Database Security and Access Control

Access Control in Database Systems

• Discretionary access control techniques are used to grant and revoke privileges on relations in relational database systems.
• This is an all-or-nothing method, where a user either has or does not have a certain privilege.

Mandatory Access Control

• Mandatory access control classifies data and users based on security classes, such as top secret (TS), secret (S), confidential (C), and unclassified (U).
• The Bell-LaPadula model is a commonly used model for multilevel security, which classifies each subject (user, account, program) and object (relation, tuple, column, view, operation) into one of the security classifications.

Restrictions on Data Access

• Two restrictions are enforced on data access based on the subject/object classifications:
  • Simple security property: A subject S is not allowed read access to an object O unless class(S) ≥ class(O).
  • A subject S is not allowed to write an object O unless class(S) ≤ class(O).

Role-Based Access Control

• Role-based access control (RBAC) emerged in the 1990s as a proven technology for managing and enforcing security in large-scale enterprise-wide systems.
• In RBAC, permissions are associated with roles, and users are assigned to appropriate roles.
• Roles can be created using the CREATE ROLE and DESTROY ROLE commands, and privileges can be assigned and revoked from roles using the GRANT and REVOKE commands.

Advantages of RBAC

• RBAC ensures that only authorized users are given access to certain data or resources.
• Role hierarchy in RBAC is a natural way of organizing roles to reflect the organization's lines of authority and responsibility.
• RBAC is a viable alternative to traditional discretionary and mandatory access controls.

Temporal Constraints in RBAC

• Temporal constraints may exist on roles, such as time and duration of role activations, and timed triggering of a role by an activation of another role.

Access Control Policies for E-Commerce and the Web

• E-Commerce environments require elaborate policies that go beyond traditional DBMSs.

Database Audits

• A database audit consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period.
• A database log used mainly for security purposes is sometimes called an audit trail.

Discretionary Access Control

• The typical method of enforcing discretionary access control in a database system is based on the granting and revoking privileges.
• Discretionary access control can be applied at two levels: the account level and the relation level.

Types of Discretionary Privileges

• At the account level, privileges can include:
  • CREATE SCHEMA or CREATE TABLE privilege
  • CREATE VIEW privilege
  • ALTER privilege
  • DROP privilege
  • MODIFY privilege
  • SELECT privilege
• At the relation level, privileges can include:
  • Privileges to access individual relations or views in the database.