SlideShare a Scribd company logo

Label based Mandatory Access Control on PostgreSQL

Kohei KaiGai
Kohei KaiGai

The document discusses label based mandatory access control (MAC) implemented in PostgreSQL through the contrib/sepgsql module, highlighting features added in version 9.1 such as the SECURITY LABEL statement and an overview of how MAC works to enforce centralized security policies and control data flow based on security labels rather than discretionary access control. It also provides an agenda for topics to be covered including an overview of MAC, new features in 9.1, and challenges for the 9.2 development cycle.

1 of 29
Downloaded 71 times
Label based Mandatory Access Control on PostgreSQL NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <kohei.kaigai@eu.nec.com>
SE-PostgreSQL got merged in v9.1 NEW! NEW! contrib/sepgsql contrib/sepgsql Page 2 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
History of development ▐ Sep-2006 Launch development of SE-PostgreSQL based on v8.2.x ▐ Apr-2007 First post to pgsql-hackers, after 2 weeks of feature freeze ▐ Mar-2007 SELinux Symposium 2007 ▐ Nov-2007 METI Japan gave an award due to SE-PostgreSQL ▐ May-2008 PGcon2008 – SE-PostgreSQL ▐ Jul-2008 Development Cycle for v8.4 Too large to review ▐ Jul-2009 Development Cycle for v9.0 Steps to consensus up to the current design ▐ May-2010 PostgreSQL Developer Summit ▐ Sep-2010 SECURITY LABEL statement got merged ▐ Jan-2011 contrib/sepgsql got merged ▐ May-2011 PGcon2011 – Label based MAC on PostgreSQL ▐ Jun-2011 1st Commit Fest of v9.2 development cycle Page 3 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 4 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Characteristics of MAC DAC (discretionary access control) : Owner decide access control rules read determine access read? control rules rwx rwx create rwx rwx Data Data MAC (mandatory access control) : A centralized security policy decides access control rules read read? confidential confidential confidential create confidential Data Data security security policy server determine access control rules Page 5 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Data Flow Control confidential unconfidential file with file with read write read write file with file with conffidential conffidential unconfidential unconfidential access control ▐ Keep confidential data in confidential domain No Read-Up No Write-Down (Only same level) Restriction to malicious internals ▐ Background TCSEC (Orange book; 1983) ISO/IEC15408 (CC: Common Criteria) Page 6 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Reference Monitor Concept Reference Query & Monitor Decision making Data Object Request Access Allowed Control User Denied Error Information Information Asset Asset Object Manager ▐ A module that suggests its access control decision ▐ Three characteristics Always invoked Tamperproof Small enough ▐ SELinux performs as reference monitor in Linux kernel Page 7 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Analogy in Linux and PostgreSQL system Filesystem LSM call permission Filesystem Security Security DAC MAC Server Policy SELinux SQL Database sepgsql ACL PostgreSQL SELinux SE-PostgreSQL Object manager Filesystem PostgreSQL Objects being referenced file, directory, device file, ... Schema, Table, Function, ... Way to request accesses System call SQL DAC Filesystem permission Database ACL MAC LSM & SELinux sepgsql & SELinux Page 8 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Decision making of SELinux (1/2) ▐ Access control logic like a function •• Filesystem Permission Filesystem Permission •• Database ACL Database ACL •• SELinux SELinux •• others…? others…? Subject Allowed Access Control Object Logic Denied Action Decision Decision Input Output read, write, read, write, select, … select, … •• Owner ID Owner ID •• Permission Bits Permission Bits •• User/Group ID User/Group ID •• ACL ACL •• Superuser Priv Superuser Priv •• Security Label Security Label •• Security Label Security Label Page 9 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Decision making of SELinux (2/2) ▐ The way to identify Subject/Object Path name? Owner ID? Security Label ▐ Security Label as a universal way for identification Example) system_u:system_r:postgresql_t:s0 system_u:object_r:sepgsql_ro_table_t:s0 ▐ Example of security policy allow staff_t sepgsql_ro_table_t : db_table { select }; 3rd item of the label being referenced 3rd item of the label being referencing Permission set being allowed SELinux uses white-list criteria. SELinux community provides general set of rules in default. Page 10 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
OT: source code of the default security policy Part of the “policy/modules/services/postgresql.te” at the default security policy policy_module(postgresql, 1.12.1) : type sepgsql_schema_t; postgresql_schema_object(sepgsql_schema_t) : type sepgsql_table_t; postgresql_table_object(sepgsql_table_t) : allow sepgsql_admin_type sepgsql_schema_type: db_schema { create drop getattr setattr relabelfrom relabelto search add_name remove_name }; allow sepgsql_client_type sepgsql_schema_t:db_schema { getattr search }; : allow sepgsql_admin_type sepgsql_table_type: db_table { create drop getattr setattr relabelfrom relabelto lock }; allow sepgsql_admin_type sepgsql_table_type: db_column { create drop getattr setattr relabelfrom relabelto }; : allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock }; allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert }; Page 11 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
System-wide consistency in Access control Human user a centralized security server Human user Security Policy SELinux Login Access control Login bash bash vi Filesystem vi Networks psql psql classified unclassified information information X-window PostgreSQL domain of inter process domain of classified processes communication channels unclassified processes Page 12 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 13 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Features needed to support Label based MAC ▐ Security Label mechanism to associate a short text with a particular database object something like xattr in filesystem cases ▐ Security Hook mechanism to acquire control on strategic points of the code something like LSM in Linux kernel cases ▐ Intermediation with SELinux mechanism to deliver a pair of security labels into SELinux in kernel, and prevents violated accesses according to its decision Page 14 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.1 New Features (1/3) – SECURITY LABEL SECURITY LABEL ON TABLE my_example FOR ‘selinux’ IS ‘system_u:object_r:sepgsql_ro_table_t:s0’; pg_seclabel system catalog classid objid subid provider label 2345 16384 0 ‘selinux’ ‘system_u:object_r:sepgsql_ro_table_t:s0’ Security Label Provider validation validation (module) check check ▐ Overview It enables to assign a text identifier of database objects. It allows security modules to reference security label of a particular object. ▐ Limitations Shared database objects are not supported, right now. Tuples in user-defined tables are not supported, right now. Page 15 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
OT: Labeled Networking staff_u:staff_r:staff_t:s0 getpeercon(3) getpeercon(3) SE-PgSQL IKE IKE Daemon Daemon user process Labeled IPsec connection PostgreSQL Authentication Hook ▐ Labeled Networking SELinux provides getpeercon(3) to get security label of the peer process. Kernel & IKE daemon were enhanced to exchange security labels. • supported on kernel-2.6.18 or later, ipsec-tools 0.72 or later ▐ Usecase in SE-PostgreSQL It obtains security label of the peer process on the authentication hook. Peer security label is applied to subject’s label on access control decision. Page 16 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.1 New Features (2/3) – Object Access Hooks DefineRelation() { 3rd Party modules : CREATE TABLE heap_create_with_catalog() sepgsql.so sepgsql.so sepgsql.so : •• compute a default to check permission to (*object_access_hook) • check permission securitya new table create label, and (OAT_POST_CREATE, ...); assign it a new table of create on the new •• assign security label of : table. security label assign the new table } the new table ▐ Overview It enables 3rd party modules to acquire control on strategic points of the code. E.g) Just after creation of the object for default labeling. The object_access_hook informs event type and object identifiers. ▐ Limitations Only OAT_POST_CREATE event type is supported, right now. May need OAT_CREATE, OAT_ALTER, ... Only object identifiers are informed via this hook, right now. Page 17 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.1 New Features (3/3) – contrib/sepgsql Client auth hook • Event Type • Object IDs Subject security label Query Hook invocation Required access policy Object security label Answer pg_seclabel contrib/sepgsql SELinux ▐ Overview It performs as intermediation between PostgreSQL and SELinux • PostgreSQL ... user Id, object Id, • SELinux ... security label, object class and permission ▐ Limitations only DML permissions are checked, right now default security labels on schemas, tables, columns and procedures Page 18 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 19 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Limitation in v9.1, and Challenges to v9.2 ▐ Frequent system-call invocations Add access control decision cache ▐ No security label on shared obejct Add pg_shseclabel catalog, and extend SECURITY LABEL ▐ No DDL Permission checks Extend object_access_hook to take arguments Put object_access_hook around existing DDL checks ▐ Row-level access control Fix leaky VIEWs problem Extend security label on user-defined tables Page 20 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.2 challenges (1/3) – Userspace access vector cache PostgreSQL contrib/sepgsql.so read-only mmap(2) read-only mmap(2) Status Page userspace # of loaded access vector invoke cache security (uavc) policy hooks access control SELinux logic (Linux kernel) ▐ Overview uavc keeps access control decision recently used; that allows to reduce number of system call invocations. ▐ Challenges Cache invalidation on security policy reloaded on kernel-side Linux 2.6.38 already support selinux status page. Page 21 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.2 challenges (2/3) – DDL Permissions postgres=# ALTER TABLE drink OWNER TO ymj; LOG: SELinux: denied { setattr } ¥ scontext=unconfined_u:unconfined_r:unconfined_t:s0 ¥ tcontext=system_u:object_r:sepgsql_table_t:s0:c0 ¥ tclass=db_table name=drink ERROR: SELinux: security policy violation ▐ Overview It allows to check permissions on DDL commands also. ▐ Challenges Larger number of strategic points than DML support object_access_hook with additional arguments Page 22 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.2 challenges (3/3) – Row-level security postgres=# SELECT security_label, * FROM drink; security_label | id | name | price -----------------------------------------+----+-------+------- system_u:object_r:sepgsql_table_t:s0 | 1 | coke | 150 system_u:object_r:sepgsql_table_t:s0 | 2 | fanta | 130 system_u:object_r:sepgsql_table_t:s0:c0 | 3 | beer | 200 system_u:object_r:sepgsql_table_t:s0:c1 | 4 | sake | 240 system_u:object_r:sepgsql_table_t:s0:c2 | 5 | juice | 180 (5 rows) ▐ Overview Filter out rows based on security policy and labels of individual tuples ▐ Challenges Fix the problem known as Leaky-VIEWs Security label support for user-defined tables Query rewriter to append security-policy function Interaction with system catalog Page 23 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Future Vision (1/2) – Role based access control Only DDL, Only DDL, DML not allowed DML not allowed SQL with SQL with confined privileges Database confined privileges Administrator Execute Execute internet Backup SE-PostgreSQL System Log pg_dump/pg_restore Administrator customer Log File Page 24 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Future Vision (2/2) – Secure multi-tenancy Filesystem Shared Database Resource Filesystem Filesystem Filesystem Database Database Database http://www.blue.com/ http://www.red.com/ http://www.green.com/ blue red green SELinux performs as a logical-wall between security domains. Page 25 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Summary ▐ Overview of MAC Data flow control and Reference monitor concept SE-PostgreSQL enables to deploy RDBMS within DFC scheme. ▐ Features in v9.1 SECURITY LABEL Object access hooks contrib/sepgsql ▐ Challenges to v9.2 Userspace access vector cache DDL Permissions Row-level access control Page 26 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Any Questions?
Thank you!
Label based Mandatory Access Control on PostgreSQL
Ad

Recommended

Linux Performance Profiling and Monitoring
Linux Performance Profiling and MonitoringLinux Performance Profiling and Monitoring
Linux Performance Profiling and Monitoring
Georg Schönberger
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance Analysis
Brendan Gregg
 
Spark Operator—Deploy, Manage and Monitor Spark clusters on Kubernetes
Spark Operator—Deploy, Manage and Monitor Spark clusters on Kubernetes Spark Operator—Deploy, Manage and Monitor Spark clusters on Kubernetes
Spark Operator—Deploy, Manage and Monitor Spark clusters on Kubernetes
Databricks
 
PostgreSQL Deep Internal
PostgreSQL Deep InternalPostgreSQL Deep Internal
PostgreSQL Deep Internal
EXEM
 
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAMGet Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAM
Jonathan Katz
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
Sandeep Patil
 
Monitoring IO performance with iostat and pt-diskstats
Monitoring IO performance with iostat and pt-diskstatsMonitoring IO performance with iostat and pt-diskstats
Monitoring IO performance with iostat and pt-diskstats
Ben Mildren
 
[pgday.Seoul 2022] PostgreSQL with Google Cloud
[pgday.Seoul 2022] PostgreSQL with Google Cloud[pgday.Seoul 2022] PostgreSQL with Google Cloud
[pgday.Seoul 2022] PostgreSQL with Google Cloud
PgDay.Seoul
 
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideCeph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Karan Singh
 
Introduction to PostgreSQL
Introduction to PostgreSQLIntroduction to PostgreSQL
Introduction to PostgreSQL
Jim Mlodgenski
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
Looking ahead at PostgreSQL 15
Looking ahead at PostgreSQL 15Looking ahead at PostgreSQL 15
Looking ahead at PostgreSQL 15
Jonathan Katz
 
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking ToolCeph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Community
 
Mastering PostgreSQL Administration
Mastering PostgreSQL AdministrationMastering PostgreSQL Administration
Mastering PostgreSQL Administration
EDB
 
OpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQLOpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQL
Open Gurukul
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
Brendan Gregg
 
Percona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL AdministrationPercona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL Administration
Mydbops
 
YOW2021 Computing Performance
YOW2021 Computing PerformanceYOW2021 Computing Performance
YOW2021 Computing Performance
Brendan Gregg
 
Role-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4jRole-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4j
Neo4j
 
2023 COSCUP - Whats new in PostgreSQL 16
2023 COSCUP - Whats new in PostgreSQL 162023 COSCUP - Whats new in PostgreSQL 16
2023 COSCUP - Whats new in PostgreSQL 16
José Lin
 
Operating PostgreSQL at Scale with Kubernetes
Operating PostgreSQL at Scale with KubernetesOperating PostgreSQL at Scale with Kubernetes
Operating PostgreSQL at Scale with Kubernetes
Jonathan Katz
 
binary log と 2PC と Group Commit
binary log と 2PC と Group Commitbinary log と 2PC と Group Commit
binary log と 2PC と Group Commit
Takanori Sejima
 
MariaDB Galera Cluster
MariaDB Galera ClusterMariaDB Galera Cluster
MariaDB Galera Cluster
Abdul Manaf
 
Practical Partitioning in Production with Postgres
Practical Partitioning in Production with PostgresPractical Partitioning in Production with Postgres
Practical Partitioning in Production with Postgres
EDB
 
Workshop on CIFS / SMB Protocol Performance Analysis
Workshop on CIFS / SMB Protocol Performance AnalysisWorkshop on CIFS / SMB Protocol Performance Analysis
Workshop on CIFS / SMB Protocol Performance Analysis
PerformanceVision (previously SecurActive)
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
Mydbops
 
Analytics with Apache Superset and ClickHouse - DoK Talks #151
Analytics with Apache Superset and ClickHouse - DoK Talks #151Analytics with Apache Superset and ClickHouse - DoK Talks #151
Analytics with Apache Superset and ClickHouse - DoK Talks #151
DoKC
 
PostgreSQL HA
PostgreSQL HAPostgreSQL HA
PostgreSQL HA
haroonm
 
Date security security principles
Date security security principlesDate security security principles
Date security security principles
Leo Mark Villar
 
Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFS
James Morris
 
Ad

More Related Content

What's hot (20)

Ceph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideCeph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Karan Singh
 
Introduction to PostgreSQL
Introduction to PostgreSQLIntroduction to PostgreSQL
Introduction to PostgreSQL
Jim Mlodgenski
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
Looking ahead at PostgreSQL 15
Looking ahead at PostgreSQL 15Looking ahead at PostgreSQL 15
Looking ahead at PostgreSQL 15
Jonathan Katz
 
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking ToolCeph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Community
 
Mastering PostgreSQL Administration
Mastering PostgreSQL AdministrationMastering PostgreSQL Administration
Mastering PostgreSQL Administration
EDB
 
OpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQLOpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQL
Open Gurukul
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
Brendan Gregg
 
Percona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL AdministrationPercona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL Administration
Mydbops
 
YOW2021 Computing Performance
YOW2021 Computing PerformanceYOW2021 Computing Performance
YOW2021 Computing Performance
Brendan Gregg
 
Role-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4jRole-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4j
Neo4j
 
2023 COSCUP - Whats new in PostgreSQL 16
2023 COSCUP - Whats new in PostgreSQL 162023 COSCUP - Whats new in PostgreSQL 16
2023 COSCUP - Whats new in PostgreSQL 16
José Lin
 
Operating PostgreSQL at Scale with Kubernetes
Operating PostgreSQL at Scale with KubernetesOperating PostgreSQL at Scale with Kubernetes
Operating PostgreSQL at Scale with Kubernetes
Jonathan Katz
 
binary log と 2PC と Group Commit
binary log と 2PC と Group Commitbinary log と 2PC と Group Commit
binary log と 2PC と Group Commit
Takanori Sejima
 
MariaDB Galera Cluster
MariaDB Galera ClusterMariaDB Galera Cluster
MariaDB Galera Cluster
Abdul Manaf
 
Practical Partitioning in Production with Postgres
Practical Partitioning in Production with PostgresPractical Partitioning in Production with Postgres
Practical Partitioning in Production with Postgres
EDB
 
Workshop on CIFS / SMB Protocol Performance Analysis
Workshop on CIFS / SMB Protocol Performance AnalysisWorkshop on CIFS / SMB Protocol Performance Analysis
Workshop on CIFS / SMB Protocol Performance Analysis
PerformanceVision (previously SecurActive)
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
Mydbops
 
Analytics with Apache Superset and ClickHouse - DoK Talks #151
Analytics with Apache Superset and ClickHouse - DoK Talks #151Analytics with Apache Superset and ClickHouse - DoK Talks #151
Analytics with Apache Superset and ClickHouse - DoK Talks #151
DoKC
 
PostgreSQL HA
PostgreSQL HAPostgreSQL HA
PostgreSQL HA
haroonm
 
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideCeph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Karan Singh
 
Introduction to PostgreSQL
Introduction to PostgreSQLIntroduction to PostgreSQL
Introduction to PostgreSQL
Jim Mlodgenski
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
Looking ahead at PostgreSQL 15
Looking ahead at PostgreSQL 15Looking ahead at PostgreSQL 15
Looking ahead at PostgreSQL 15
Jonathan Katz
 
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking ToolCeph Tech Talk -- Ceph Benchmarking Tool
Ceph Tech Talk -- Ceph Benchmarking Tool
Ceph Community
 
Mastering PostgreSQL Administration
Mastering PostgreSQL AdministrationMastering PostgreSQL Administration
Mastering PostgreSQL Administration
EDB
 
OpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQLOpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQL
Open Gurukul
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
Brendan Gregg
 
Percona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL AdministrationPercona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL Administration
Mydbops
 
YOW2021 Computing Performance
YOW2021 Computing PerformanceYOW2021 Computing Performance
YOW2021 Computing Performance
Brendan Gregg
 
Role-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4jRole-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4j
Neo4j
 
2023 COSCUP - Whats new in PostgreSQL 16
2023 COSCUP - Whats new in PostgreSQL 162023 COSCUP - Whats new in PostgreSQL 16
2023 COSCUP - Whats new in PostgreSQL 16
José Lin
 
Operating PostgreSQL at Scale with Kubernetes
Operating PostgreSQL at Scale with KubernetesOperating PostgreSQL at Scale with Kubernetes
Operating PostgreSQL at Scale with Kubernetes
Jonathan Katz
 
binary log と 2PC と Group Commit
binary log と 2PC と Group Commitbinary log と 2PC と Group Commit
binary log と 2PC と Group Commit
Takanori Sejima
 
MariaDB Galera Cluster
MariaDB Galera ClusterMariaDB Galera Cluster
MariaDB Galera Cluster
Abdul Manaf
 
Practical Partitioning in Production with Postgres
Practical Partitioning in Production with PostgresPractical Partitioning in Production with Postgres
Practical Partitioning in Production with Postgres
EDB
 
Workshop on CIFS / SMB Protocol Performance Analysis
Workshop on CIFS / SMB Protocol Performance AnalysisWorkshop on CIFS / SMB Protocol Performance Analysis
Workshop on CIFS / SMB Protocol Performance Analysis
PerformanceVision (previously SecurActive)
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
Mydbops
 
Analytics with Apache Superset and ClickHouse - DoK Talks #151
Analytics with Apache Superset and ClickHouse - DoK Talks #151Analytics with Apache Superset and ClickHouse - DoK Talks #151
Analytics with Apache Superset and ClickHouse - DoK Talks #151
DoKC
 
PostgreSQL HA
PostgreSQL HAPostgreSQL HA
PostgreSQL HA
haroonm
 

Viewers also liked (16)

Date security security principles
Date security security principlesDate security security principles
Date security security principles
Leo Mark Villar
 
Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFS
James Morris
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinux
FFRI, Inc.
 
[INFOREVER] 시큐리티 프레임웍 #6
[INFOREVER] 시큐리티 프레임웍 #6 [INFOREVER] 시큐리티 프레임웍 #6
[INFOREVER] 시큐리티 프레임웍 #6
skccsocial
 
Open splice dds security
Open splice dds securityOpen splice dds security
Open splice dds security
Ramzi Karoui
 
Week3 lecture
Week3 lectureWeek3 lecture
Week3 lecture
Shaikha AlQaydi
 
Multi tenancy with PostgreSQL
Multi tenancy with PostgreSQLMulti tenancy with PostgreSQL
Multi tenancy with PostgreSQL
Ramon Miguel Tayag
 
Multi-tenancy with Rails
Multi-tenancy with RailsMulti-tenancy with Rails
Multi-tenancy with Rails
Paul Gallagher
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and Future
Sabrina Kirrane
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
Sim Janghoon
 
120515 security framework2.20
120515 security framework2.20120515 security framework2.20
120515 security framework2.20
skccsocial
 
Best Practices for Becoming an Exceptional Postgres DBA
Best Practices for Becoming an Exceptional Postgres DBA Best Practices for Becoming an Exceptional Postgres DBA
Best Practices for Becoming an Exceptional Postgres DBA
EDB
 
Sua 정보보호관리체계 최종_강의교안
Sua 정보보호관리체계 최종_강의교안Sua 정보보호관리체계 최종_강의교안
Sua 정보보호관리체계 최종_강의교안
Lee Chanwoo
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
OpenSplice Security Module
OpenSplice Security ModuleOpenSplice Security Module
OpenSplice Security Module
Angelo Corsaro
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Win
bmbouter
 
Date security security principles
Date security security principlesDate security security principles
Date security security principles
Leo Mark Villar
 
Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFS
James Morris
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinux
FFRI, Inc.
 
[INFOREVER] 시큐리티 프레임웍 #6
[INFOREVER] 시큐리티 프레임웍 #6 [INFOREVER] 시큐리티 프레임웍 #6
[INFOREVER] 시큐리티 프레임웍 #6
skccsocial
 
Open splice dds security
Open splice dds securityOpen splice dds security
Open splice dds security
Ramzi Karoui
 
Week3 lecture
Week3 lectureWeek3 lecture
Week3 lecture
Shaikha AlQaydi
 
Multi tenancy with PostgreSQL
Multi tenancy with PostgreSQLMulti tenancy with PostgreSQL
Multi tenancy with PostgreSQL
Ramon Miguel Tayag
 
Multi-tenancy with Rails
Multi-tenancy with RailsMulti-tenancy with Rails
Multi-tenancy with Rails
Paul Gallagher
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and Future
Sabrina Kirrane
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
Sim Janghoon
 
120515 security framework2.20
120515 security framework2.20120515 security framework2.20
120515 security framework2.20
skccsocial
 
Best Practices for Becoming an Exceptional Postgres DBA
Best Practices for Becoming an Exceptional Postgres DBA Best Practices for Becoming an Exceptional Postgres DBA
Best Practices for Becoming an Exceptional Postgres DBA
EDB
 
Sua 정보보호관리체계 최종_강의교안
Sua 정보보호관리체계 최종_강의교안Sua 정보보호관리체계 최종_강의교안
Sua 정보보호관리체계 최종_강의교안
Lee Chanwoo
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
OpenSplice Security Module
OpenSplice Security ModuleOpenSplice Security Module
OpenSplice Security Module
Angelo Corsaro
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Win
bmbouter
 
Ad

Similar to Label based Mandatory Access Control on PostgreSQL (20)

The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
Kohei KaiGai
 
LAPP/SELinux - A secure web application stack using SE-PostgreSQL
LAPP/SELinux - A secure web application stack using SE-PostgreSQLLAPP/SELinux - A secure web application stack using SE-PostgreSQL
LAPP/SELinux - A secure web application stack using SE-PostgreSQL
Kohei KaiGai
 
SE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlSE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access control
Kohei KaiGai
 
Getting Memcached Secure
Getting Memcached SecureGetting Memcached Secure
Getting Memcached Secure
Kohei KaiGai
 
Security Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlSecurity Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access control
Kohei KaiGai
 
LAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxLAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinux
Kohei KaiGai
 
Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2
Naba Barkakati
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
 
Windows server 2012 security Webinar
Windows server 2012 security WebinarWindows server 2012 security Webinar
Windows server 2012 security Webinar
The eCore Group
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
Tuan Phan
 
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerSANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
OracleIDM
 
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
IBM Danmark
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
Eduardo Castro
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
Eduardo Castro
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010
Andris Soroka
 
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios
 
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
RUDDER
 
Rudder - Configuration management benefits for everyone (FOSDEM 2012)
Rudder - Configuration management benefits for everyone (FOSDEM 2012)Rudder - Configuration management benefits for everyone (FOSDEM 2012)
Rudder - Configuration management benefits for everyone (FOSDEM 2012)
RUDDER
 
Datasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneDatasheet stonegate fw-allinone
Datasheet stonegate fw-allinone
Multibyte Consultoria
 
What’s new in windows server 2012
What’s new in windows server 2012What’s new in windows server 2012
What’s new in windows server 2012
Alex de Jong
 
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
Kohei KaiGai
 
LAPP/SELinux - A secure web application stack using SE-PostgreSQL
LAPP/SELinux - A secure web application stack using SE-PostgreSQLLAPP/SELinux - A secure web application stack using SE-PostgreSQL
LAPP/SELinux - A secure web application stack using SE-PostgreSQL
Kohei KaiGai
 
SE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlSE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access control
Kohei KaiGai
 
Getting Memcached Secure
Getting Memcached SecureGetting Memcached Secure
Getting Memcached Secure
Kohei KaiGai
 
Security Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlSecurity Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access control
Kohei KaiGai
 
LAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxLAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinux
Kohei KaiGai
 
Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2
Naba Barkakati
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
 
Windows server 2012 security Webinar
Windows server 2012 security WebinarWindows server 2012 security Webinar
Windows server 2012 security Webinar
The eCore Group
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
Tuan Phan
 
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerSANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
OracleIDM
 
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
IBM Danmark
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
Eduardo Castro
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
Eduardo Castro
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010
Andris Soroka
 
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios
 
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
RUDDER
 
Rudder - Configuration management benefits for everyone (FOSDEM 2012)
Rudder - Configuration management benefits for everyone (FOSDEM 2012)Rudder - Configuration management benefits for everyone (FOSDEM 2012)
Rudder - Configuration management benefits for everyone (FOSDEM 2012)
RUDDER
 
Datasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneDatasheet stonegate fw-allinone
Datasheet stonegate fw-allinone
Multibyte Consultoria
 
What’s new in windows server 2012
What’s new in windows server 2012What’s new in windows server 2012
What’s new in windows server 2012
Alex de Jong
 
Ad

More from Kohei KaiGai (20)

20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History
Kohei KaiGai
 
20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API
Kohei KaiGai
 
20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow
Kohei KaiGai
 
20210928_pgunconf_hll_count
20210928_pgunconf_hll_count20210928_pgunconf_hll_count
20210928_pgunconf_hll_count
Kohei KaiGai
 
20210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.020210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.0
Kohei KaiGai
 
20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache
Kohei KaiGai
 
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
Kohei KaiGai
 
20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS
Kohei KaiGai
 
20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS
Kohei KaiGai
 
20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing
Kohei KaiGai
 
20200828_OSCKyoto_Online
20200828_OSCKyoto_Online20200828_OSCKyoto_Online
20200828_OSCKyoto_Online
Kohei KaiGai
 
20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw
Kohei KaiGai
 
20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw
Kohei KaiGai
 
20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo
Kohei KaiGai
 
20191115-PGconf.Japan
20191115-PGconf.Japan20191115-PGconf.Japan
20191115-PGconf.Japan
Kohei KaiGai
 
20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta
Kohei KaiGai
 
20190925_DBTS_PGStrom
20190925_DBTS_PGStrom20190925_DBTS_PGStrom
20190925_DBTS_PGStrom
Kohei KaiGai
 
20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai
Kohei KaiGai
 
20190516_DLC10_PGStrom
20190516_DLC10_PGStrom20190516_DLC10_PGStrom
20190516_DLC10_PGStrom
Kohei KaiGai
 
20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw
Kohei KaiGai
 
20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History
Kohei KaiGai
 
20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API
Kohei KaiGai
 
20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow
Kohei KaiGai
 
20210928_pgunconf_hll_count
20210928_pgunconf_hll_count20210928_pgunconf_hll_count
20210928_pgunconf_hll_count
Kohei KaiGai
 
20210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.020210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.0
Kohei KaiGai
 
20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache
Kohei KaiGai
 
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
Kohei KaiGai
 
20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS
Kohei KaiGai
 
20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS
Kohei KaiGai
 
20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing
Kohei KaiGai
 
20200828_OSCKyoto_Online
20200828_OSCKyoto_Online20200828_OSCKyoto_Online
20200828_OSCKyoto_Online
Kohei KaiGai
 
20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw
Kohei KaiGai
 
20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw
Kohei KaiGai
 
20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo
Kohei KaiGai
 
20191115-PGconf.Japan
20191115-PGconf.Japan20191115-PGconf.Japan
20191115-PGconf.Japan
Kohei KaiGai
 
20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta
Kohei KaiGai
 
20190925_DBTS_PGStrom
20190925_DBTS_PGStrom20190925_DBTS_PGStrom
20190925_DBTS_PGStrom
Kohei KaiGai
 
20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai
Kohei KaiGai
 
20190516_DLC10_PGStrom
20190516_DLC10_PGStrom20190516_DLC10_PGStrom
20190516_DLC10_PGStrom
Kohei KaiGai
 
20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw
Kohei KaiGai
 

Recently uploaded (20)

CGG Deck English - Apr 2025-edit (1).pptx
CGG Deck English - Apr 2025-edit (1).pptxCGG Deck English - Apr 2025-edit (1).pptx
CGG Deck English - Apr 2025-edit (1).pptx
China_Gold_International_Resources
 
TMG - Q3 2025 Earnings Call Slides - v4.pptx
TMG - Q3 2025 Earnings Call Slides - v4.pptxTMG - Q3 2025 Earnings Call Slides - v4.pptx
TMG - Q3 2025 Earnings Call Slides - v4.pptx
Marketing847413
 
Petslify Turns Pet Photos into Hug-Worthy Memories
Petslify Turns Pet Photos into Hug-Worthy MemoriesPetslify Turns Pet Photos into Hug-Worthy Memories
Petslify Turns Pet Photos into Hug-Worthy Memories
Petslify
 
Alan Stalcup - The Enterprising CEO
Alan Stalcup - The Enterprising CEOAlan Stalcup - The Enterprising CEO
Alan Stalcup - The Enterprising CEO
Alan Stalcup
 
www.visualmedia.com digital markiting (1).pptx
www.visualmedia.com digital markiting (1).pptxwww.visualmedia.com digital markiting (1).pptx
www.visualmedia.com digital markiting (1).pptx
Davinder Singh
 
Accounting_Basics_Complete_Guide_By_CA_Suvidha_Chaplot (1).pdf
Accounting_Basics_Complete_Guide_By_CA_Suvidha_Chaplot (1).pdfAccounting_Basics_Complete_Guide_By_CA_Suvidha_Chaplot (1).pdf
Accounting_Basics_Complete_Guide_By_CA_Suvidha_Chaplot (1).pdf
CA Suvidha Chaplot
 
From Sunlight to Savings The Rise of Homegrown Solar Power.pdf
From Sunlight to Savings The Rise of Homegrown Solar Power.pdfFrom Sunlight to Savings The Rise of Homegrown Solar Power.pdf
From Sunlight to Savings The Rise of Homegrown Solar Power.pdf
Insolation Energy
 
AlaskaSilver Corporate Presentation Apr 28 2025.pdf
AlaskaSilver Corporate Presentation Apr 28 2025.pdfAlaskaSilver Corporate Presentation Apr 28 2025.pdf
AlaskaSilver Corporate Presentation Apr 28 2025.pdf
Western Alaska Minerals Corp.
 
Disinformation in Society Report 2025 Key Findings
Disinformation in Society Report 2025 Key FindingsDisinformation in Society Report 2025 Key Findings
Disinformation in Society Report 2025 Key Findings
MariumAbdulhussein
 
Network Detection and Response (NDR): The Future of Intelligent Cybersecurity
Network Detection and Response (NDR): The Future of Intelligent CybersecurityNetwork Detection and Response (NDR): The Future of Intelligent Cybersecurity
Network Detection and Response (NDR): The Future of Intelligent Cybersecurity
GauriKale30
 
BeMetals_Presentation_May_2025 .pdf
BeMetals_Presentation_May_2025 .pdfBeMetals_Presentation_May_2025 .pdf
BeMetals_Presentation_May_2025 .pdf
DerekIwanaka2
 
intra-mart Accel series 2025 Spring updates-en.ppt
intra-mart Accel series 2025 Spring updates-en.pptintra-mart Accel series 2025 Spring updates-en.ppt
intra-mart Accel series 2025 Spring updates-en.ppt
NTTDATA INTRAMART
 
Treis & Friends One sheet - Portfolio IV
Treis & Friends One sheet - Portfolio IVTreis & Friends One sheet - Portfolio IV
Treis & Friends One sheet - Portfolio IV
aparicioregina7
 
LDMMIA Bday celebration 2025 Gifts information
LDMMIA Bday celebration 2025 Gifts informationLDMMIA Bday celebration 2025 Gifts information
LDMMIA Bday celebration 2025 Gifts information
LDM Mia eStudios
 
The Peter Cowley Entrepreneurship Event Master 30th.pdf
The Peter Cowley Entrepreneurship Event Master 30th.pdfThe Peter Cowley Entrepreneurship Event Master 30th.pdf
The Peter Cowley Entrepreneurship Event Master 30th.pdf
Richard Lucas
 
Avoiding the China Tariffs: Save Costs & Stay Competitive
Avoiding the China Tariffs: Save Costs & Stay CompetitiveAvoiding the China Tariffs: Save Costs & Stay Competitive
Avoiding the China Tariffs: Save Costs & Stay Competitive
NovaLink
 
India Advertising Market Size & Growth | Industry Trends
India Advertising Market Size & Growth | Industry TrendsIndia Advertising Market Size & Growth | Industry Trends
India Advertising Market Size & Growth | Industry Trends
Aman Bansal
 
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
Khaled Al Awadi
 
Brandon Flatley - A Skilled Musician
Brandon Flatley - A Skilled MusicianBrandon Flatley - A Skilled Musician
Brandon Flatley - A Skilled Musician
Brandon Flatley
 
Strategic Enterprise Management - Unit I.pptx
Strategic Enterprise Management - Unit I.pptxStrategic Enterprise Management - Unit I.pptx
Strategic Enterprise Management - Unit I.pptx
PrekshyaRana
 
CGG Deck English - Apr 2025-edit (1).pptx
CGG Deck English - Apr 2025-edit (1).pptxCGG Deck English - Apr 2025-edit (1).pptx
CGG Deck English - Apr 2025-edit (1).pptx
China_Gold_International_Resources
 
TMG - Q3 2025 Earnings Call Slides - v4.pptx
TMG - Q3 2025 Earnings Call Slides - v4.pptxTMG - Q3 2025 Earnings Call Slides - v4.pptx
TMG - Q3 2025 Earnings Call Slides - v4.pptx
Marketing847413
 
Petslify Turns Pet Photos into Hug-Worthy Memories
Petslify Turns Pet Photos into Hug-Worthy MemoriesPetslify Turns Pet Photos into Hug-Worthy Memories
Petslify Turns Pet Photos into Hug-Worthy Memories
Petslify
 
Alan Stalcup - The Enterprising CEO
Alan Stalcup - The Enterprising CEOAlan Stalcup - The Enterprising CEO
Alan Stalcup - The Enterprising CEO
Alan Stalcup
 
www.visualmedia.com digital markiting (1).pptx
www.visualmedia.com digital markiting (1).pptxwww.visualmedia.com digital markiting (1).pptx
www.visualmedia.com digital markiting (1).pptx
Davinder Singh
 
Accounting_Basics_Complete_Guide_By_CA_Suvidha_Chaplot (1).pdf
Accounting_Basics_Complete_Guide_By_CA_Suvidha_Chaplot (1).pdfAccounting_Basics_Complete_Guide_By_CA_Suvidha_Chaplot (1).pdf
Accounting_Basics_Complete_Guide_By_CA_Suvidha_Chaplot (1).pdf
CA Suvidha Chaplot
 
From Sunlight to Savings The Rise of Homegrown Solar Power.pdf
From Sunlight to Savings The Rise of Homegrown Solar Power.pdfFrom Sunlight to Savings The Rise of Homegrown Solar Power.pdf
From Sunlight to Savings The Rise of Homegrown Solar Power.pdf
Insolation Energy
 
AlaskaSilver Corporate Presentation Apr 28 2025.pdf
AlaskaSilver Corporate Presentation Apr 28 2025.pdfAlaskaSilver Corporate Presentation Apr 28 2025.pdf
AlaskaSilver Corporate Presentation Apr 28 2025.pdf
Western Alaska Minerals Corp.
 
Disinformation in Society Report 2025 Key Findings
Disinformation in Society Report 2025 Key FindingsDisinformation in Society Report 2025 Key Findings
Disinformation in Society Report 2025 Key Findings
MariumAbdulhussein
 
Network Detection and Response (NDR): The Future of Intelligent Cybersecurity
Network Detection and Response (NDR): The Future of Intelligent CybersecurityNetwork Detection and Response (NDR): The Future of Intelligent Cybersecurity
Network Detection and Response (NDR): The Future of Intelligent Cybersecurity
GauriKale30
 
BeMetals_Presentation_May_2025 .pdf
BeMetals_Presentation_May_2025 .pdfBeMetals_Presentation_May_2025 .pdf
BeMetals_Presentation_May_2025 .pdf
DerekIwanaka2
 
intra-mart Accel series 2025 Spring updates-en.ppt
intra-mart Accel series 2025 Spring updates-en.pptintra-mart Accel series 2025 Spring updates-en.ppt
intra-mart Accel series 2025 Spring updates-en.ppt
NTTDATA INTRAMART
 
Treis & Friends One sheet - Portfolio IV
Treis & Friends One sheet - Portfolio IVTreis & Friends One sheet - Portfolio IV
Treis & Friends One sheet - Portfolio IV
aparicioregina7
 
LDMMIA Bday celebration 2025 Gifts information
LDMMIA Bday celebration 2025 Gifts informationLDMMIA Bday celebration 2025 Gifts information
LDMMIA Bday celebration 2025 Gifts information
LDM Mia eStudios
 
The Peter Cowley Entrepreneurship Event Master 30th.pdf
The Peter Cowley Entrepreneurship Event Master 30th.pdfThe Peter Cowley Entrepreneurship Event Master 30th.pdf
The Peter Cowley Entrepreneurship Event Master 30th.pdf
Richard Lucas
 
Avoiding the China Tariffs: Save Costs & Stay Competitive
Avoiding the China Tariffs: Save Costs & Stay CompetitiveAvoiding the China Tariffs: Save Costs & Stay Competitive
Avoiding the China Tariffs: Save Costs & Stay Competitive
NovaLink
 
India Advertising Market Size & Growth | Industry Trends
India Advertising Market Size & Growth | Industry TrendsIndia Advertising Market Size & Growth | Industry Trends
India Advertising Market Size & Growth | Industry Trends
Aman Bansal
 
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
NewBase 28 April 2025 Energy News issue - 1783 by Khaled Al Awadi_compressed...
Khaled Al Awadi
 
Brandon Flatley - A Skilled Musician
Brandon Flatley - A Skilled MusicianBrandon Flatley - A Skilled Musician
Brandon Flatley - A Skilled Musician
Brandon Flatley
 
Strategic Enterprise Management - Unit I.pptx
Strategic Enterprise Management - Unit I.pptxStrategic Enterprise Management - Unit I.pptx
Strategic Enterprise Management - Unit I.pptx
PrekshyaRana
 

Label based Mandatory Access Control on PostgreSQL

  • 1. Label based Mandatory Access Control on PostgreSQL NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <[email protected]>
  • 2. SE-PostgreSQL got merged in v9.1 NEW! NEW! contrib/sepgsql contrib/sepgsql Page 2 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 3. History of development ▐ Sep-2006 Launch development of SE-PostgreSQL based on v8.2.x ▐ Apr-2007 First post to pgsql-hackers, after 2 weeks of feature freeze ▐ Mar-2007 SELinux Symposium 2007 ▐ Nov-2007 METI Japan gave an award due to SE-PostgreSQL ▐ May-2008 PGcon2008 – SE-PostgreSQL ▐ Jul-2008 Development Cycle for v8.4 Too large to review ▐ Jul-2009 Development Cycle for v9.0 Steps to consensus up to the current design ▐ May-2010 PostgreSQL Developer Summit ▐ Sep-2010 SECURITY LABEL statement got merged ▐ Jan-2011 contrib/sepgsql got merged ▐ May-2011 PGcon2011 – Label based MAC on PostgreSQL ▐ Jun-2011 1st Commit Fest of v9.2 development cycle Page 3 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 4. Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 4 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 5. Characteristics of MAC DAC (discretionary access control) : Owner decide access control rules read determine access read? control rules rwx rwx create rwx rwx Data Data MAC (mandatory access control) : A centralized security policy decides access control rules read read? confidential confidential confidential create confidential Data Data security security policy server determine access control rules Page 5 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 6. Data Flow Control confidential unconfidential file with file with read write read write file with file with conffidential conffidential unconfidential unconfidential access control ▐ Keep confidential data in confidential domain No Read-Up No Write-Down (Only same level) Restriction to malicious internals ▐ Background TCSEC (Orange book; 1983) ISO/IEC15408 (CC: Common Criteria) Page 6 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 7. Reference Monitor Concept Reference Query & Monitor Decision making Data Object Request Access Allowed Control User Denied Error Information Information Asset Asset Object Manager ▐ A module that suggests its access control decision ▐ Three characteristics Always invoked Tamperproof Small enough ▐ SELinux performs as reference monitor in Linux kernel Page 7 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 8. Analogy in Linux and PostgreSQL system Filesystem LSM call permission Filesystem Security Security DAC MAC Server Policy SELinux SQL Database sepgsql ACL PostgreSQL SELinux SE-PostgreSQL Object manager Filesystem PostgreSQL Objects being referenced file, directory, device file, ... Schema, Table, Function, ... Way to request accesses System call SQL DAC Filesystem permission Database ACL MAC LSM & SELinux sepgsql & SELinux Page 8 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 9. Decision making of SELinux (1/2) ▐ Access control logic like a function •• Filesystem Permission Filesystem Permission •• Database ACL Database ACL •• SELinux SELinux •• others…? others…? Subject Allowed Access Control Object Logic Denied Action Decision Decision Input Output read, write, read, write, select, … select, … •• Owner ID Owner ID •• Permission Bits Permission Bits •• User/Group ID User/Group ID •• ACL ACL •• Superuser Priv Superuser Priv •• Security Label Security Label •• Security Label Security Label Page 9 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 10. Decision making of SELinux (2/2) ▐ The way to identify Subject/Object Path name? Owner ID? Security Label ▐ Security Label as a universal way for identification Example) system_u:system_r:postgresql_t:s0 system_u:object_r:sepgsql_ro_table_t:s0 ▐ Example of security policy allow staff_t sepgsql_ro_table_t : db_table { select }; 3rd item of the label being referenced 3rd item of the label being referencing Permission set being allowed SELinux uses white-list criteria. SELinux community provides general set of rules in default. Page 10 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 11. OT: source code of the default security policy Part of the “policy/modules/services/postgresql.te” at the default security policy policy_module(postgresql, 1.12.1) : type sepgsql_schema_t; postgresql_schema_object(sepgsql_schema_t) : type sepgsql_table_t; postgresql_table_object(sepgsql_table_t) : allow sepgsql_admin_type sepgsql_schema_type: db_schema { create drop getattr setattr relabelfrom relabelto search add_name remove_name }; allow sepgsql_client_type sepgsql_schema_t:db_schema { getattr search }; : allow sepgsql_admin_type sepgsql_table_type: db_table { create drop getattr setattr relabelfrom relabelto lock }; allow sepgsql_admin_type sepgsql_table_type: db_column { create drop getattr setattr relabelfrom relabelto }; : allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock }; allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert }; Page 11 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 12. System-wide consistency in Access control Human user a centralized security server Human user Security Policy SELinux Login Access control Login bash bash vi Filesystem vi Networks psql psql classified unclassified information information X-window PostgreSQL domain of inter process domain of classified processes communication channels unclassified processes Page 12 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 13. Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 13 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 14. Features needed to support Label based MAC ▐ Security Label mechanism to associate a short text with a particular database object something like xattr in filesystem cases ▐ Security Hook mechanism to acquire control on strategic points of the code something like LSM in Linux kernel cases ▐ Intermediation with SELinux mechanism to deliver a pair of security labels into SELinux in kernel, and prevents violated accesses according to its decision Page 14 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 15. v9.1 New Features (1/3) – SECURITY LABEL SECURITY LABEL ON TABLE my_example FOR ‘selinux’ IS ‘system_u:object_r:sepgsql_ro_table_t:s0’; pg_seclabel system catalog classid objid subid provider label 2345 16384 0 ‘selinux’ ‘system_u:object_r:sepgsql_ro_table_t:s0’ Security Label Provider validation validation (module) check check ▐ Overview It enables to assign a text identifier of database objects. It allows security modules to reference security label of a particular object. ▐ Limitations Shared database objects are not supported, right now. Tuples in user-defined tables are not supported, right now. Page 15 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 16. OT: Labeled Networking staff_u:staff_r:staff_t:s0 getpeercon(3) getpeercon(3) SE-PgSQL IKE IKE Daemon Daemon user process Labeled IPsec connection PostgreSQL Authentication Hook ▐ Labeled Networking SELinux provides getpeercon(3) to get security label of the peer process. Kernel & IKE daemon were enhanced to exchange security labels. • supported on kernel-2.6.18 or later, ipsec-tools 0.72 or later ▐ Usecase in SE-PostgreSQL It obtains security label of the peer process on the authentication hook. Peer security label is applied to subject’s label on access control decision. Page 16 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 17. v9.1 New Features (2/3) – Object Access Hooks DefineRelation() { 3rd Party modules : CREATE TABLE heap_create_with_catalog() sepgsql.so sepgsql.so sepgsql.so : •• compute a default to check permission to (*object_access_hook) • check permission securitya new table create label, and (OAT_POST_CREATE, ...); assign it a new table of create on the new •• assign security label of : table. security label assign the new table } the new table ▐ Overview It enables 3rd party modules to acquire control on strategic points of the code. E.g) Just after creation of the object for default labeling. The object_access_hook informs event type and object identifiers. ▐ Limitations Only OAT_POST_CREATE event type is supported, right now. May need OAT_CREATE, OAT_ALTER, ... Only object identifiers are informed via this hook, right now. Page 17 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 18. v9.1 New Features (3/3) – contrib/sepgsql Client auth hook • Event Type • Object IDs Subject security label Query Hook invocation Required access policy Object security label Answer pg_seclabel contrib/sepgsql SELinux ▐ Overview It performs as intermediation between PostgreSQL and SELinux • PostgreSQL ... user Id, object Id, • SELinux ... security label, object class and permission ▐ Limitations only DML permissions are checked, right now default security labels on schemas, tables, columns and procedures Page 18 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 19. Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 19 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 20. Limitation in v9.1, and Challenges to v9.2 ▐ Frequent system-call invocations Add access control decision cache ▐ No security label on shared obejct Add pg_shseclabel catalog, and extend SECURITY LABEL ▐ No DDL Permission checks Extend object_access_hook to take arguments Put object_access_hook around existing DDL checks ▐ Row-level access control Fix leaky VIEWs problem Extend security label on user-defined tables Page 20 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 21. v9.2 challenges (1/3) – Userspace access vector cache PostgreSQL contrib/sepgsql.so read-only mmap(2) read-only mmap(2) Status Page userspace # of loaded access vector invoke cache security (uavc) policy hooks access control SELinux logic (Linux kernel) ▐ Overview uavc keeps access control decision recently used; that allows to reduce number of system call invocations. ▐ Challenges Cache invalidation on security policy reloaded on kernel-side Linux 2.6.38 already support selinux status page. Page 21 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 22. v9.2 challenges (2/3) – DDL Permissions postgres=# ALTER TABLE drink OWNER TO ymj; LOG: SELinux: denied { setattr } ¥ scontext=unconfined_u:unconfined_r:unconfined_t:s0 ¥ tcontext=system_u:object_r:sepgsql_table_t:s0:c0 ¥ tclass=db_table name=drink ERROR: SELinux: security policy violation ▐ Overview It allows to check permissions on DDL commands also. ▐ Challenges Larger number of strategic points than DML support object_access_hook with additional arguments Page 22 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 23. v9.2 challenges (3/3) – Row-level security postgres=# SELECT security_label, * FROM drink; security_label | id | name | price -----------------------------------------+----+-------+------- system_u:object_r:sepgsql_table_t:s0 | 1 | coke | 150 system_u:object_r:sepgsql_table_t:s0 | 2 | fanta | 130 system_u:object_r:sepgsql_table_t:s0:c0 | 3 | beer | 200 system_u:object_r:sepgsql_table_t:s0:c1 | 4 | sake | 240 system_u:object_r:sepgsql_table_t:s0:c2 | 5 | juice | 180 (5 rows) ▐ Overview Filter out rows based on security policy and labels of individual tuples ▐ Challenges Fix the problem known as Leaky-VIEWs Security label support for user-defined tables Query rewriter to append security-policy function Interaction with system catalog Page 23 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 24. Future Vision (1/2) – Role based access control Only DDL, Only DDL, DML not allowed DML not allowed SQL with SQL with confined privileges Database confined privileges Administrator Execute Execute internet Backup SE-PostgreSQL System Log pg_dump/pg_restore Administrator customer Log File Page 24 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 25. Future Vision (2/2) – Secure multi-tenancy Filesystem Shared Database Resource Filesystem Filesystem Filesystem Database Database Database http://www.blue.com/ http://www.red.com/ http://www.green.com/ blue red green SELinux performs as a logical-wall between security domains. Page 25 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 26. Summary ▐ Overview of MAC Data flow control and Reference monitor concept SE-PostgreSQL enables to deploy RDBMS within DFC scheme. ▐ Features in v9.1 SECURITY LABEL Object access hooks contrib/sepgsql ▐ Challenges to v9.2 Userspace access vector cache DDL Permissions Row-level access control Page 26 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL