The event-condition-action paradigm (also known as triggers or rules) is a powerful technology. It gives a database “active” capabilities – the ability to react automatically to changes in the database or in the environment. One potential use of this technology is in the area of multilevel secure (MLS) data processing, such as, military, where the subjects and objects are classified into different security levels and mandatory access control rules govern who has access to what. Although a lot of research appears in MLS databases, not much work has been done in the area of MLS active databases. In this paper, we look at one very important aspect of an MLS active database – event detection. An MLS rule, like any other object in an MLS database, is associated with a security level. Events in an MLS database are also associated with security levels. Since an MLS rule can be triggered by an event that is at a different security level than the rule, we cannot use the event detection...