Database Protection |access control mechachanism | mandatory access control mechanism
With No comments
MANDATORY ACCESS CONTROL MECHANISM
INTRODUCTION-
INTRODUCTION-
- In many applications an additional security policy is needed that classifies data and users based on security classes.This approach is known as mandatory access control.
- The need for multilevel security exists in government military and intelligence applications as well as many industrial and corporate applications.
TYPICAL SECURITY CLASSES
- TS(Top Secret)
- Secret(S)
- Confidential(C)
- Unclassified(U)
TS>=S>=C>=U
- TS is the highest level
- U is the lowest level
The commonly used model for multilevel security known as BELL - LAPADULA MODEL
BELL - LAPADULA MODEL
- Classifies each subject(user,account,program) and object (relation,tuple,column,view,operation) into one of the security classifications TS,S,U or C.
- We will refer to the clearance of a subject S as class(S) and to the classification of an object O as class(O).
Two restrictions are enforced on data access based on the subject/ object classifications.
- A subject S is not allowed read access to an object O unless class(S) >= class(O). This is known as simple security property and intuitive .
- A subject S is not allowed to write an object O unless class(S) <= class(O).This is known as star property and is less intuitive.
A multilevel relation scheme R with n attributes would be represented as-
R ( A1,C1,A2,C2-------------------An ,Cn,TC)
0 comments:
Post a Comment