Database Security: Access Control

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the main security mechanism for relational database systems?

Mandatory Access Control

Entity Integrity Rule

Discretionary Access Control (correct)

Role-Based Access Control

What is the purpose of Mandatory Access Control?

To enforce role-based access control

To ensure entity integrity

To grant privileges to users based on their identity

To classify data and users based on security classes (correct)

What is the highest level of security classification in the Bell-LaPadula model?

Top Secret (TS) (correct)

Secret (S)

Unclassified (U)

Confidential (C)

What is the simple security property in the Bell-LaPadula model?

A subject S is not allowed read access to an object O unless class(S) ≥ class(O) Signup and view all the answers

What is the limitation of discretionary access control?

It is an all-or-nothing method Signup and view all the answers

What is the purpose of vertical propagation in access control?

To limit the depth of the granting of privileges Signup and view all the answers

What is the relationship between the security classifications in the Bell-LaPadula model?

TS > S > C > U Signup and view all the answers

What is the restriction on write access in the Bell-LaPadula model?

A subject S is not allowed write access to an object O unless class(S) ≤ class(O) Signup and view all the answers

What is the primary concern of Mandatory Access Control policies?

Prevention of illegal flow of information Signup and view all the answers

What is the key benefit of Discretionary Access Control policies?

Flexibility in a variety of application domains Signup and view all the answers

What is the primary purpose of the entity integrity rule in multilevel relations?

To ensure that a user can see the key if permitted to see any part of the tuple Signup and view all the answers

What is the concept of storing multiple tuples at different classification levels with the same value for the apparent key?

Polyinstantiation Signup and view all the answers

What is the main drawback of Discretionary Access Control models?

Vulnerability to malicious attacks Signup and view all the answers

What does the interinstance integrity rule ensure in multilevel relations?

That a tuple value at some security level can be filtered from a higher-classified tuple Signup and view all the answers

What is the primary difference between Mandatory Access Control and Discretionary Access Control?

Mandatory policies prioritize protection, while discretionary policies prioritize flexibility Signup and view all the answers

What is the concept of controlling access to resources based on a user's role in an organization?

Role-Based Access Control Signup and view all the answers

What is the purpose of adding a classification attribute C to each attribute A in a multilevel relation schema?

To associate a security classification with each attribute value Signup and view all the answers

What determines the general classification of a tuple in a multilevel relation?

The highest classification value of all attributes Signup and view all the answers

What is the apparent key of a multilevel relation?

The set of attributes that would have formed the primary key in a regular relation Signup and view all the answers

What is the result of filtering in a multilevel relation?

A single tuple is stored at a higher classification level and produced at a lower-level classification Signup and view all the answers

What is the purpose of role-based access control in a multilevel security system?

To provide discretionary access control based on user roles Signup and view all the answers

What is the main difference between a multilevel relation and a regular relation?

A multilevel relation has security classification for each attribute value, while a regular relation does not Signup and view all the answers

What is the advantage of using mandatory access control in a multilevel security system?

It enforces a strict access control policy based on user clearance levels Signup and view all the answers

What is the result of a multilevel relation being viewed by subjects with different clearance levels?

The relation appears to contain different data to subjects with different clearance levels Signup and view all the answers

Study Notes

Limiting Horizontal Propagation

Limiting horizontal propagation to an integer number i means that an account B with the GRANT OPTION can grant the privilege to at most i other accounts.

Mandatory Access Control and Role-Based Access Control for Multilevel Security

Traditional discretionary access control techniques are not sufficient for many applications, and additional security policies are needed to classify data and users based on security classes.
Mandatory access control classifies data and users into security classes, such as top secret (TS), secret (S), confidential (C), and unclassified (U), where TS is the highest level and U is the lowest.

Bell-LaPadula Model

The Bell-LaPadula model classifies each subject (user, account, program) and object (relation, tuple, column, view, operation) into one of the security classifications, T, S, C, or U.
Two restrictions are enforced on data access based on the subject/object classifications:
- Simple security property: a subject S is not allowed read access to an object O unless class(S) ≥ class(O).
- - property (or star property): a subject S is not allowed to write an object O unless class(S) ≤ class(O).

Multilevel Security in Relational Database Model

In the relational database model, attribute values and tuples are considered as data objects.
Each attribute A is associated with a classification attribute C in the schema, and each attribute value in a tuple is associated with a corresponding security classification.
A multilevel relation schema R with n attributes is represented as R(A1, C1, A2, C2, …, An, Cn, TC).
The value of the TC attribute in each tuple provides a general classification for the tuple itself, while each Ci provides a finer security classification for each attribute value within the tuple.

Multilevel Relations

A multilevel relation appears to contain different data to subjects with different clearance levels.
In some cases, it is possible to store a single tuple in the relation at a higher classification level and produce the corresponding tuples at a lower-level classification through filtering.
Polyinstantiation occurs when several tuples can have the same apparent key value but have different attribute values for users at different classification levels.

Entity Integrity Rule for Multilevel Relations

The entity integrity rule for multilevel relations states that all attributes that are members of the apparent key must not be null and must have the same security classification within each individual tuple.
All other attribute values in the tuple must have a security classification greater than or equal to that of the apparent key.

Null Integrity and Interinstance Integrity

Null integrity and interinstance integrity ensure that if a tuple value at some security level can be filtered (derived) from a higher-classified tuple, then it is sufficient to store the higher-classified tuple in the multilevel relation.

Comparing Discretionary Access Control and Mandatory Access Control

Discretionary Access Control (DAC) policies are characterized by a high degree of flexibility, making them suitable for a large variety of application domains.
The main drawback of DAC models is their vulnerability to malicious attacks, such as Trojan horses embedded in application programs.
Mandatory policies ensure a high degree of protection by preventing any illegal flow of information.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

This quiz covers database security concepts, including mandatory access control, role-based access control, and discretionary access control techniques.