A layered architecture for critical database design Page: 4 of 14
This article is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided to Digital Library by the UNT Libraries Government Documents Department.
The following text was automatically extracted from the image on this page using optical character recognition software:
A Layered Architecture for Critical Database Design'
AFCEA - DOD Database Colloquium '97
September 8-10, 1997
San Diego, CA
G. H. Chisholm and C. E. Swietlik
Decision and Information Sciences Division
Argonne National Laboratory
Integrity, security, and safety are desired properties of database systems destined for use in critical
applications. These properties are desirable because they determine a system's credibility. Howev-
er, demonstrating that a system does, in fact, preserve these properties when implemented is a dif-
ficult task. The difficulty depends on the complexity of the associated design. We explore
architectural paradigms that have been demonstrated to reduce system complexity and, thus, re-
duce the cost associated with certifying that the above properties are present in the final implemen-
The approach is based on the tenet that the design is divided into multiple layers. The critical func-
tions and data make up the bottom layer, where the requirements for integrity, security, and safety
are most rigid. Certification is dependent on the use of formal methods to specify and analyze the
system. Appropriate formal methods are required to support certification that multiple properties
are present in the final implementation. These methods must assure a rigid mapping from the top-
level specification down through the implementation details. Application of a layered architecture
reduces the scope of the design that must be formally specified and analyzed.
This paper describes a generic, layered architecture and a formal model for specification and anal-
ysis of complex systems that require rigid integrity, security, and safety properties.
1. INTRODUCTION AND BACKGROUND
The following database example is used throughout this paper to illustrate the points being dis-
cussed. The database supports a Battle Management/Command, Communications, and Control
(BM/C3) element of a ballistic missile defense system. To support requirements for graceful deg-
radation and devolution, the system is duplicated and dispersed geographically (for this example,
at three separate locations). Each BM/C3 subelement has collocated sensors. Thus communication
is required to ensure that data are replicated among the three elements. This system is designed to
destroy valid threats and only valid threats. Because of the nature of this system, it requires a mul-
tilevel, secure database (i.e., top secret, secret, confidential, and unclassified), with ultra-high in-
tegrity and safety constraints. The database component requires certification with respect to critical
functionality, security, and safety. Such certification is quite expensive and is exacerbated by the
complexity of the system.
1. Work supported by the U.S. Department of Defense under interagency agreement,
through U.S. Department of Energy contract W-31-109-ENG-38.
Here’s what’s next.
This article can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Article.
Chisholm, G.H. & Swietlik, C.E. A layered architecture for critical database design, article, December 31, 1997; Illinois. (digital.library.unt.edu/ark:/67531/metadc698538/m1/4/: accessed November 19, 2018), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.