| <<< HUMAN::DISK$HUMAN_WRKD:[NOTES$LIBRARY]SECURITY_INFORMATION.NOTE;2 >>>
-< Digital Worldwide information on SECURITY >-
================================================================================
Note 306.0 Sybase - first B2 secure RDBMS ? 2 replies
KAOA01::JAMES "Al James @KAO" 71 lines 28-MAR-1989 12:59
--------------------------------------------------------------------------------
Computerworld 20-mar-89 .p 29
[Without permission]
Sybase claims security clearance
Washington DC - Sybase Inc. ushered in a new era in computer security
by announcing earlier this month what is said to be the first
relational database management system with access controls designed
to meet government standards for multi-level security.
The product "represents a major milestone in the evolution of trusted
computer systems," said Stephen T. Walker. a former Pentagon official
known as the father of the National Computer Security Center (NCSC).
Sybase, located in Emeryvill, Calif., claimed that the Secure SQL
Server gives government agancies, defence contractors and financial
institutions the ability to store data of multiple security
classifications in a single database. Individual rows in data tables
are given security lables, and users can gain access to only those
rows that they are cleared to see, update, or delete.
The Secure SQL Server is designed to meet the NCSC's B1 and B2 levels
of security, which require discretionary and mandatory access controls.
However, the product has not yet been evaluated or certified by
the NCSC. In fact, Sybase faces some risk because the NCSC standard
for secure DBMS applications, called the Trusted Database
Interpretation, will not be completed for another six to 12 months.
Sybase officials, asserting that their product closely tracks the
current draft of the standard, said that as the standard evolves,
Sybase will comply with the changes.
In the past, the focus of security products has been the operating
system. "But the wave of the future is security in the DBMS...
because that provides more portability and more control over the
data resource," said Larry Willets, a software analyst at IDC
Washington, Inc., in Vienna, Va.
Furthermore, having an off-the-shelf package will help users and
contractors avoid the expensive hassle of building custom databases
to meet security requirements, he said.
"As great as the Sybase announcement is, the big deal is that we
are seeing the birth of the third phase of relational technology:
true control over the data resource", Willets said. The first
two phases were the implementation of the relational data model
and ongoing efforts to boost performance, he said.
Although Sybase is the first to market, Willets noted that Oracle
Corp., Relational Technology Inc., Informix Software Inc., and AT&T
are all developing secure DBMS products for a highly competitive
market.
Initially the Secure SQL Server will be available on Digital Equipment
Corp. VAX computers running Ultrix.
Beta testing of the B1 version will begin at the end of this month
with commercial shipments expected in the second half of this year,
Sybase said. The B2 version will be available sometime in 1990,
the vendor said.
The price is $20,000 to $200,000 depending on CPU size.
--------------------------------------------------------------------------
Comments please...
Is this a technology breakthrough or marketing hype?
What is Digital's response?
|