Access Control - Introduction to Database Security - Lecture Slides, Slides of Network security

The key points which are very informative in context of the database security are listed as:Access Control, Access Control Principles, Mandatory Access Control, Discretionary Access Control, Role-Based Access Control, Matrix Model, Security System, Services, Good Tool, Access Control List

Typology: Slides

2012/2013

Uploaded on 04/22/2013

sathiamoorthy
sathiamoorthy 🇮🇳

4.4

(24)

106 documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Access Control
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download Access Control - Introduction to Database Security - Lecture Slides and more Slides Network security in PDF only on Docsity!

Access Control

Access Control

  • Access control principles
  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)
  • Role-based Access Control
  • Matrix model

Access Control Example

Administrator^ Security

User

AuthenticationDatabase Authentication Barrier Access Control Barrier ReferenceMonitor

Objects

Auditing

Access Control Example

File 1 File 2 File 3 File 4 (^) Account 1 Account 2

John

Own R, W

Own R, W

Inquiry Credit

Alice (^) R

Own R, W W R

Inquiry Debit

Inquiry Credit

Bob (^) R, W R

Own R, W

Inquiry Debit

Mandatory Access Control

  • Why MAC is needed?
    • Enhances security of database
    • Gives consistent view of operations
  • General rule is all allowed accesses are provided by MAC
  • Access that is not part of MAC is discretionary
  • MAC adds to complexity

Mandatory Access Control

  • MAC is used for type enforcement (TE) as is done in programming languages
  • MAC protects organizational data
  • MAC deals with database queries, reports and statistical studies
  • Data protection for a class is determined by its label
  • Relabel privileges follow a set of rules since label makes a difference in access

Mandatory Access Control

  • Examples:
    • Official reports (DAC permission allows DAC copy)
    • Statistical analysis of medical records (providers and researchers have different view of same data)
    • Accounting records (updated by structured programs and accessed by unstructured programs)

Discretionary Access Control

  • DACs provide flexibility in allowing access to database
  • DACs protect unstructured work in progress
  • DAC objects contain information protected by MAC
  • DAC also includes privileges associated with email
  • DAC labels are derived from MAC labels

Role-based Access Control

  • Reference: “Role-based Access Control Models” by R. S. Sandhu et al, IEEE Computer, Vol. 29, Feb. 1996, 38-47.
  • Databases are used by multiple users for multiple applications
  • Role-based access control (RBAC) is one way to handle security for the users and applications

Role-based Access Control

  • Role of the user in the organization determines the access level for the database
  • DBAs create roles and assign permissions to roles
  • DBAs and others can place users in appropriate roles
  • Roles can define specific individuals allowed access or extent of access to resources for multiple individuals

Role-based Access Control

  • RBAC is policy-neutral
  • RBAC supports the following security principles : - Least privilege (only the needed permissions are assigned to roles) - Separation of duties (use of mutually exclusive roles – e.g., accountant writes check and manger signs the check) - Data Abstraction (instead of read/write/execute permissions such as credit/debit are established)

Role-based Access Control

  • RBAC is independent of MAC and DAC
  • RBAC can support MAC and DAC separately

RBAC Example

RBAC

Users Hierarchy Roles

RBAC Example

  • RBAC0 denotes the minimum requirements for an RBAC system
  • RBAC1 adds role hierarchies and includes RBAC
  • RBAC2 adds constraints and includes RBAC
  • RBAC3 includes RBAC1 and RBAC2 and transitively RBAC