Polyinstantiation - Introduction to Database Security - Lecture Slides, Slides of Network security

The key points which are very informative in context of the database security are listed as:Polyinstantiation, Definition, Need For Polyinstantiation, Sea View Model, Jajodia, Sandhu Model, Database Technique, Same Data, Classifications, Different Tuples

Typology: Slides

2012/2013

Uploaded on 04/22/2013

sathiamoorthy
sathiamoorthy 🇮🇳

4.4

(24)

106 documents

1 / 40

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Polyinstantiation
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28

Partial preview of the text

Download Polyinstantiation - Introduction to Database Security - Lecture Slides and more Slides Network security in PDF only on Docsity!

1

Polyinstantiation

2

Polyinstantiation

  • Definition and need for polyinstantiation
  • Sea View model
  • Jajodia – Sandhu model

4

Definition and need for

polyinstantiation

  • Polyinstantiation can affect relations, tuples and data elements
  • Polyinstantiation arises because subjects with different classes are allowed to operate on the same relations
  • Polyinstantiated relations are relations with different access classes
  • Polyinstantiated tuples (also called entity polyinstantiation) are tuples with the same primary key but with different access classes associated to the primary keys

5

Definition and need for

polyinstantiation

  • Polyinstantiated elements (also called

attribute polyinstantiation) are elements of

an attribute which have different access

classes but are associated with the same

primary key and key class

  • Polyinstantiation occurs as one of:
    • Visible polyinstantiation
    • Invisible polyinstantiation

7

Example of polyinstantiated relation

User Cuser Dept Cdept Salary^ Csalary TC

Bob S Math S 10K S S

Ann S CIS S 30K TS TS

Sam TS CIS TS 30K TS TS

Figure 1

8

Example of polyinstantiated tuple

User Cuser Dept Cdept Salary^ Csalary TC

Bob S Math S 10K S S

Ann S CIS S 30K TS TS

Sam TS CIS TS 30K TS TS

Sam S Math S 10K S S

Figure 2

10

Example of polyinstantiated element

User Cuser Dept Cdept Salary^ Csalary TC

Bob S Math S 10K S S

Ann S CIS S 20K S S

The view of the table for a subject with classification S based on the previous table for a polyinstantiated element

Figure 4

11

Polyinstantiation

  • For read operations, subjects have read

access to instances of multilevel relations

accessing data at their level or below

  • For write (insert or update) operations, the

effect depends on the access level of

dominated by, dominates or incomparable

13

Polyinstantiation

  • Suppose an S-subject (i.e., a subject with

classification S) wants to execute the operation UPDATE EMPLOYEE SET Salary = ‘20K’ WHERE Name = ‘Ann’ The operation is applied to Figure 1 and the result will be Figure 3

In this example, the subject clearance is dominated by the access class of data

14

Polyinstantiation

  • Suppose a TS-subject (i.e., a subject with classification TS) wants to execute the operation UPDATE EMPLOYEE SET Dept = ‘Math’ WHERE Name = ‘Ann’ The operation is applied to Figure 3 and the result will be Figure 5 given next, where multiple rows are added

In this example, the subject clearance dominates the access class of data

16

Polyinstantiation

  • In Figure 5, the two rows added have the

classification of TS for the Dept field for

Ann because these tuples were added by

a TS-subject. They should not be visible

for an S-subject.

17

Polyinstantiation

  • Suppose a TS-subject (i.e., a subject with classification TS) wants to execute the operation UPDATE EMPLOYEE SET Dept = ‘CIS’, Salary=‘20K’ WHERE Name = ‘Bob’ The operation is applied to Figure 3 and the result will be Figure 6 given next, where multiple rows are added

In this example, the subject clearance dominates the access class of data

19

Polyinstantiation

  • In Figure 6, the three rows added have the

classification of TS for the tuple because

these tuples were added by a TS-subject.

They should not be visible for an S-

subject.

20

Sea View Model

  • SEcure dAta VIEW was developed by Lunt,

Denning, et al in 1987 in California

  • Sea View model actually improved upon the

concept of polyinstantiation developed by Hinke and Schaefer

  • Model has two layers:
    • MAC (Mandatory Access Control)
    • TCB (Trusted Computing Base)
  • MAC enforces the security policy of the Bell-

LaPadula and Biba models