Download Polyinstantiation - Introduction to Database Security - Lecture Slides and more Slides Network security in PDF only on Docsity!
1
Polyinstantiation
2
Polyinstantiation
- Definition and need for polyinstantiation
- Sea View model
- Jajodia – Sandhu model
4
Definition and need for
polyinstantiation
- Polyinstantiation can affect relations, tuples and data elements
- Polyinstantiation arises because subjects with different classes are allowed to operate on the same relations
- Polyinstantiated relations are relations with different access classes
- Polyinstantiated tuples (also called entity polyinstantiation) are tuples with the same primary key but with different access classes associated to the primary keys
5
Definition and need for
polyinstantiation
- Polyinstantiated elements (also called
attribute polyinstantiation) are elements of
an attribute which have different access
classes but are associated with the same
primary key and key class
- Polyinstantiation occurs as one of:
- Visible polyinstantiation
- Invisible polyinstantiation
7
Example of polyinstantiated relation
User Cuser Dept Cdept Salary^ Csalary TC
Bob S Math S 10K S S
Ann S CIS S 30K TS TS
Sam TS CIS TS 30K TS TS
Figure 1
8
Example of polyinstantiated tuple
User Cuser Dept Cdept Salary^ Csalary TC
Bob S Math S 10K S S
Ann S CIS S 30K TS TS
Sam TS CIS TS 30K TS TS
Sam S Math S 10K S S
Figure 2
10
Example of polyinstantiated element
User Cuser Dept Cdept Salary^ Csalary TC
Bob S Math S 10K S S
Ann S CIS S 20K S S
The view of the table for a subject with classification S based on the previous table for a polyinstantiated element
Figure 4
11
Polyinstantiation
- For read operations, subjects have read
access to instances of multilevel relations
accessing data at their level or below
- For write (insert or update) operations, the
effect depends on the access level of
dominated by, dominates or incomparable
13
Polyinstantiation
- Suppose an S-subject (i.e., a subject with
classification S) wants to execute the operation UPDATE EMPLOYEE SET Salary = ‘20K’ WHERE Name = ‘Ann’ The operation is applied to Figure 1 and the result will be Figure 3
In this example, the subject clearance is dominated by the access class of data
14
Polyinstantiation
- Suppose a TS-subject (i.e., a subject with classification TS) wants to execute the operation UPDATE EMPLOYEE SET Dept = ‘Math’ WHERE Name = ‘Ann’ The operation is applied to Figure 3 and the result will be Figure 5 given next, where multiple rows are added
In this example, the subject clearance dominates the access class of data
16
Polyinstantiation
- In Figure 5, the two rows added have the
classification of TS for the Dept field for
Ann because these tuples were added by
a TS-subject. They should not be visible
for an S-subject.
17
Polyinstantiation
- Suppose a TS-subject (i.e., a subject with classification TS) wants to execute the operation UPDATE EMPLOYEE SET Dept = ‘CIS’, Salary=‘20K’ WHERE Name = ‘Bob’ The operation is applied to Figure 3 and the result will be Figure 6 given next, where multiple rows are added
In this example, the subject clearance dominates the access class of data
19
Polyinstantiation
- In Figure 6, the three rows added have the
classification of TS for the tuple because
these tuples were added by a TS-subject.
They should not be visible for an S-
subject.
20
Sea View Model
- SEcure dAta VIEW was developed by Lunt,
Denning, et al in 1987 in California
- Sea View model actually improved upon the
concept of polyinstantiation developed by Hinke and Schaefer
- Model has two layers:
- MAC (Mandatory Access Control)
- TCB (Trusted Computing Base)
- MAC enforces the security policy of the Bell-
LaPadula and Biba models