Bài giảng Bảo mật cơ sở dữ liệu: Security models - Trần Thị Kim Chi

Bài giảng "Bảo mật cơ sở dữ liệu: Security models" trình bày các nội dung: Access control, types of Access control, mandatory access control, rules based access control, authentication methods, operating system authentication,... Mời các bạn cùng tham khảo.
Nội dung trích xuất từ tài liệu:
Bài giảng Bảo mật cơ sở dữ liệu: Security models - Trần Thị Kim ChiSECURITYMODELS OperatingSystemSecurityFundamentals Tiếptheobài1bắtđầutừSlide10 Giảng Viên: Trần Thị Kim Chi© FPT Software 1 Agendaa. Access controlb. Inference and covert channelsc. Open/close policyd. Database Application Security ModelsDiscretionary/mandatory access control © FPT Software 2 Access control• Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment.• Access control systems perform authorization identification, authentication, access approval, and accountability of entities through login credentials includingpasswords, personal identification numbers (PINs), biometric scans, and physical or electronic keys. © FPT Software 3 Types of Access control• There are two main types of access control: – Physical, – logical.• Physical access control limits access to campuses, buildings, rooms and physical IT assets.• Logical access limits connections to computer networks, system files and data. © FPT Software 4 Types of Access controlThe four main categories of access control are:• Mandatory access control• Discretionary access control• Role-based access control• Rule-based access control © FPT Software 5 Mandatory access control (MAC)• Mandatory access control (MAC) is a system- controlled policy restricting access to resource objects (such as data files, devices, systems, etc.) based on the level of authorization or clearance of the accessing entity, be it person, process, or device.• http:// searchsecurity.techtarget.com/definition/mandatory-a © FPT Software 6 Discretionary access control (DAC)• Discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control ).• Discretionary access control is commonly discussed in contrast to mandatory access control (MAC, sometimes termed non-discretionary access control). © FPT Software 7 Role-based access control (RBAC)• Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise...• http:// searchsecurity.techtarget.com/definition/role-based-access-co• http:// searchsecurity.techtarget.com/tip/Role-based-access-control-f © FPT Software 8 Rules Based Access Control• Rules Based Access Control is a strategy for managing user access to one or more systems, where business changes trigger the application of Rules, which specify access changes.• Implementation of Rules Based Access Control systems is feasible so long as the number of triggering business events and the set of possible actions that follow those events are both small.• - See more at: http://hitachi- id.com/concepts/rules_based_access_control.html#sthas h.TJMhLiGM.dpuf © FPT Software 9 Authentication Methods• Authentication: – Verifies user identity – Permits access to the operating system• Physical authentication: – Allows physical entrance to company property – Magnetic cards and biometric measures• Digital authentication: verifies user identity by digital means © FPT Software 10 Authentication Methods• Digital certificates: digital passport that identifies and verifies holder of certificate• Digital token (security token): – Small electronic device – Displays a number unique to the token holder; used with the holder’s PIN as a password – Uses a different password each time © FPT Software 11 Authentication ...