Mandatory access controls Introduction to Mandatory Access Control (Security Classes, MAC properties, Multilevel relation, Pros and cons of MAC); MAC in Oracle - Oracle Label Security, security classes, classification level.
AMBIENT/
Chủ đề:
Nội dung Text: Mandatory access controls
- MANDATORY ACCESS CONTROLS
1 Faculty of Computer Science &
Engineering
HCMC University of Technology
Information Systems of Technology
- OUTLINE
� Introduction to Mandatory Access Control
� MAC in Oracle: Oracle Label Security
2
- INTRODUCTION TO MAC
� Security Classes
� MAC properties
� Multilevel relation
� Pros and cons of MAC
3
- INTRODUCTION TO MAC
� Mandatory Access Control (MAC):
� MAC applies to large amounts of information requiring
strong protect in environments where both the system
data and users can be classified clearly.
� MAC is a mechanism for enforcing multiple level of
security.
� Propose Model: Bell-LaPadula
4
- SECURITY CLASSES
� Classifies subjects and objects based on security
classes.
� Security class:
� Classification level
� Category
� A subject classification reflects the degree of trust
and the application area.
� A object classification reflects the sensitivity of
the information.
5
- CLASSIFICATION LEVEL
� Typical classification level are:
� Top secret (TS)
� Secret (S)
� Confidential (C)
� Unclassified (U)
Where TS is the highest level and U is the lowest:
TS ≥ S ≥ C ≥ U
6
- CATEGORY
� Categories tend to reflect the system areas or
departments of the organization.
� Example: there are 3 departments of the
organization: Sales, Production, Delivery
7
- SECURITY CLASSES
� A security class is defined as follow:
SC = (A, C)
A: classification level
C: category
� A relation of partial order on the security classes:
SC ≤ SC’ is verified, only if:
A ≤ A’ and C’ ⊇ C
� Examples:
(2, Sales) ≤ (3, (Sales, Production))
(2, (Sales, Production)) ≤ (3, Sales)
8
- INTRODUCTION TO MAC
� Security Classes
� MAC properties
� Multilevel relation
� Pros and cons of MAC
9
- MAC PROPERTIES
� Simple security property: A subject S is not
allowed read access to an object O unless
class(S) ≥ class(O).
� No read-up
� Star property (or * property): A subject S is
not allowed to write an object O unless
class(S) ≤ class(O)
� No write-down
� These restrictions together ensure that there is
no direct flow of information from high to low
subjects!!! 10
- WHY STAR PROPERTY?
11
- WHY STAR PROPERTY?
12
- WHY STAR PROPERTY?
13
- INTRODUCTION TO MAC
� Security Classes
� MAC properties
� Multilevel relation
� Pros and cons of MAC
14
- MULTILEVEL RELATION
� Multilevel relation: MAC + relational
database model
� Data objects: attributes and tuples
� Each attribute A is associated with a
classification attribute C
� A tuple classification attribute TC is to
provide a classification for each tuple as a
whole, the highest of all attribute
classification values.
R(A1,C1,A2,C2, …, An,Cn,TC)
� The apparent key of a multilevel relation is
the set of attributes that would have formed
the primary key in a regular (single-level) 15
relation.
- Multilevel relation
� A multilevel relation will appear to contain different
data to subjects (users) with different security
levels
16
- Multilevel relation
SELECT * FROM EMPLOYEE
�A user with security level S
17
- Multilevel relation
SELECT * FROM EMPLOYEE
�A user with security level C
18
- Multilevel relation
SELECT * FROM EMPLOYEE
�A user with security level U
19
- Multilevel relation
SELECT * FROM EMPLOYEE
�A user with security level U
20
Thêm vào BST
Báo xấu
Download
Vui lòng tải xuống để xem tài liệu đầy đủ
