Bài giảng Bảo mật cơ sở dữ liệu: Chương 3 - Trần Thị Kim Chi (tt)

Bài giảng "Bảo mật cơ sở dữ liệu - Chương 3: Bảo mật theo cơ chế MAC" cung cấp cho người học các kiến thức: Define Mandatory Access Control Models, secrecy-preserving models, integrity-preserving models, multi-Level security, multi-level databases access control models,... Mời các bạn cùng tham khảo.
Nội dung trích xuất từ tài liệu:
Bài giảng Bảo mật cơ sở dữ liệu: Chương 3 - Trần Thị Kim Chi (tt)BảomậttheocơchếMACMandatory Access Control ModelsAgenda1. DefineMandatoryAccessControlModels2. Secrecypreservingmodels3. Integritypreservingmodels4. MultiLevelsecurity5. Multileveldatabasesaccesscontrolmodels6. MultilevelsecureDBMSarchitecture7. MACtrongcáchệQTCSDLthôngdụngDefineMandatoryAccessControl MandatoryAccessControl:Asystemwidepolicy decreeswhoisallowedtohaveaccess;individual usercannotalterthataccess. Reliesonthesystemtocontrolaccess. Examples: – Thelawallowsacourttoaccessdrivingrecords withouttheowners’permission. TraditionalMACmechanismshavebeentightly coupledtoafewsecuritymodels. Recently,systemssupportingflexiblesecurity modelsstarttoappear(e.g.,SELinux,Trusted Solaris,TrustedBSD,etc.)MandatoryAccessControlvsDiscretionaryAccessControl MACiscentrallycontrolledbyasecuritypolicy administrator;usersdonothavetheabilitytooverridethe policyand,forexample,grantaccesstofilesthatwould otherwiseberestricted. DAC,whichalsogovernstheabilityofsubjectstoaccess objects,allowsuserstheabilitytomakepolicydecisions and/orassignsecurityattributes. MACenabledsystemsallowpolicyadministratorsto implementorganizationwidesecuritypolicies. WithDAC,userscannotoverrideormodifythispolicy, eitheraccidentallyorintentionally.Thisallowssecurity administratorstodefineacentralpolicythatisguaranteed (inprinciple)tobeenforcedforallusers.DegreesofMACsystemstrength Insomesystems,usershavetheauthoritytodecidewhether tograntaccesstoanyotheruser.Toallowthat,allusers haveclearancesforalldata.Thisisnotnecessarilytrueofa MACsystem.Ifindividualsorprocessesexistthatmaybe deniedaccesstoanyofthedatainthesystemenvironment, thenthesystemmustbetrustedtoenforceMAC.Since therecanbevariouslevelsofdataclassificationanduser clearances,thisimpliesaquantifiedscaleforrobustness. Forexample,morerobustnessisindicatedforsystem environmentscontainingclassifiedTopSecretinformation andunclearedusersthanforonewithSecretinformation andusersclearedtoatleastConfidential.Topromote consistencyandeliminatesubjectivityindegreesof robustness,anextensivescientificanalysisandrisk assessmentofthetopicproducedalandmarkbenchmarkEvaluationofMACsystemstrength TheCommonCriteria[7]isbasedonthisscienceandit intendedtopreservetheAssuranceLevelasEALlevelsand thefunctionalityspecificationsasProtectionProfiles.Of thesetwoessentialcomponentsofobjectiverobustness benchmarks,onlyEALlevelswerefaithfullypreserved.In onecase,TCSEClevelC2[8](notaMACcapablecategory) wasfairlyfaithfullypreservedintheCommonCriteria,as theControlledAccessProtectionProfile(CAPP).[9] Multilevelsecurity(MLS)ProtectionProfiles(suchas MLSOSPPsimilartoB2)[10]ismoregeneralthanB2.They arepursuanttoMLS,butlackthedetailedimplementation requirementsoftheirOrangeBookpredecessors,focusing moreonobjectives.Thisgivescertifiersmoresubjective flexibilityindecidingwhethertheevaluatedproduct’s technicalfeaturesadequatelyachievetheobjective, MultilevelSecurity(MLS)DefinitionandneedforMLS– SecurityClassification– SecrecyBasedMandatoryPolicies:Bell LaPadulaModel– IntegritybasedMandatoryPolicies:The BibaModel– LimitationofMandatoryPoliciesHybridPolicies– TheChineseWallPolicyDefinitionandneedforMLS Multilevelsecurityinvolvesadatabaseinwhich thedatastoredhasanassociatedclassification andconsequentlyconstraintsfortheiraccess MLSallowsuserswithdifferentclassification levelstogetdifferentviewsfromthesamedata MLScannotallowdownwardleaking,meaning thatauserwithalowerclassificationviewsdata storedwithahigherclassificationDefinitionandneedforMLS Usuallymultilevelsystemsarewiththefederal government Someprivatesystemsalsohavemultilevelsecurity needs MLSrelationissplitintoseveralsinglelevelrelations, ArecoveryalgorithmreconstructstheMLSrelation fromthedecomposedsinglelevelrelations AttimesMLSupdatescannotbecompletedbecauseit wouldresultinleakageordestructionofsecret informationDefinitionandneedforMLS Inrelationalmodel,relationsaretables andrelationsconsistoftuples(rows)and attributes(columns) Example: Considertherelation SOD(Starship,Objective,Destination) Starship Objective DestinationEnterprise Exploration TalosVoyager ...