Database Security Mandatory Access Model with Temporal Authorizations

Database SecurityMandatory Access Model with Temporal Authorizations Pooja Bajracharya Pratibha Katuri Richard Neidermyer

Database Security • Applicable In Many Environments • E-Commerce, Medical, and Military • Various Implementation Levels • Storage • Transmission • Authorization • Inference • Why? • There is a need for a robust and efficient mechanisms to overcome threats to these implementation environments.

Loss of Integrity Defense from Invalid Modification Loss of Availability Database Access Time Proper User Authentication Loss of Confidentiality Protection from Disclosure Covert Channels Security Threats

Function of Security • Right of Access to Information • Legal • Ethical • Organizational Policy • Public vs. Private • Governmental \ Corporate • Organizational Multilevel Policy • User and Data Classifications

Access Controls • Focus on Organization Multilevel Policy • DBMS Consists of: • Subjects (Users) • Objects • Access Relationships Define Privileges • Privilege Implies Specific Accesses • Privilege Has Access Type • Read, Write, and Modify

Discretionary Access Control • Access Matrix Model • Rows represent subjects • Columns represent objects

Mandatory Access Control • Assigns Sensitivity Levels • Top Secret, Secret, Confidential, Unclassified • Typical Security Policy • class (S) >= class (O) • Imposed Restrictions • Simple Security Property • Read (O) iff class (S) >= class (O) • Star Property • Write (O) iff class (S) <= class (O)

Temporal Authorization • Temporary Privileges • Time Interval for Subject \ Object Privilege • Temporal Dependency • Whenever, Aslongas, Whenever Not, Unless • Authorization Type • Positive \ Negative • Example • [t1, t2] {User1, Object1, Read}

Problem Statement • Merge MAC with Temporal Authorizations • Issues to Address • Maintain MAC Restrictions • Detect Request (Grant) Conflicts • Handle Generated Hierarchy Authorizations • Cascade Temporal Authorization • Overlapping Temporal Authorizations • Identified and Marked During Cascade • Checked During Revocation

Solution • Develop Temporal Authorization Definition • General Validation of Request • Introduce Object Families • Cascade Validation • Recursive Cascade Validation • Final Grant Procedure • Revocation Procedure

HTA • Hierarchical Temporal Authorization • Adds ‘a’ Parent Authorization Attribute

Restriction Validation • Validates Initial Request • Class (S) versus Class (O)

Validation Example • Employee Relation Schema UserS – Read UserC - Read

Object Families • Introduces Third Dimension of Object • Defines Authorization Domain • Family Access Function • Family[O] returns F = {Oxf1, Oxf2, …, OxfN}

Cascade HTA • Without Family Attribute – or NULL • With Family Attribute • 5, 6, 7, 9, 12 • 1, 2, 8, 11 • 3, 10, 13

Recursive Cascade Validation • Verifies Hierarchical Restrictions • Cascade Domain Is Object Family • Supports Multiple Family Objects

Cascade Example • Database Objects with Families • Request State • Result • No higher class object can have a READ with user. • With A this does not cause conflict. • EMPLOYEE branches to B and LOCATIONS conflicts.

Grant Procedure • High-level Execution for Every Request • Uses Recursive Cascade Authorization • Applies Cascade HTAs to HTAR

Revoke Algorithm • Validates Revoke Request • Removes HTAs from HTAR • Implicitly Handles Overlapping HTAs

Conclusion • Presented an Authorization Model with Temporal Capabilities for MAC • Maintain Mandatory Security Policies • Simple Security Property • Start Property • Introduced Two New Concepts • Hierarchical Temporal Authorizations • Object Family Assigment

Conclusion • Defined Authorization Grant Procedure • Validation • Cascade Validation • Recursive Cascade Validation • Defined Authorization Revoke Procedure • Handles Overlapping HTA • Uses HTA Registry for Execution

Future WorkHierarchical Temporal Authorization Registry • Repository of Granted, Un-expired HTA • HTA Parent Association Must Exist • Define Storage and Access Mechanisms • Stress HTAR Execution Efficiency

Future WorkFurther Evaluation of Family Assignment • Provides Distribution Mechanism to DBA • Effect of Family Assignment on Relation Authorization Access • Achieve Balance Database Object Count and Family Count

QuestionsandComments Thank You

Database Security Mandatory Access Model with Temporal Authorizations

Database Security Mandatory Access Model with Temporal Authorizations

Presentation Transcript

TRBAC: A Temporal Role-Based Access Control Model

Database Security: Access Control and SQL Injection

Temporal Database

Access Database

Authorizations

Mandatory Security Policies

Temporal Database

Easy Database Access with SubSonic

Database Access

Database Access with JDBC

MIT’s Roles Database: Our Model for Authorizations

Temporal Database

Model Exploration with Temporal Logic Query Checking

Database Access Patterns in ATLAS Computing Model

Model Based Security with

Authorizations

Database Access with JDBC

Temporal Database

Temporal Database

TRBAC: A Temporal Role-Based Access Control Model

Database Security Model using Access Control Mechanism in Student Data Management