Mandatory access controls
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (306.85 KB, 29 trang )
MANDATORY ACCESS CONTROLS
1
Faculty of Computer Science &
Engineering
HCMC University of Technology
Information Systems of Technology
OUTLINE
Introduction to Mandatory Access Control
MAC in Oracle: Oracle Label Security
2
INTRODUCTION TO MAC
Security Classes
MAC properties
Multilevel relation
Pros and cons of MAC
3
INTRODUCTION TO MAC
Mandatory Access Control (MAC):
MAC applies to large amounts of information requiring
strong protect in environments where both the system
data and users can be classified clearly.
MAC is a mechanism for enforcing multiple level of
security.
Propose Model: Bell-LaPadula
4
SECURITY CLASSES
Classifies subjects and objects based on security
classes.
Security class:
Classification level
Category
A subject classification reflects the degree of trust
and the application area.
A object classification reflects the sensitivity of
the information.
5
CLASSIFICATION LEVEL
Typical classification level are:
Top secret (TS)
Secret (S)
Confidential (C)
Unclassified (U)
Where TS is the highest level and U is the lowest:
TS ≥ S ≥ C ≥ U
6
CATEGORY
Categories tend to reflect the system areas or
departments of the organization.
Example: there are 3 departments of the
organization: Sales, Production, Delivery
7
SECURITY CLASSES
A security class is defined as follow:
SC = (A, C)
A: classification level
C: category
A relation of partial order on the security classes:
SC ≤ SC’ is verified, only if:
A ≤ A’ and C’ ⊇ C
Examples:
(2, Sales) ≤ (3, (Sales, Production))
(2, (Sales, Production)) ≤ (3, Sales)
8
INTRODUCTION TO MAC
Security Classes
MAC properties
Multilevel relation
Pros and cons of MAC
9
MAC PROPERTIES
Simple security property: A subject S is not
allowed read access to an object O unless
class(S) ≥ class(O).
No read-up
Star property (or * property): A subject S is
not allowed to write an object O unless
class(S) ≤ class(O)
No write-down
These restrictions together ensure that there is
no direct flow of information from high to low
subjects!!!
10
WHY STAR PROPERTY?
11
WHY STAR PROPERTY?
12
WHY STAR PROPERTY?
13
INTRODUCTION TO MAC
Security Classes
MAC properties
Multilevel relation
Pros and cons of MAC
14
MULTILEVEL RELATION
Multilevel relation: MAC + relational
database model
Data objects: attributes and tuples
Each attribute A is associated with a
classification attribute C
A tuple classification attribute TC is to
provide a classification for each tuple as a
whole, the highest of all attribute
classification values.
R(A1,C1,A2,C2, …, An,Cn,TC)
The apparent key of a multilevel relation is
the set of attributes that would have formed
the primary key in a regular (single-level)
relation.
15
Multilevel relation
A multilevel relation will appear to contain different
data to subjects (users) with different security
levels
16
Multilevel relation
SELECT * FROM EMPLOYEE
A user with security level S
17
Multilevel relation
SELECT * FROM EMPLOYEE
A user with security level C
18
Multilevel relation
SELECT * FROM EMPLOYEE
A user with security level U
19
Multilevel relation
SELECT * FROM EMPLOYEE
A user with security level U
20
Properties of Multilevel relation
Read and write operations: satisfy the No
Read-Up and No Write-Down principles.
21
Properties of Multilevel relation
Entity integrity: all attributes that are members
of the apparent key must not be null and must
have the same security classification within
each individual tuple.
In addition, all other attribute values in the
tuple must have a security classification greater
than or equal to that of the apparent key.
This constraint ensures that a user can see the
key if the user is permitted to see any part of
the tuple at all.
22
PROPERTIES OF MULTILEVEL RELATION
Polyinstantiation: where several tuples
can have the same apparent key value but
have different attribute values for users at
different classification levels.
23
POLYINSTANTIATION EXAMPLE
(security level C)
A user with security level C tries to update
the value of JobPerformance of Smith to
‘Excellent’:
UPDATE EMPLOYEE
SET JobPerformance = ‘Excellent’
WHERE Name = ‘Smith’;
24
POLYINSTANTIATION EXAMPLE
25
