracing monitors system access and sets an alarm off in the event of unauthorised usage. Sybase says that its design aim for Secure SQL was for no more than a 10% to 15% performance overhead to be added by the security features over the commercial product – it will only know if this has been achieved once beta-testing starts in December. A spokesman from Sybase UK said that a major government agency had agreed to test the software for its final B1 certification. Sybase says the system is an investment for the future, expecting that many users of commercial applications, particularly in the finance and banking world, will need the same level of security as standard by the 1990s.
