Mandatory access controls
PROS AND CONS OF MAC
Pros:
Provide a high degree of protection – in a way of preventing any illegal flow of information.
Suitable for military types of applications.
Cons:
Not easy to apply: require a strict classification of subjects and objects into security levels.
Applicable for very few environments.
29 trang |
Chia sẻ: vutrong32 | Lượt xem: 1170 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Mandatory access controls, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
MANDATORY ACCESS CONTROLS
Faculty of Computer Science &
Engineering
HCMC University of Technology
Information Systems of Technology
1
Introduction to Mandatory Access Control
MAC in Oracle: Oracle Label Security
OUTLINE
2
Security Classes
MAC properties
Multilevel relation
Pros and cons of MAC
INTRODUCTION TOMAC
3
INTRODUCTION TOMAC
Mandatory Access Control (MAC):
MAC applies to large amounts of information requiring
strong protect in environments where both the system
data and users can be classified clearly.
MAC is a mechanism for enforcing multiple level of
security.
Propose Model: Bell-LaPadula
4
SECURITY CLASSES
Classifies subjects and objects based on security
classes.
Security class:
Classification level
Category
A subject classification reflects the degree of trust
and the application area.
A object classification reflects the sensitivity of
the information.
5
CLASSIFICATION LEVEL
Typical classification level are:
Top secret (TS)
Secret (S)
Confidential (C)
Unclassified (U)
Where TS is the highest level and U is the lowest:
TS ≥ S ≥ C ≥ U
6
CATEGORY
Categories tend to reflect the system areas or
departments of the organization.
Example: there are 3 departments of the
organization: Sales, Production, Delivery
7
SECURITY CLASSES
A security class is defined as follow:
SC = (A, C)
A: classification level
C: category
A relation of partial order on the security classes:
SC ≤ SC’ is verified, only if:
A ≤ A’ and C’ ⊇ C
Examples:
(2, Sales) ≤ (3, (Sales, Production))
(2, (Sales, Production)) ≤ (3, Sales)
8
Security Classes
MAC properties
Multilevel relation
Pros and cons of MAC
INTRODUCTION TOMAC
9
MAC PROPERTIES
Simple security property: A subject S is not
allowed read access to an object O unless
class(S) ≥ class(O).
No read-up
Star property (or * property): A subject S is
not allowed to write an object O unless
class(S) ≤ class(O)
No write-down
These restrictions together ensure that there is
no direct flow of information from high to low
subjects!!! 10
WHY STAR PROPERTY?
11
WHY STAR PROPERTY?
12
WHY STAR PROPERTY?
13
Security Classes
MAC properties
Multilevel relation
Pros and cons of MAC
INTRODUCTION TOMAC
14
MULTILEVEL RELATION
Multilevel relation: MAC + relational
database model
Data objects: attributes and tuples
Each attribute A is associated with a
classification attribute C
A tuple classification attribute TC is to
provide a classification for each tuple as a
whole, the highest of all attribute
classification values.
R(A1,C1,A2,C2, , An,Cn,TC)
The apparent key of a multilevel relation is
the set of attributes that would have formed
the primary key in a regular (single-level)
relation.
15
Multilevel relation
16
A multilevel relation will appear to contain different
data to subjects (users) with different security
levels
SELECT * FROM EMPLOYEE
Multilevel relation
A user with security level S
17
SELECT * FROM EMPLOYEE
Multilevel relation
A user with security level C
18
SELECT * FROM EMPLOYEE
Multilevel relation
A user with security level U
19
SELECT * FROM EMPLOYEE
Multilevel relation
A user with security level U
20
Read and write operations: satisfy the No
Read-Up and No Write-Down principles.
Properties of Multilevel relation
21
Entity integrity: all attributes that are members
of the apparent key must not be null and must
have the same security classification within
each individual tuple.
In addition, all other attribute values in the
tuple must have a security classification greater
than or equal to that of the apparent key.
Properties of Multilevel relation
This constraint ensures that a user can see the
key if the user is permitted to see any part of
the tuple at all.
22
PROPERTIES OFMULTILEVEL RELATION
Polyinstantiation: where several tuples
can have the same apparent key value but
have different attribute values for users at
different classification levels.
23
POLYINSTANTIATION EXAMPLE
(security level C)
A user with security level C tries to update
the value of JobPerformance of Smith to
‘Excellent’:
UPDATE EMPLOYEE
SET JobPerformance = ‘Excellent’
WHERE Name = ‘Smith’;
24
POLYINSTANTIATION EXAMPLE
25
Security Classes
MAC properties
Multilevel relation
Pros and cons of MAC
INTRODUCTION TOMAC
26
PROS AND CONS OFMAC
Pros:
Provide a high degree of protection – in a way of
preventing any illegal flow of information.
Suitable for military types of applications.
Cons:
Not easy to apply: require a strict classification of
subjects and objects into security levels.
Applicable for very few environments.
27
Introduction to Mandatory Access Control
MAC in Oracle: Oracle Label Security
OUTLINE
28
Introduction to Mandatory Access Control
MAC in Oracle: Oracle Label Security (Lab)
OUTLINE
29
Các file đính kèm theo tài liệu này:
- slide05_mac_9454.pdf