Secure DBMS design presents about Secure mechanisms (Requirements, Basic Principles), The system R authorization model (The system R authorization model, Implement model), Secure DBMS architectures, Commercial products
Week Outline Secure mechanisms The system R authorization model Secure DBMS architectures Commercial products Outline Secure mechanisms The system R authorization model Secure DBMS architectures Commercial products Requirements Different types of access modes Dynamic authorization Inference control Polyinstantiation Auditing No Backdoors Reasonable performance Basic Principles Well-formed transactions Continuity of operation Separation of duties Delegation of authority Authenticated users Ease of safe use Outline Secure mechanisms The system R authorization model Secure DBMS architectures Commercial products The system R authorization model System R was defined by Griffiths and Wade(1976), revised by Fagin (1978) Developed at the IBM Research Laboratory Access modes: Read Insert Delete Update Drop The system R authorization model Grant < s , p , t , ts , g , go > Ex: The system R authorization model Revoke The system R authorization model Example: Cascade Integrity lock The trusted filter would generate a cryptographic checksum Commercial DBMS: TRUDATA Example: checksum Integrity lock Pros Detect modifications Trojan Horses direct release Untrusted DBMS Cons Require key management Inference threat Integrity lock Example: Relation “EMPLOYEE” Secret: Att= { name }, User-level Top-Secret: Attr= { proj } NIL Integrity lock Maximal Authorized View Integrity lock Commutative Filter Approach Replicated Low data is replicated Prototype NRL, no commercial DBMS Pros: Easy to access Cons: Require synchroniztion algorithms Expensive Remarks on secure architectures Secure mechanisms The system R authorization model Secure DBMS architectures Commercial products Commercial products Sybase secure server Ingres Oracle DB2 Commercial products Sybase secure server Objects: ○ Primary objects: table rows, the smallest objects that can have a security label ○ Secondary objects: tables, databases Subjects: users and user groups Access control: ○ Verify users’ privileges according to their label ○ Table: MAC->DAC ○ View: DAC->MAC Auditing can be configured Commercial products Ingres Subjects are users and groups When executing an application a user must enter the role and password for that role Objects: databases, catalogues, tables, views, procedures Grant and no Grant Option Auditdb command for inspecting audits Commercial products Oracle Subjects can be created, altered and dropped Granting roles to roles creates hierarchy Connect privilege to connect to database Resource privilege to create base tables, grant DBA privilege to also create users Special account: ○ Sys, System -> DBA privilege ○ Public -> basic group Commercial products Oracle Objects are databases, tables, views, etc Operations: ○ Select, Insert, Update, Delete, Alter, Index and Reference on tables ○ Select, Insert, Update and Delete on views ○ Execute privilege on procedures Grant option is available Commercial products DB2 Objects: tables, system catalogue Tables: Systables & Syscolumns ...Outline Secure mechanisms The system R authorization model Secure DBMS architectures Commercial products Outline Secure mechanisms The system R authorization model Secure DBMS architectures... Stronger than positive authorization Secure mechanisms The system R authorization model Secure DBMS architectures Commercial products Secure DBMS architectures Two modes: System high... of authority Authenticated users Ease of safe use Outline Secure mechanisms The system R authorization model Secure DBMS architectures Commercial products The system R authorization model