Analysis of the Mandatory Access restriction Oracle DBMS
>> วันพฤหัสบดีที่ 2 กรกฎาคม พ.ศ. 2552
This document deals with the analysis of restrictions Mandatory Access DBMS Oracle. As a result, several leakage channels are discovered.
For more information on the DBMS, it is often a problem for the application of the restrictions, given the information. In general, it is essential for major information systems of government or business (ie, Geografische doencument or systems information management). These systems, in general, the requirement to access the model. A feature of the model is the requirement to prevent accidental release, or information of value through information flow control. Mandatory Access labeling pattern of all subjects and objects in the access control system.
Oracle DBMS is currently one of the most popular and krachtige Industrial DBMS. LaVersion In Oracle9i, Oracle Label Security(OLS) is the component that allows you to organize mandatory access to data. Operation Lifeline Sudan, a series of procedures and limits in the central database, the application of the vaccine at the level of access control. To ensure that the OLS is the need for security with a series of labels. If this strategy is diegeschützten tables and users, the rights of the labels.
UnNALYSE the éventuelle channel leakage confidential information is interesting for the revised system.
We offer the following municipalities of the analysis algorithm Mandatory Access model.
1) Access object types are the basis of published literature and examination of the DBMS (eg, tables, strings, or columns).
2) SQL geanalyseerd respect the users can access, such as objects.
3) Several objects with different access levels for each type of object.
4) Many users (Subject Access) with different Mandatory Access.
5) A series of SQL queries is performed with several restrictions on the access rights required and objects with different levels of confidentiality. Veins after analyzing the application of these issues, a possible model and results, if the system has weaknesses, so that leaks or corruption of confianceinformations.
Dejarez position us-access operation. This table contains data, the onlyca labels. It is often said that spreadsheets, as the article of the Operation Lifeline Sudan is the security policy on the boards. But the tables label itself, the mere label lines.
The following SQL transactions with entries:
- Creation - a new record;
- Select - read an existing record;
- UPDATE - modificationd'un existing record;
- Delete - Suppression of a record.
Our experience in the series ofquestions of users with access rights to objects of varying degrees. These experiences have helped to take the necessary steps to ensure that Operation momittels. We define two variables: I and J. I is an object label. Has smaller values at the level of confidentiality (the value of "0" corresponds to "Top Secret"). J is a value below the Ebene access.
The model can be used for the following:
1. CREAR \ SELECT \ update \ DELETE, j = i
2. SELECT, J i
Mandatory Access this model is very accurate, and complies with the criteria of Bell-La Padula security model. Thus, OLS is working properly at the table of data.
But beyond that, the recorded data, the user can interact with the presentation of data, which is not covered by compulsory insurance policy on access. Tables One example of this type of object. Usersusers can modify the table structure, dwztoevoegen again, change their names, and change data. Operation Verliist its ability to correct on the table.
For example, a user with a greater obligation is legally binding, a new field in a table. The name of the field itself may be confidential and OLS mechanism will not prevent this operation. A user with limited rights is always a possibility, the name of the query all the fields.
For examFor example, a new field with the name new_password_xxx (where xxx is a secret information), the following query:
ALTER TABLE ADD user1.test_table (NEW_PASSWORD VARCHAR2 (30));
If another user is not mandatory tasks, the following query (SELECT * FROM user1.test_table;), is a name field blank, all presentations ofuser1.test_table him. As indicated, the column can contain confidential information.
For example, in the creation of channels bidirccionales for data exchange between the upper and lower access undAus this reason, can lead to leakage of confidential information.
On the issue of forestry, Mandatory Access Oracle model is not exhaustive and it is therefore possible that the exchange of classified information, no system of Mandatory Access Control, which reduces the value of information.
Also south pouvezment current methods of biometric authentication, signature keyboardour website http://www.allmysoft.com/biometric-keyboARD-Signatur-authentication.html
For more information on the DBMS, it is often a problem for the application of the restrictions, given the information. In general, it is essential for major information systems of government or business (ie, Geografische doencument or systems information management). These systems, in general, the requirement to access the model. A feature of the model is the requirement to prevent accidental release, or information of value through information flow control. Mandatory Access labeling pattern of all subjects and objects in the access control system.
Oracle DBMS is currently one of the most popular and krachtige Industrial DBMS. LaVersion In Oracle9i, Oracle Label Security(OLS) is the component that allows you to organize mandatory access to data. Operation Lifeline Sudan, a series of procedures and limits in the central database, the application of the vaccine at the level of access control. To ensure that the OLS is the need for security with a series of labels. If this strategy is diegeschützten tables and users, the rights of the labels.
UnNALYSE the éventuelle channel leakage confidential information is interesting for the revised system.
We offer the following municipalities of the analysis algorithm Mandatory Access model.
1) Access object types are the basis of published literature and examination of the DBMS (eg, tables, strings, or columns).
2) SQL geanalyseerd respect the users can access, such as objects.
3) Several objects with different access levels for each type of object.
4) Many users (Subject Access) with different Mandatory Access.
5) A series of SQL queries is performed with several restrictions on the access rights required and objects with different levels of confidentiality. Veins after analyzing the application of these issues, a possible model and results, if the system has weaknesses, so that leaks or corruption of confianceinformations.
Dejarez position us-access operation. This table contains data, the onlyca labels. It is often said that spreadsheets, as the article of the Operation Lifeline Sudan is the security policy on the boards. But the tables label itself, the mere label lines.
The following SQL transactions with entries:
- Creation - a new record;
- Select - read an existing record;
- UPDATE - modificationd'un existing record;
- Delete - Suppression of a record.
Our experience in the series ofquestions of users with access rights to objects of varying degrees. These experiences have helped to take the necessary steps to ensure that Operation momittels. We define two variables: I and J. I is an object label. Has smaller values at the level of confidentiality (the value of "0" corresponds to "Top Secret"). J is a value below the Ebene access.
The model can be used for the following:
1. CREAR \ SELECT \ update \ DELETE, j = i
2. SELECT, J i
Mandatory Access this model is very accurate, and complies with the criteria of Bell-La Padula security model. Thus, OLS is working properly at the table of data.
But beyond that, the recorded data, the user can interact with the presentation of data, which is not covered by compulsory insurance policy on access. Tables One example of this type of object. Usersusers can modify the table structure, dwztoevoegen again, change their names, and change data. Operation Verliist its ability to correct on the table.
For example, a user with a greater obligation is legally binding, a new field in a table. The name of the field itself may be confidential and OLS mechanism will not prevent this operation. A user with limited rights is always a possibility, the name of the query all the fields.
For examFor example, a new field with the name new_password_xxx (where xxx is a secret information), the following query:
ALTER TABLE ADD user1.test_table (NEW_PASSWORD VARCHAR2 (30));
If another user is not mandatory tasks, the following query (SELECT * FROM user1.test_table;), is a name field blank, all presentations ofuser1.test_table him. As indicated, the column can contain confidential information.
For example, in the creation of channels bidirccionales for data exchange between the upper and lower access undAus this reason, can lead to leakage of confidential information.
On the issue of forestry, Mandatory Access Oracle model is not exhaustive and it is therefore possible that the exchange of classified information, no system of Mandatory Access Control, which reduces the value of information.
Also south pouvezment current methods of biometric authentication, signature keyboardour website http://www.allmysoft.com/biometric-keyboARD-Signatur-authentication.html
0 ความคิดเห็น:
แสดงความคิดเห็น