Editing Polyinstantiation

{{Short description|A cybersecurity method in computer science}}
'''Polyinstantiation''' in [[computer science]] is the concept of type (class, database row or otherwise) being instantiated into multiple independent instances (objects, copies). It may also indicate, such as in the case of database polyinstantiation, that two different instances have the same name (identifier, primary key).

== Operating system security ==
In [[Operating system#Security|Operating system security]], polyinstantiation is the concept of creating a user or process specific view of a shared resource. I.e. Process '''A''' cannot affect process '''B''' by writing malicious code to a shared resource, such as [[UNIX]] directory '''/tmp'''.<ref>{{cite web
| url=http://www.ibm.com/developerworks/linux/library/l-polyinstantiation/
| title=Improve security with polyinstantiation: Using a Pluggable Authentication Module to protect private data
| author-link=Robb R. Romans
| first= Robb R
| last= Romans
| date=2008-03-26
| publisher=IBM DeveloperWorks}}</ref><ref>{{cite web
| url=http://www.coker.com.au/selinux/talks/sage-2006/PolyInstantiatedDirectories.html
| title=Polyinstantiation of directories in an SE Linux system
| author-link=Russell Coker
| first= Russell
| last= Coker
| date=2007-01-04
| work=[[SAGE-AU|Sage 2006]]}}</ref>

Polyinstantiation of shared resources have similar goals as [[process isolation]], an application of [[virtual memory]], where processes are assigned their own isolated [[virtual address space]] to prevent process '''A''' writing into the memory space of process '''B'''.

== Database ==
In databases, polyinstantiation is database-related [[SQL]] (structured query language) terminology. It allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels.<ref>{{cite web
| url=http://www.acsac.org/secshelf/book001/21.pdf
| title=Solutions to the Polyinstantiation Problem
| first1=Sushil
| last1=Jajodia
| first2=Ravi S
| last2=Sandhu
| first3=Barbara T.
| last3=Blaustein
| date=2006-02-01}}</ref> It occurs because of mandatory policy. Depending on the security level established, one record contains sensitive information, and the other one does not, that is, a user will see the record's information depending on his/her level of confidentiality previously dictated by the company's policy<ref>{{cite book
| title=Security in Computing
| url=https://archive.org/details/securityincomput0003pfle
| url-access=registration
| first1=Charles P.
| last1=Pfleeger
| first2=Shari Lawrence
| last2=Pfleeger
| year=2003
| publisher=[[Prentice Hall]] Professional
| isbn=9780130355485}}</ref>

Consider the following table, where the primary key is '''Name''' and '''[[λ]](x)''' is the security level:

{| class="wikitable"
|-
! Name
! λ(Name)
! Age
! λ(Age)
! λ
|-
| Alice
| Secret
| 18
| Top Secret
| Top Secret
|-
| Bob
| Secret
| 22
| Secret
| Secret
|-
| Bob
| Secret
| 33
| Top Secret
| Top Secret
|-
| Trudy
| Top Secret
| 15
| Top Secret
| Top Secret
|}

Although useful from a security standpoint, polyinstantiation raises several problems:
* Moral scrutiny, since it involves lying
* Providing consistent views
* Explosion in the number of rows

== Cryptography ==
In [[cryptography]], polyinstantiation is the existence of a [[cryptographic key]] in more than one secure physical location.

== References ==
{{reflist}}

[[Category:Object-oriented database management systems]]


{{crypto-stub}}
{{database-stub}}