As reported (CI No 1,705), Oracle Corp and Informix Software Inc are moving into the area of secure databases. Oracle set up its Secure Systems Business Unit in 1989 where it has been pursuing a number of research and development projects, some with the US Air Force, as it developed prototypes of security features that will go into Oracle version 7.0. These features are designed to meet the US National Computer Security Center’s C2 – fairly low – level of security. Basically, this means that to enter the system the user requires a recognised name and password. Any processes that the user then creates will have the user’s name attached to it – the user thus owns her own object and can grant access privileges to it. The C2 level of security offers an audit trail to every commercial user, which, following the Computer Security Act of 1987, the US Government believes to be the minimum conditions for doing business by 1992. The audit trail must be capable of recording all accesses to protected data including which data was accessed, who accessed the data, what was the date and time of access, and whether the access succeeded. However, while such features can be built into the existing architecture of commercial databases, to move onto the next level of security – B1 – Richard Allen, systems analyst with Oracle Secure Systems, argues that a different architecture is required. To design a database capable of offering B1 security, it must be able to handle mandatory security features. This means that different levels of security can be implemented, supporting a hierarchy of access, as is common in defence organisations. To achieve B1 labelled security protection, a database management system must be designed to override users trying to give each other unauthorised access to data. This is the level of security designed into the Trusted Oracle, which is to be launched later this year. In the longer term Oracle is working on an A1 verified design database with the US Air Force. Allen says that no vendor can yet claim any approved levels of security for a database, since the National Computer Security Center asked vendors to submit technology for evaluation at the beginning of June. Hitherto, databases had not been covered by the Rainbow Series of texts delineating computer security requirements. The evaluation process will take between one and two years and the Center has accepted technology from only two companies for evaluation: Oracle for C2 and B1 products, Informix for B1 products.

By Katy Ring

For the B1 products, both Oracle and Informix have chosen Hewlett-Packard Co’s HP-UX BLS 8.04 secure Unix operating system as the initial evaluation environment. Database product manager for Informix in the UK, Tony Lacy-Thompson says the Informix product is called Informix On-Line/Secure and will be in beta test in August with the first customer shipment planned to take place in November. The product is being written with a view to extending it up to B3 level security, which is described as tamperproof by the National Computer Security Center. Lacy-Thompson said that Informix would not be bothering with adding approved C2 security to standard Informix, since he believes that sectors beyond defence that are interested in security, such as central government, banks and financial institutions that have data of a commercially sensitive nature will buy into B1 level security offered by informix on a variety of Unix Multi Level Secure environments. However, Oracle version 7.0 will be implemented to all the standard systems that Oracle supports, but only those environments capable of C2 security can be considered truly C2 secure. Developed under Digital Equipment Corp’s Security Enhanced VMS, Trusted Oracle will only be implemented for multi-level secure environments such as Hewlett-Packard’s HP-UX BLS 8.04, Unix System Laboratories Inc’s Unix System V/MLS and IBM Corp’s MVS/ESA Rack F 1.9. Allen thinks that the arrival of approved databases for B1 secure environ-ments will further the growth of such secure environments beyond the defe

nce market because in terms of developing software, developers had been left to struggle with some multi-level secure compilers, whereas now they will have modern software tools to use, with software security ensured by the database. This should mean that it is less expensive and easier for organisations dealing with private and personal data, such as General Practitioners in the UK health service, to use B1 systems. Similarly, Lacy-Thompson thinks that secure databases will foster a greater interest in Unix from security-conscious users that have so far been wary of the lack of security within Unix. The European Community has established its own evaluation process, the European Information Technology Security Evaluation Criteria, but Allen claims that both the European and the US standards will be able to be covered by a single B1 product.