Scribd
Upload
104 views

Database Management System: Chapter 24: Database Security (Part 2)

This document discusses different types of database access controls. It describes Mandatory Access Control which classifies data and users into security levels and enforces rules for reading and writing data. It also compares Discretionary and Mandatory Access Controls, noting Mandatory Access Controls provide stronger protection while being less flexible. Finally, it outlines Role-Based Access Control which associates permissions with roles rather than individual users and supports separation of duties and role hierarchies.

Uploaded by

Samah aldawood
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
104 views

Database Management System: Chapter 24: Database Security (Part 2)

This document discusses different types of database access controls. It describes Mandatory Access Control which classifies data and users into security levels and enforces rules for reading and writing data. It also compares Discretionary and Mandatory Access Controls, noting Mandatory Access Controls provide stronger protection while being less flexible. Finally, it outlines Role-Based Access Control which associates permissions with roles rather than individual users and supports separation of duties and role hierarchies.

Uploaded by

Samah aldawood
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

Database Management System

Chapter 24: Database Security (part 2)


Outline

 Mandatory Access Control

 Comparing Discretionary Access Control and Mandatory Access Control

 Role-Based Access Control for Multilevel Security


Mandatory Access Control

 The discretionary access control techniques of granting


and revoking privileges on relations has traditionally been
the main security mechanism for relational database
systems.
 This is an all-or-nothing method:
 A user either has or does not have a certain privilege.
 In many applications, an additional security policy is
needed that classifies data and users based on security
classes.
Mandatory Access Control

 Typical security classes are top secret (TS), secret (S),


confidential (C), and unclassified (U), where TS is the
highest level and U is the lowest: TS ≥ S ≥ C ≥ U

 The commonly used model for multilevel security, known


as the Bell-LaPadula model, classifies each subject (user,
account, program) and object (relation, tuple, column,
view, operation) into one of the security classifications, T,
S, C, or U).
Mandatory Access Control

We will refer to the clearance (classification) of a subject S as class(S)


and to the classification of an object O as class(O).
Two restrictions are enforced on data access based on the subject/object
classifications:
1. A subject S is not allowed read access to an object O unless class(S) ≥
class(O). This is known as the simple security property.
2. A subject S is not allowed to write an object O unless class(S) ≤ class(O).
 This is known as the star property (or *-property).
Mandatory Access Control

 The first restriction is intuitive and enforces the obvious rule that no
subject can read an object whose security classification is higher than
the subject’s security clearance.

 The second restriction is less intuitive. It prohibits a subject from


writing an object at a lower security classification than the subject’s
security clearance.
Comparing Discretionary Access Control
and Mandatory Access Control

 Discretionary access control (DAC) policies are characterized by a high


degree of flexibility, which makes them suitable for a large variety of
application domains.

 The main drawback of DAC models is their vulnerability to malicious


attacks, such as Trojan horses embedded in application programs.
 The reason is that discretionary authorization models do not impose any
control on how information is propagated and used once it has been
accessed by users authorized to do so.
Comparing Discretionary Access Control
and Mandatory Access Control

 By contrast, mandatory policies ensure a high degree of protection—in


a way, they prevent any illegal flow of information. Therefore, they
are suitable for military and high security types of applications,
which require a higher degree of protection.
 However, mandatory policies have the drawback of being too rigid in
that they require a strict classification of subjects and objects into
security levels, and therefore they are applicable to few
environments.
 In many practical situations, discretionary policies are preferred
because they offer a better tradeoff between security and applicability.
Role-Based Access Control

 Its basic notion is that privileges and other permissions are associated
with organizational roles, rather than individual users.

 Roles can be created using the CREATE ROLE and DESTROY ROLE
commands. The GRANT and REVOKE commands can then be used to
assign and revoke privileges from roles, as well as for individual
users when needed
Role-Based Access Control

For example,
 a company may have roles such as sales account manager, purchasing agent,
mailroom clerk, department manager, and so on. Multiple individuals can be
assigned to each role.
 Security privileges that are common to a role are granted to the role name,
and any individual assigned to this role would automatically have those
privileges granted.
Role-Based Access Control

 Role-based access control (RBAC) can be used with traditional discretionary


and mandatory access controls; it ensures that only authorized users in their
specified roles are given access to certain data or resources.
 Users create sessions during which they may activate a subset of roles to
which they belong.
 Each session can be assigned to several roles, but it maps to one user or a
single subject only
Role-Based Access Control

 Separation of duties is another important requirement in various


commercial DBMSs. It is needed to prevent one user from doing work
that requires the involvement of two or more people, thus preventing
collusion.

 One method in which separation of duties can be successfully


implemented is with mutual exclusion of roles.
Role-Based Access Control

 Two roles are said to be mutually exclusive if both the roles cannot
be used simultaneously by the user.
 Mutual exclusion of roles can be categorized into two types,
 1. authorization time exclusion (static)
 two roles that have been specified as mutually exclusive cannot be part of a
user’s authorization at the same time
 2. runtime exclusion (dynamic)
 both these roles can be authorized to one user but cannot be activated by the
user at the same time
Role-Based Access Control

 The role hierarchy in RBAC is a natural way to organize roles to reflect


the organization’s lines of authority and responsibility.
 By convention, junior roles at the bottom are connected to
progressively senior roles as one moves up the hierarchy.

 The hierarchic diagrams are partial orders, so they are reflexive,


transitive, and antisymmetric
 i.e. if a user has one role, the user automatically has roles lower in the
hierarchy
Role-Based Access Control

 Defining a role hierarchy involves choosing the type of hierarchy and the
roles, and then implementing the hierarchy by granting roles to other roles.
 Role hierarchy can be implemented in the following manner:
 GRANT ROLE full_time TO employee_type1
 GRANT ROLE intern TO employee_type2

The above are examples of granting the roles full_time and intern to two types
of employees.
Role-Based Access Control

 Another issue related to security is identity management. Identity


refers to a unique name of an individual person. Since the legal names
of persons are not necessarily unique, the identity of a person must
include sufficient additional information to make the complete name
unique.

 Authorizing this identity and managing the schema of these identities


is called Identity Management.

 Identity Management addresses how organizations can effectively


authenticate people and manage their access to confidential
information.
Role-Based Access Control

 Another important consideration in RBAC systems is the possible


temporal constraints that may exist on roles
 such as, the time and duration of role activations, and timed
triggering of a role by an activation of another role

 Using an RBAC model is a highly desirable goal for addressing the key
security requirements of Web-based applications.
 Roles can be assigned to workflow tasks so that a user with any of the
roles related to a task may be authorized to execute it and may play a
certain role only for a certain duration.
Role-Based Access Control

 RBAC models have several desirable features, such as flexibility, policy


neutrality, better support for security management and administration.

 These features are lacking in DAC and MAC models. In addition, RBAC models
include the capabilities available in traditional DAC and MAC policies.

 Furthermore, an RBAC model provides mechanisms for addressing the security


issues related to the execution of tasks and workflows, and for specifying user
defined and organization-specific policies.

 Easier deployment over the Internet has been another reason for the success
of RBAC models.
Summary

 Mandatory Access Control

 Comparing Discretionary Access Control and Mandatory Access Control

 Role-Based Access Control for Multilevel Security

You might also like