Session_3_EF - Database Security Session Three...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Database Security Session Three
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Data Access Controls Data Access Controls Major Issue: Controlling access to your data and files Ownership user/group/public Controls Discretionary Access Controls Mandatory Access Controls
Background image of page 2
Self/Group/Public Controls Controls Self/Group/Public Controls Controls r w x r w x r w x r=read-only w=write(change or replace the file) x=execute permission sel f group public
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
DAC and MAC DAC and MAC Discretionary Access Control; users control who can access their files . --access control lists Mandatory Access Control; users and files (subjects and objects)have fixed security attributes that are used by the system to determine whether a user can access a file
Background image of page 4
PAYROLL FILE Access Control List Jane can read and write file John can read file Jane Can read file Can write to file Can read file Can’t write to file John Sam Can’t write to file Can’t read file Discretionary Access Control with an Access Control List Discretionary Access Control with an Access Control List <john.acct,r> <jane.pay,rw> security kernel PAYROLL FILE
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Mandatory Access Control Mandatory Access Control Mandatory security attributes are assigned administratively (systems administrator) or automatically by the system according to strict rules Security attributes cannot be modified by users or their programs If the system determines that a user’s mandatory security attributes are inappropriate for access to a certain file; then nobody not even the owner of the file will be able to make that available to that user Often implemented by labeling where users have clearances and information has classifications Traditionally a user (or subject) has a clearance and the information (or object has a classification)
Background image of page 6
Bell-LaPadula Model Bell-LaPadula Model is an extension of the access matrix model Defines Security Requirements in Complex Systems where System Elements can be Classified Is the Reference Model for Data Protection under Mandatory Policies
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Bell-LaPadula Model Classifications of Systems Elements are expressed by Security Levels A Security Level has TWO Components A classification AND a Set of Categories The Classification of an element is a Member of a Set with four elements: Top Secret (TS), Secret (S) Confidential (C), Unclassified (U) The Set is Fully Ordered, i.e., ( TS > S > C > U)
Background image of page 8
Bell-LaPadula Model The Set of Categories is a subset of a non-hierarchical set of elements. The Elements depend on the environment and refer to Application Areas to which the information pertains or is used, e.g., Nato, Nuclear, and Crypto A Security level L 1 = (C 1 ,S 1 ) is higher or equal to ( dominates ) level L 2 = (C 2 ,S 2 ) if and only if: C 1 ≥ C 2 AND S 1 is a superset of S 2 (S 2 is a subset of S 1 )
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Bell-LaPadula Model If neither of the two levels dominates the other they are said to be incomparable. Examples
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/23/2009 for the course DBST dbst 668 taught by Professor Yelena - ta during the Spring '09 term at MD University College.

Page1 / 60

Session_3_EF - Database Security Session Three...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online