Trusted RUBIX TM. Version 6. Multilevel Security in Trusted RUBIX White Paper. Revision 2 RELATIONAL DATABASE MANAGEMENT SYSTEM TEL

Size: px
Start display at page:

Download "Trusted RUBIX TM. Version 6. Multilevel Security in Trusted RUBIX White Paper. Revision 2 RELATIONAL DATABASE MANAGEMENT SYSTEM TEL +1-202-412-0152"

Transcription

1 Trusted RUBIX TM Version 6 Multilevel Security in Trusted RUBIX White Paper Revision 2 RELATIONAL DATABASE MANAGEMENT SYSTEM Infosystems Technology, Inc. 4 Professional Dr - Suite 118 Gaithersburg, MD TEL

2 1981, 2014 Infosystems Technology, Inc. (ITI). All rights reserved. Unpublished work. Commercial computer software and software documentation: Government users are subject to ITI's standard license agreement per DFARS or, in non-dod agencies where such protection is unavailable, to "restricted rights" under applicable FAR System clauses. Infosystems Technology, Inc. 4 Professional Dr - Suite 118 Gaithersburg, MD THIS DOCUMENTATION CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF INFOSYSTEMS TECHNOLOGY, INC. USE, DISCLOSURE, OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF INFOSYSTEMS TECHNOLOGY, INC. FOR FULL DETAILS OF THE TERMS AND CONDITIONS FOR USING THE SOFTWARE, PLEASE REFER TO THE ITI-TRUSTED RUBIX USER LICENSE AGREEMENT. The information in this document is subject to change without notice and should not be construed as a commitment by ITI. Infosystems Technology, Inc. assumes no responsibility for any errors that may appear in this document. RUBIX is a trademark of Infosystems Technology, Inc. UNIX is a trademark of The Open Group. Microsoft is a trademark of the Microsoft Corporation. Printed in U.S.A.

3 Table of Contents OVERVIEW... 1 MLS LABELS... 1 DOMINANCE RELATIONSHIP... 2 INFORMATION FLOWS... 3 SECURITY LATTICE... 4 MLS ACCESS CONTROL RULES FOR SQL OPERATIONS... 6 MULTILEVEL DBMS OBJECTS... 7 TABLE SELECT EXAMPLE... 9 POLYINSTANTIATION CONCURRENCY CONTROL MLS OS-DBMS POLICY INTEGRATION APPENDIX A: FREQUENTLY ASKED QUESTIONS (FAQ)... 16

4 Overview Multilevel Security is a Mandatory Access Control (MAC) policy designed to control the flow of information between subjects based upon their trustworthiness. In general information is allowed to flow from less trustworthy subjects to more trustworthy subjects. Subjects are assigned labels that represent their trustworthiness while objects are assigned labels that represent their sensitivity. These labels are used along with fixed Bell-La Padula rules to control operations. In general, Bell-La Padula rules allows subjects to read objects at lower labels and update objects at their label. The simple and static nature of the Bell-La Padula rules provides the potential for a higher assurance of correctness as compared to more complex and dynamic security policy models. Trusted RUBIX fully integrates the Multilevel Security policy into its DBMS, labeling all DBMS objects and controlling access to all SQL operations. In addition, Trusted RUBIX fully integrates with the Multilevel Security policy of the underlying operating system, providing coherent total-system security behavior. MLS Labels Central to the Multilevel Security policy is the MLS label, also known as a level. Each subject (e.g., a DBMS session open on behalf of a user) and object (e.g., a DBMS row) is assigned an MLS label. The MLS label assigned to a subject determines which operations the subject may perform. The subject label is also assigned to objects created by the subject. The MLS label assigned to an object determines which operations may be performed upon the object. Generally, a subject may read an object if the subject's label dominates (is "higher" than) the object's label and may update an object if the subject's label equals the object's label. MLS label's are composed of two distinct parts: the sensitivity (objects)/clearance (subjects) and the compartments. Compartments may also be known as categories. The sensitivity/clearance component of a label represents the degree to which information is securitywise sensitive (object's only) and the user's trustworthiness (subjects only). It frequently takes on a string form like "Top Secret" or "Unclassified." The compartments component of a label represents a user's "need to know." This usually refers to the information a user needs to operationally perform her duties. While they may be "cleared" or "trusted" to see other information, they have no operational need to see such data to perform their job responsibilities and, taking a conservative approach to security, the MLS policy denies them access. Trusted RUBIX labels its DBMS objects with the same MLS labels used by the underlying operating system. The following diagram gives sample MLS labels in Solaris 10 Trusted Extensions (TX) and SELinux formats. For SELinux, the MLS level is one of four components within its security context. The left-most part of each MLS label represents the sensitivity/clearance component while the right-most component represents the compartments. In both cases the MLS label may be configured to have a user-friendly string representation. SELinux MLS

5 label compartments may be specified as a comma separated list (e.g., c1, c5, c9) and as a range (e.g., c1.c3). Also note that a MLS label need not contain any compartments Figure 1: Sample MLS Labels Dominance Relationship The Multilevel Security policy uses an ordering relationship between labels known as the dominance relationship. Intuitively, we think of a label that dominates another as being "higher" than the other. Similarly, we think of a label that is dominated by another as being "lower" than the other. The dominance relationship is used to determine permitted operations and information flows. The dominance relationship is determined by the ordering of the Sensitivity/Clearance component of the label and the intersection of the set of Compartments.

6 Sample Sensitivity/Clearance ordering are: Top Secret > Secret > Confidential > Unclassified s3 > s2 > s1 > s Sample Compartment intersections are: The intersection of {AB} and {A} is {A} The intersection of {c1,c2} and {c1} is {c1} The intersection of {AB} and {C} is {} Formally, for label 1 to dominate label 2 both of the following must be true: The sensitivity/clearance of label 1 must be greater than or equal to the sensitivity/clearance of label 2. The intersection of the compartments of label 1 and label 2 must equal the compartments of label 2. Additionally: Two labels are said to be equal if their sensitivity/clearance and set of compartments are exactly equal. Note that dominance includes equality. One label is said to strictly dominate the other if it dominates the other but is not equal to the other. Two labels are said to be incomparable if each label has at least one compartment that is not included in the other's set of compartments. The dominance relationship will produce a partial ordering over all possible MLS labels, resulting in what is known as the MLS Security Lattice. Information Flows The Multilevel Security policy is concerned with the flow of information from one subject to another. There is a general requirement that information not flow from a "higher" level subject to a "lower" level subject. Flows of information are referred to as channels. For instance, a channel may not exist from a Top Secret user to an Unclassified user as this would allow an Unclassified user access to Top Secret information. Within the Trusted RUBIX DBMS, all SQL operations are controlled to prevent improper information flows. So, for instance, a Confidential user may not SELECT a Top Secret row. Also, a Top Secret user may not UPDATE a Confidential row. A Top Secret user would be permitted to SELECT a Confidential row. In addition to explicit information flow channels, such as selecting a row, Trusted RUBIX also eliminates some covert information flow channels. These are situations where a low level subject can infer information about a "high" level object or subject. Two primary areas where Trusted RUBIX removes illegal covert channels are within the concurrency control algorithm and through the use of polyinstantiation. The following diagram shows the permitted and non-permitted information flows between a representative set of MLS labels. In general, information is allowed to flow from a source to a destination if the destination MLS label dominates (is higher than or equal to) the source MLS label. Note that no information flows are allowed between incomparable MLS labels, such as Top Secret: AB and Top Secret:

7 C. Also note that not all permitted information flows are shown in the diagram, such as from Unclassified: A to Top Secret: AB Figure 2: MLS Information Flows Security Lattice The following diagram shows the MLS Security Lattice for a representative set of MLS labels. The security lattice is a graphical representation of the dominance relationship between all labels in the system. For this example, the system has four sensitivity/clearance labels (TS>S>C>U) and two compartments (A and B). If a path exists from one node to a second node then the label associated with the first node strictly dominates the label associated with the second node. Information is permitted to flow from the first node to the second node. Labels towards the top of the diagram have a higher sensitivity/clearance. Labels towards the right side of the diagram have more categories (need to know). The special label TS:AB is referred to as System High because it dominates all other labels in the system and information may flow to it from any label in the system. The label U is referred to as System Low because it is dominated by all labels in the system and information may flow from it to any other label on the system. Trusted RUBIX uses the same MLS Security policy configuration, and thus security lattice, as the underlying operating system.

8 Figure 3: MLS Security Lattice

9 MLS Access Control Rules for SQL Operations All operations of the Trusted RUBIX DBMS have been integrated with the MLS Security policy, including all SQL operations. All DBMS objects (database, catalog, schema, view, table, index, row) are assigned an MLS label. The rules governing the general behavior of the MLS Security policy are: Newly created objects are assigned the label of the creating subject. A subject may read an object if the subject's label dominates the object's label. A subject may update an object if the subject's label is equal to the object's label. A subject may create a child object within a parent object (e.g., a row within a table or a table within a schema) if the subject's label dominates the parent object. The child will be assigned the label of the creating subject. The following table enumerates the MLS access control rules for each SQL operation. SQL Statement MLS Access Control Rules MLS Outcome ALTER TABLE Session >= parent schema Session = table Table sensitivity label is unchanged. Session = table referenced by a foreign key CONNECT The session sensitivity label for the connecting user is assigned from the label of the operating system connection (e.g., socket label) CREATE CATALOG New object labeled with the session sensitivity label. CREATE DATABASE Any Sensitivity label New object labeled with the session sensitivity label. CREATE INDEX Session >= parent schema New object labeled with the session sensitivity label. Session = table CREATE SCHEMA New object labeled with the session sensitivity label. CREATE TABLE Session >= schema New object labeled with the session sensitivity label. Session = table referenced by a foreign key CREATE VIEW Session >= parent schema New object labeled with the session sensitivity label. Session >= table Session >= view DELETE Session >= parent schema Session >= table, [view] Session = row Delete rows at session sensitivity label. DROP CATALOG Session = catalog Session = any schema, table, or view inside of the catalog Session = any view that references a table and/or view inside of the catalog The catalog and all containing objects (if cascade option specified) are dropped. DROP DATABASE Session = database All objects in the database are destroyed. DROP INDEX Drop the specified index.

10 7 SQL Statement MLS Access Control Rules MLS Outcome Session >= parent schema DROP SCHEMA DROP TABLE DROP VIEW GRANT INSERT REVOKE SELECT SET CATALOG SET SCHEMA UPDATE sub-query * Session = index Session = schema Session = any table or view inside of the schema Session = any view that references a table and/or view inside of the schema The schema and all containing objects (if cascade option specified) are dropped. The table, all indices, and all rows are dropped. All Session >= parent schema referencing views are dropped (if cascade option Session = table specified). Session = any view referencing the table Session >= parent schema Session = view Session = any view referencing the view Session >= parent object(s) Session = object Session >= parent schema Session >= table, [view] Session >= parent object(s) Session = object Session >= parent schema Session >= table, [view]; Session >= row Session >= catalog Session >= schema Session >= parent schema Session >= table, [view]; Session = row Session >= parent schema Session >= table, [view]; Session >= row The view is dropped. All referencing views are dropped (if cascade option specified). Privileges valid for all sensitivity labels that may access object. New object labeled with the session sensitivity label. Privileges revoked are applicable for all sensitivity labels that may access object. Rows dominated by session sensitivity label are returned Specified catalog name used as default catalog name for all future SQL operations. Specified schema name used as default schema name for all future SQL operations. Rows at the session sensitivity label are updated. Rows dominated by session sensitivity label are returned for the sub-query. * A sub-query is an implied operation on any delete, update, or select operation that includes a where clause and any insert operation that has a select clause. Multilevel DBMS Objects Trusted RUBIX has many DBMS objects that contain child objects. For instance, databases contain catalogs, catalogs contain schemata, schemata contains tables, and tables contain rows. Each of these objects may

11 8 88 contain child objects that have a sensitivity label that is different than the parent object. The general MLS 8 rule is that a parent object may contain a child object only if that child object's sensitivity label dominates the parent's sensitivity label. Thus, parents objects are able to hold child objects at the same label or higher. MLS multilevel DBMS objects allow container objects to store information from various sensitivity labels while allowing each user to have a view of the database which corresponds to his clearance label, only seeing objects which are dominated by his clearance. All of this happens automatically within Trusted RUBIX. The following diagram demonstrates a database configuration with multiple MLS multilevel DBMS objects. Figure 4: Multilevel DBMS Objects Each user will have a view of the database which corresponds to his clearance label. Objects for which the user is not cleared to access (i.e., those which he does not dominate) will be automatically filtered out of the user's view. Polyinstantiation will insure that naming collisions do not reveal the existence of higher level objects. The following diagram shows the logical view a user would have of the database with an Unclassified, Confidential, and Secret clearance. A Top Secret clearance would have all objects visible and present a view of the database that corresponds to the first diagram.

12 Figure 5: Views of Multilevel Objects by Clearance Table SELECT Example The following diagram shows the results of two users, with differing MLS session labels, performing a SELECT operation on the same table. The first user, Bob, is connected to Trusted RUBIX with an MLS session label of Top Secret: A. The second user, Nancy, is connected to Trusted RUBIX with an MLS session label of Confidential: B. Both users are selecting all rows from the MyTab table. In both cases, the SELECT result set will contain only rows which the user dominates. Note that both the user's clearance component must be higher than the row's sensitivity component and the user's compartments must include each of the row's compartments. If a user does not dominate a row, then the row is simply filtered from the result set (no error value is returned). Thus, the existence of the row is hidden. The MLS filtering of the table rows occurs within the DBMS Kernel and below the SQL Engine, making it impossible that an improper row be returned for each SQL operation.

13 Figure 6: MLS Table SELECT Polyinstantiation The intent of Multilevel Security is to prevent unauthorized information flows to users who are not cleared to access the information. One covert way that illegal information flows may occur within nonsecure systems is by exploiting unique object naming collisions between security domains. The value of a unique key within a row may easily be used to infer the existence of high-level key values by a low-level user not cleared to access the information. Consider the following steps that may be performed within a non-secure DBMS to extract sensitive information. The diagram that follows corresponds to the following steps: 1. A low-level table is created with a unique primary key. 2. A high-level user inserts a value into the low-level table. 3. A low-level user "fishes" for the value of the high-level key by attempting to insert various key values. 4. When the low-level user receives an error message that says the row cannot be inserted because the unique key already exists; and, the low-level users verifies that no such key exists at a dominated level, then the low-level user knows the existence of the high-level key value. This process may be incorporated into a computer program for quick retrieval of high-level information

14 11 11 resulting in a high bandwidth covert channel Trusted RUBIX removes the potential for such illegal information flows through polyinstantiating DBMS objects that have unique names. This is explained later in this section. Figure 7: Illegal Information Flow of Systems with No Polyinstantiation Trusted RUBIX employs polyinstantiation to eliminate potential illegal information flows that may occur due to naming collision. Polyinstantiation is the process of using duplicate resources or objects to remove conflicts between concurrent accesses. In the case of primary key values, Trusted RUBIX creates a duplicate copy of the row containing the key value when the low-level user attempts an INSERT. Therefore, even though a duplicate key value exists at a high-level, the low-level INSERT succeeds, thereby hiding the existence of the high-level key. When the table is subsequently selected, each user will receives the copy of the row with the highest, dominated label. It is also possible to select all dominated, polyinstantiated rows from a table. The following figure graphically demonstrates polyinstantiation of primary key values.

15 Figure 8: Removal of the Information Flow with Polyinstantiation Concurrency Control The intent of Multilevel Security is to prevent unauthorized information flows to users who are not cleared to access the information. One covert way that illegal information flows may occur within nonsecure systems is by exploiting locking concurrency control protocols (e.g., two-phase locking or explicitly locking) commonly used within non-secure DBMS products. The illegal information flow is achieved by a high-level user locking a low-level object for read. A lowlevel user then attempts to lock the object for write. Because the write lock requires a unique lock, it will be delayed or denied because of the existence of the high-level lock. The low-level user can then create a program that exploits the existence (or non-existence) of the locking delay to receive information from the cooperating high-level user. The following figure demonstrates this process.

16 Figure 9: Insecure Concurrency Control Resulting in an Illegal Information Flow Trusted RUBIX eliminates the covert channels provided through locking concurrency protocols by using a unique algorithm know as the Secure Multiversion Timestamp Ordering (Secure MVTO) concurrency control protocol. Secure MVTO creates a new version of a row upon every update and uses transaction timestamps to ensure a user operates on the correct row version. In our example, the high-level user never locks the row being read. Additionally, the low-level user never requires a lock on the row, she simply creates a new version of the row alongside the original version. The following figure demonstrates how Trusted RUBIX and Secure MVTO remove illegal information flows caused by locking concurrency control algorithms.

17 Figure 10: Trusted RUBIX Secure Concurrency Control MLS OS-DBMS Policy Integration Trusted RUBIX fully integrates the MLS policy of the underlying secure operating system (OS) with that of the DBMS. This results in coherent security behavior across both the OS and DBMS domains. With MLS policy integration, the DBMS session label and the OS session label will be the same for every user. The string label representation and the set of valid label formats will also be the same for Trusted RUBIX and the secure operating system. Additionally, the dominance relationships (i.e., the security lattice) will be the same. Other DBMS products that implement MLS policy enforcement may not integrate with the underlying secure operating system or may be designed to operate on top of a non-mls operating system. In these environments, illegal information flows may occur from the DBMS, to the OS, and then to a user not cleared to access the information. Additionally, the security administrator may have to maintain and configure two MLS policies, each with differing label structures and security lattices. The first of the following two diagrams demonstrates how a malicious user may illegally send information from Top Secret to Unclassified, by exploiting the lack of OS-DBMS policy integration. The second diagram demonstrates how Trusted RUBIX prevents this illegal information flow by integrating with the underlying secure operating system.

18 15 15 In the first diagram, the malicious user Bob SELECT's Top Secret DBMS data and redirects it to an 15 Unclassified operating system file. Because there is no OS-DBMS policy integration, Bob is able to connect 15 to the DBMS at Top Secret while remaining at Unclassified with respect to the operating system. Nancy then reads the Top Secret DBMS data from the Unclassified operating system file, completing the illegal information flow. Figure 11: Illegal Information Flow in Systems without OS-DBMS Policy Integration The second diagram demonstrates how Trusted RUBIX prevents such illegal information flows by integrating the MLS policies. Because Bob's Trusted RUBIX DBMS and OS session labels are linked, he can only redirect the DBMS data into a Top Secret operating system file. Nancy, being at Unclassified is unable to read from the Top Secret operating system file. Thus, the data remains protected by the same MLS policy in both the Trusted RUBIX DBMS and operating system.

19 Figure 12: Preventing Illegal Information Flow using OS-DBMS Policy Integration Appendix A: Frequently Asked Questions (FAQ) 1) What was the original posture of NSA toward building a RDBMS MAC/MLS security policy atop a non-secure operating system? It was akin to building a fortress on sand. What was proposed was that security must be built in on a dependable infrastructure on a foundation of solid (e.g., cubic) rocks. 2) What is meant by that statement? This meant that a MAC policy should be implemented in the database kernel and fully integrated with the host Operating System MAC policy and the data always residing in a MLS arbitrated domain. 3) What is the typical MLS architecture? Multiple clients at various levels on networks connecting to a single database and retrieving data based upon the client level.

20 ) Specifically, what constitutes a true MLS architecture? A TR server running on a Trusted Operating System (TOS) with other machines connected to it via statically labeled networks. TR does not require separate networks with separate servers to enforce different levels of security clearance for cross domain applications. 5) What label does the TR server run at? The TR server runs at the system high label and services clients. This allows the server to access the TOS data files which are isolated at system high. Each TR object is labeled by TR with its object label. The client processes are at whatever level the user is at, either explicitly or implicitly. The TR server detects the client level and sets it at the TR session label. Based upon this session label and object labels, the TR server arbitrates access to TR objects. 6) TR server uses the isolated container model for MLS. Please explain. The TOS provides connection managers by which TR reads the label from the network interface that the TOS controls. This allows non system high processes to query the database and TR ensures that only releasable data is returned to the connection manager. TR maintains all of its database objects in specific isolated (system high/special owner groups and modes) TOS files. This ensures that only TR executables may access the data. Each connection server s process implements MAC and DAC security policies. The MAC policy is stored in the highly assured TR kernel. 7) What is the key component of MLS systems? The key component is MAC which separates sensitive data and access to that data always automatically enforced. 8) How is the TR MAC policy for sensitivity implemented? It is implemented with labels that consist of a hierarchical level and a set of zero or more nonhierarchical categories or compartments. These labels are used to determine access to a resource in accordance with the MAC policy. Since the TR MAC security policy is fully integrated with the TOS MAC policy, there is no special TR configuration needed. 9) How are TR data objects labeled? Every TR data object that is created (database, catalog, schema, table, view, row, and index) is labeled with the current session sensitivity label. This label is set at the TOS TR server process session label. The TR object sensitivity label is maintained within the TR security kernel as a fully autonomous object. 10) What are the dominance rules that apply to comparing TR labels? Two labels are said to be equal if they have the same classification and the same set of compartments. If they are equal, they dominate each other and access is permitted. A label dominates another label if its classification is greater than or equal to that of the other label, and its categories are a super set of the other s categories, access is permitted. If one label has a higher classification or it has the same classifications and its compartments are a superset of the second label s compartments or both, the first label is said to strictly dominate the second label and access is permitted Two labels are said to be disjoint or non-comparable if neither label dominates.

21 ) How are TR objects immediately and automatically protected by MAC at creation time? For example, when a database is created by executing the CREATE DATABASE command, it is immediately assigned a security label that matches the user s security label. As another example, if the user inserts a row into a table, that row is assigned the security label at which the user is operating. Note that sensitivity labels permit only users at or above the row s sensitivity label to read the row (user s label dominates the label of the row); and only users operating at the object s sensitivity label may modify or destroy the object. 12) How does a user specify a label format in the CREATE TABLE command? There is no syntax needed to specify a label format in the CREATE TABLE command since TR has a label data type that is automatically created as a rowlabel column in a table as hidden field, i.e., the sensitivity label is not automatically displayed unless specifically requested in an SQL query. 13) What is the advantage of fully integrating the labeling and MAC policy of the TOS and TR? TR uses the same binary label and security lattice as the TOS. It relies on the TOS to enforce MAC on its own objects (process, files, etc.), but TR does not rely on the TOS for MAC enforcement of TR objects (database, catalog, schema, table, view, and row). It only relies on the TOS to label network connections, determine a valid label, and determine if one label dominates another. TR stores labels as an intrinsic part of its labeled objects. The labels are stored in the TOS internal format, but can be output in either short or long character strings. Using the TOS means that the label dominance rules, label format (e.g., number of levels, categories, etc.), and any label aliases known to the TOS are available and utilized within TR to determine access. This reduces maintenance and training costs and simplifies application development since only one set of labels is maintained. 14) What about compliance with the Common Criteria Labeled Security Protection Profile (LSPP)? Trusted RUBIX was among the first RDBMS certified to perform fine-grain data access as specified in the LSPP. Applications can be developed that contain multilevel or multi-domain data requests and are content/context filtered for a Community of Interest (COI) through fine grained labels. TR has been certified at EAL 4 (includes label security) on Trusted Solaris 8 by NSA. 15) Trusted RUBIX uses the same MAC security lattice as the underlying TOS. What protection is provided for situations where the movement of protected data from the TOS domain to the TR domain is required? Data moves from the TOS protected domain to the TR protected domain during an INSERT, UPDATE, or rximport command. When the user is NOT operating as the Trusted RUBIX Security Administrator, the database session sensitivity label always equals the TOS session sensitivity label. Trusted RUBIX automatically labels the data with the database session sensitivity label. In this mode there can be no change in the labeling of the data as it changes from the TOS domain to the TR domain. When the user is operating as the TR Security Administrator there is a potential for the data to change its sensitivity label and the user should act accordingly. Using the ALTER SESSION SET

22 19 19 LABEL command via the rxisql client the TR Security Administrator may change the database 19 session label to one that is greater than, less than, or incomparable to the current TOS session 19 sensitivity label. Therefore, when the data crosses from the TOS domain to the TR domain, the data will implicitly be re-graded from the current TOS session sensitivity label to the current database session sensitivity label. If the TR Security Administrator is using the rximport command in the multilevel mode ( m option), the data will be explicitly labeled to that specified in the text import file. A regular user would need to login to the TOS at each label and perform a single label import. 16) What protection is provided for situations where the movement of protected data from the TR domain to the TOS domain is required? Data moves from the TR protected domain to the TOS protected domain during a SELECT and rxexport operation. When the user is NOT operating as the TR Security Administrator, the database session sensitivity label always equals the TOS session sensitivity label and TR returns only rows that are dominated by the TR session sensitivity label. Once the data enters the TOS domain, the TOS will implicitly label at the TOS session sensitivity label. This may result in an implicit upgrade of data from the current data s TR object sensitivity label to the current TOS session sensitivity label. Using the ALTER SESSION SET LABEL command via the rxisql client, the TR Security Administrator may change the database session label to one that is greater than, less than, or incomparable to the current TOS session sensitivity label. Therefore, when the data crosses from the TR domain to the TOS domain, the data will implicitly be re-graded from the current database session sensitivity label to the current TOS session sensitivity label. 17) In TR DELETE/UPDATE operations what is the TR action if there are no rows at the user s label? If there are dominated rows which satisfy the search criteria then an error is returned. Otherwise, no rows affected is returned. 18) Does TR provide a secure default configuration? Yes. The default TR configuration is secure. There is no need for users to remove features not needed or to verify that user, platform, and application security measures are in place before the database goes into production. 19) How do TR clients make a connection request to a TR server process? A connection request is made to the TR Dispatcher (which runs persistently with a system high session label) by sending a trusted socket message on a publicly known port. The Dispatcher maintains a cache of idle server processes along with their database session sensitivity label. The database session sensitivity label generally remains static during a server process s lifetime (the exception is the trusted operation Alter Session noted in # 15 above). The Dispatcher first maps the client s connection request to an idle server with the same sensitivity label as the client. If such a server process exists, the listening port of the idle server is returned to the client. If no such idle server process exists, the Dispatcher forks a new server process and returns the listening port to the client. In both cases, the server process reads the client s session sensitivity label from the trusted socket s extended security attributes and sets the database server s session to be equal to that of the client session label. Thus, the Dispatcher is not relied upon to tell the servers what database

23 20 20 session sensitivity label to use Of course, if a trusted user does an Alter Session command, that changes the session label and the object will behave accordingly. The bottom line is that the data is at the label of the process, and the TOS ensures that the process label is the same as the user s session label. TR reads the label from the process and proceeds accordingly. 20) To conform to the MLS security policy what restrictions are there on TR SQL operations? In general, create operations result in labels being applied to new objects, update operations are restricted to objects of the same label as the subject, and reads return only objects which are dominated by the subject. 21) What specific benefit is provided by TR to protect sensitive data flow? Special provisions are made to the metadata to allow selecting the label of such objects. Polyinstantiation is fully supported to remove implicit information flows due to name collisions and to select one or all of such objects.

Trusted RUBIX TM. Version 6. Installation and Quick Start Guide Red Hat Enterprise Linux 6 SELinux Platform. Revision 6

Trusted RUBIX TM. Version 6. Installation and Quick Start Guide Red Hat Enterprise Linux 6 SELinux Platform. Revision 6 Trusted RUBIX TM Version 6 Installation and Quick Start Guide Red Hat Enterprise Linux 6 SELinux Platform Revision 6 RELATIONAL DATABASE MANAGEMENT SYSTEM Infosystems Technology, Inc. 4 Professional Dr

More information

Access Control Models Part I. Murat Kantarcioglu UT Dallas

Access Control Models Part I. Murat Kantarcioglu UT Dallas UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control Models Part I Murat Kantarcioglu UT Dallas Introduction Two main categories: Discretionary Access Control Models (DAC) Definition:

More information

Database Security Part 7

Database Security Part 7 Database Security Part 7 Discretionary Access Control vs Mandatory Access Control Elisa Bertino bertino@cs.purdue.edu Discretionary Access Control (DAC) No precise definition Widely used in modern operating

More information

Security Enhanced Linux and the Path Forward

Security Enhanced Linux and the Path Forward Security Enhanced Linux and the Path Forward April 2006 Justin Nemmers Engineer, Red Hat Agenda System security in an insecure world Red Hat Enterprise Linux Security Features An overview of Discretionary

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

Trusted RUBIX TM. Version 6. ODBC Guide. Revision 7 RELATIONAL DATABASE MANAGEMENT SYSTEM TEL +1-202-412-0152. Infosystems Technology, Inc.

Trusted RUBIX TM. Version 6. ODBC Guide. Revision 7 RELATIONAL DATABASE MANAGEMENT SYSTEM TEL +1-202-412-0152. Infosystems Technology, Inc. Trusted RUBIX TM Version 6 ODBC Guide Revision 7 RELATIONAL DATABASE MANAGEMENT SYSTEM Infosystems Technology, Inc. 4 Professional Dr - Suite 118 Gaithersburg, MD 20879 TEL +1-202-412-0152 1981, 2014 Infosystems

More information

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright.

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright. Database Security Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright.edu 937-775-5119 Goals of DB Security Integrity: Only authorized users should be

More information

An Oracle White Paper March 2009. Oracle Label Security in Government and Defense Environments

An Oracle White Paper March 2009. Oracle Label Security in Government and Defense Environments An Oracle White Paper March 2009 Oracle Label Security in Government and Defense Environments Protecting Sensitive Information... 2 Oracle Label Security Overview... 2 Getting Started with Oracle Label

More information

Guide to SQL Programming: SQL:1999 and Oracle Rdb V7.1

Guide to SQL Programming: SQL:1999 and Oracle Rdb V7.1 Guide to SQL Programming: SQL:1999 and Oracle Rdb V7.1 A feature of Oracle Rdb By Ian Smith Oracle Rdb Relational Technology Group Oracle Corporation 1 Oracle Rdb Journal SQL:1999 and Oracle Rdb V7.1 The

More information

Oracle Database 12c: Introduction to SQL Ed 1.1

Oracle Database 12c: Introduction to SQL Ed 1.1 Oracle University Contact Us: 1.800.529.0165 Oracle Database 12c: Introduction to SQL Ed 1.1 Duration: 5 Days What you will learn This Oracle Database: Introduction to SQL training helps you write subqueries,

More information

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University CS377: Database Systems Data Security and Privacy Li Xiong Department of Mathematics and Computer Science Emory University 1 Principles of Data Security CIA Confidentiality Triad Prevent the disclosure

More information

D61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to:

D61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to: D61830GC30 for Developers Summary Duration Vendor Audience 5 Days Oracle Database Administrators, Developers, Web Administrators Level Technology Professional Oracle 5.6 Delivery Method Instructor-led

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

Database Security. The Need for Database Security

Database Security. The Need for Database Security Database Security Public domain NASA image L-1957-00989 of people working with an IBM type 704 electronic data processing machine. 1 The Need for Database Security Because databases play such an important

More information

Postgres Plus xdb Replication Server with Multi-Master User s Guide

Postgres Plus xdb Replication Server with Multi-Master User s Guide Postgres Plus xdb Replication Server with Multi-Master User s Guide Postgres Plus xdb Replication Server with Multi-Master build 57 August 22, 2012 , Version 5.0 by EnterpriseDB Corporation Copyright 2012

More information

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

SEER Enterprise Shared Database Administrator s Guide

SEER Enterprise Shared Database Administrator s Guide SEER Enterprise Shared Database Administrator s Guide SEER for Software Release 8.2 SEER for IT Release 2.2 SEER for Hardware Release 7.3 March 2016 Galorath Incorporated Proprietary 1. INTRODUCTION...

More information

Duration Vendor Audience 5 Days Oracle End Users, Developers, Technical Consultants and Support Staff

Duration Vendor Audience 5 Days Oracle End Users, Developers, Technical Consultants and Support Staff D80198GC10 Oracle Database 12c SQL and Fundamentals Summary Duration Vendor Audience 5 Days Oracle End Users, Developers, Technical Consultants and Support Staff Level Professional Delivery Method Instructor-led

More information

Role Based Access Control (RBAC) Nicola Zannone

Role Based Access Control (RBAC) Nicola Zannone Role Based Access Control (RBAC) Nicola Zannone 1 DAC and MAC Discretionary Access Control (DAC) Access control determined by the owner of an object Oner can delegate access rights to other users Access

More information

SQL Server. 2012 for developers. murach's TRAINING & REFERENCE. Bryan Syverson. Mike Murach & Associates, Inc. Joel Murach

SQL Server. 2012 for developers. murach's TRAINING & REFERENCE. Bryan Syverson. Mike Murach & Associates, Inc. Joel Murach TRAINING & REFERENCE murach's SQL Server 2012 for developers Bryan Syverson Joel Murach Mike Murach & Associates, Inc. 4340 N. Knoll Ave. Fresno, CA 93722 www.murach.com murachbooks@murach.com Expanded

More information

CA DLP. Stored Data Integration Guide. Release 14.0. 3rd Edition

CA DLP. Stored Data Integration Guide. Release 14.0. 3rd Edition CA DLP Stored Data Integration Guide Release 14.0 3rd Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Part III. Access Control Fundamentals

Part III. Access Control Fundamentals Part III Access Control Fundamentals Sadeghi, Cubaleska @RUB, 2008-2009 Course Operating System Security Access Control Fundamentals 105 / 148 10 3.1 Authentication and Access Control 11 Examples for DAC

More information

Using LDAP Authentication in a PowerCenter Domain

Using LDAP Authentication in a PowerCenter Domain Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,

More information

FileMaker 11. ODBC and JDBC Guide

FileMaker 11. ODBC and JDBC Guide FileMaker 11 ODBC and JDBC Guide 2004 2010 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker is a trademark of FileMaker, Inc. registered

More information

ITM661 Database Systems. Database Security and Administration

ITM661 Database Systems. Database Security and Administration ITM661 Database Systems Database Security and Administration Outline Introduction to Database Security Issues Types of Security Threats to databases Database Security and DBA Access Protection, User Accounts,

More information

Oracle Database Security. Nathan Aaron ICTN 4040 Spring 2006

Oracle Database Security. Nathan Aaron ICTN 4040 Spring 2006 Oracle Database Security Nathan Aaron ICTN 4040 Spring 2006 Introduction It is important to understand the concepts of a database before one can grasp database security. A generic database definition is

More information

TRUSTED DISTRIBUTED RUBIX

TRUSTED DISTRIBUTED RUBIX RL-TR-96-78 Final Technical Report August 1996 TRUSTED DISTRIBUTED RUBIX Infosystems Technology, Inc. Mohammed Hasan, James P. O'Connor, Greg Pryzby, Anath Rao, Jasbir Singh, Mark Smith, and Dr. Virgil

More information

How To Secure An Rsa Authentication Agent

How To Secure An Rsa Authentication Agent RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

Computer security Lecture 3. Access control

Computer security Lecture 3. Access control Computer security Lecture 3 Access control Access control, the basic problem: Efficient representation of access rights Simply listing, per subject and object, what access is allowed and/or denied is very

More information

MOC 20461C: Querying Microsoft SQL Server. Course Overview

MOC 20461C: Querying Microsoft SQL Server. Course Overview MOC 20461C: Querying Microsoft SQL Server Course Overview This course provides students with the knowledge and skills to query Microsoft SQL Server. Students will learn about T-SQL querying, SQL Server

More information

Oracle Database 10g: Introduction to SQL

Oracle Database 10g: Introduction to SQL Oracle University Contact Us: 1.800.529.0165 Oracle Database 10g: Introduction to SQL Duration: 5 Days What you will learn This course offers students an introduction to Oracle Database 10g database technology.

More information

Lecture 14 Towards Trusted Systems Security Policies and Models

Lecture 14 Towards Trusted Systems Security Policies and Models Lecture 14 Towards Trusted Systems Security Policies and Models Thierry Sans 15-349: Introduction to Computer and Network Security domains Definition of MAC MAC (Mandatory Access Control) A set of access

More information

Security Issues in the Database Language SQL W. Timothy Polk and Lawrence E. Bassham

Security Issues in the Database Language SQL W. Timothy Polk and Lawrence E. Bassham NIST Special Publication 800-8 Security Issues in the Database Language SQL W. Timothy Polk and Lawrence E. Bassham The Database Language SQL (SQL) is a standard interface for accessing and manipulating

More information

Matisse Server Administration Guide

Matisse Server Administration Guide Matisse Server Administration Guide May 2014 MATISSE Server Administration Guide Copyright 2013 Matisse Software Inc. All Rights Reserved. This manual and the software described in it are copyrighted.

More information

Tips and Tricks SAGE ACCPAC INTELLIGENCE

Tips and Tricks SAGE ACCPAC INTELLIGENCE Tips and Tricks SAGE ACCPAC INTELLIGENCE 1 Table of Contents Auto e-mailing reports... 4 Automatically Running Macros... 7 Creating new Macros from Excel... 8 Compact Metadata Functionality... 9 Copying,

More information

COSC344 Database Theory and Applications. Lecture 23 Security and Auditing. COSC344 Lecture 23 1

COSC344 Database Theory and Applications. Lecture 23 Security and Auditing. COSC344 Lecture 23 1 COSC344 Database Theory and Applications Lecture 23 Security and Auditing COSC344 Lecture 23 1 Overview Last Lecture Indexing This Lecture Database Security and Auditing Security Mandatory access control

More information

MySQL for Beginners Ed 3

MySQL for Beginners Ed 3 Oracle University Contact Us: 1.800.529.0165 MySQL for Beginners Ed 3 Duration: 4 Days What you will learn The MySQL for Beginners course helps you learn about the world's most popular open source database.

More information

TRANSMAT Trusted Operations for Untrusted Database Applications

TRANSMAT Trusted Operations for Untrusted Database Applications TRANSMAT Trusted Operations for Untrusted Database s Dan Thomsen Secure Computing Corporation 2675 Long Lake Road Roseville, MN 55113, USA email: thomsen@sctc.com Abstract This paper presents a technique

More information

Access Control Matrix

Access Control Matrix Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix entry is the access rights that subject has for that object

More information

DBMS / Business Intelligence, SQL Server

DBMS / Business Intelligence, SQL Server DBMS / Business Intelligence, SQL Server Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals.

More information

CA Clarity Project & Portfolio Manager

CA Clarity Project & Portfolio Manager CA Clarity Project & Portfolio Manager Using CA Clarity PPM with Open Workbench and Microsoft Project v12.1.0 This documentation and any related computer software help programs (hereinafter referred to

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

Legal Notes. Regarding Trademarks. 2012 KYOCERA Document Solutions Inc.

Legal Notes. Regarding Trademarks. 2012 KYOCERA Document Solutions Inc. Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable for any problems arising from

More information

PATROL Console Server and RTserver Getting Started

PATROL Console Server and RTserver Getting Started PATROL Console Server and RTserver Getting Started Supporting PATROL Console Server 7.5.00 RTserver 6.6.00 February 14, 2005 Contacting BMC Software You can access the BMC Software website at http://www.bmc.com.

More information

Database Security and Authorization

Database Security and Authorization Database Security and Authorization 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3 Database Security and DBA 1.4 Access Protection, User Accounts,

More information

Division of IT Security Best Practices for Database Management Systems

Division of IT Security Best Practices for Database Management Systems Division of IT Security Best Practices for Database Management Systems 1. Protect Sensitive Data 1.1. Label objects containing or having dedicated access to sensitive data. 1.1.1. All new SCHEMA/DATABASES

More information

Evoko Room Manager. System Administrator s Guide and Manual

Evoko Room Manager. System Administrator s Guide and Manual Evoko Room Manager System Administrator s Guide and Manual 1 1. Contents 1. Contents... 2 2. Read this first! Introduction to this Guide... 6 3. User Guide... 6 4. System Architecture Overview... 8 ----

More information

Synthetic Monitoring Scripting Framework. User Guide

Synthetic Monitoring Scripting Framework. User Guide Synthetic Monitoring Scripting Framework User Guide Please direct questions about {Compuware Product} or comments on this document to: APM Customer Support FrontLine Support Login Page: http://go.compuware.com

More information

Technology Primer. OPS Manager, Release 7.4. Integrating Your Directory Server with our Directory Service Solution

Technology Primer. OPS Manager, Release 7.4. Integrating Your Directory Server with our Directory Service Solution Technology Primer OPS Manager, Release 7.4 Integrating Your Directory Server with our Directory Service Solution The Mitel Integrated Directory Services (IDS) application synchronizes the telephone directory

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

ADO and SQL Server Security

ADO and SQL Server Security ADO and SQL Server Security Security is a growing concern in the Internet/intranet development community. It is a constant trade off between access to services and data, and protection of those services

More information

Oracle Essbase Integration Services. Readme. Release 9.3.3.0.00

Oracle Essbase Integration Services. Readme. Release 9.3.3.0.00 Oracle Essbase Integration Services Release 9.3.3.0.00 Readme To view the most recent version of this Readme, see the 9.3.x documentation library on Oracle Technology Network (OTN) at http://www.oracle.com/technology/documentation/epm.html.

More information

FileMaker 12. ODBC and JDBC Guide

FileMaker 12. ODBC and JDBC Guide FileMaker 12 ODBC and JDBC Guide 2004 2012 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and Bento are trademarks of FileMaker, Inc.

More information

ORACLE DATABASE SECURITY. Keywords: data security, password administration, Oracle HTTP Server, OracleAS, access control.

ORACLE DATABASE SECURITY. Keywords: data security, password administration, Oracle HTTP Server, OracleAS, access control. ORACLE DATABASE SECURITY Cristina-Maria Titrade 1 Abstract This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource

More information

Patterns of Information Management

Patterns of Information Management PATTERNS OF MANAGEMENT Patterns of Information Management Making the right choices for your organization s information Summary of Patterns Mandy Chessell and Harald Smith Copyright 2011, 2012 by Mandy

More information

The Relational Model. Why Study the Relational Model?

The Relational Model. Why Study the Relational Model? The Relational Model Chapter 3 Instructor: Vladimir Zadorozhny vladimir@sis.pitt.edu Information Science Program School of Information Sciences, University of Pittsburgh 1 Why Study the Relational Model?

More information

Security Provider Integration LDAP Server

Security Provider Integration LDAP Server Security Provider Integration LDAP Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

INFO/CS 330: Applied Database Systems

INFO/CS 330: Applied Database Systems INFO/CS 330: Applied Database Systems Introduction to Database Security Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Introduction to DB Security Secrecy:Users should not be

More information

Database Programming with PL/SQL: Learning Objectives

Database Programming with PL/SQL: Learning Objectives Database Programming with PL/SQL: Learning Objectives This course covers PL/SQL, a procedural language extension to SQL. Through an innovative project-based approach, students learn procedural logic constructs

More information

MAS 500 Intelligence Tips and Tricks Booklet Vol. 1

MAS 500 Intelligence Tips and Tricks Booklet Vol. 1 MAS 500 Intelligence Tips and Tricks Booklet Vol. 1 1 Contents Accessing the Sage MAS Intelligence Reports... 3 Copying, Pasting and Renaming Reports... 4 To create a new report from an existing report...

More information

Role-based access control. RBAC: Motivations

Role-based access control. RBAC: Motivations Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,

More information

Concepts of Database Management Seventh Edition. Chapter 7 DBMS Functions

Concepts of Database Management Seventh Edition. Chapter 7 DBMS Functions Concepts of Database Management Seventh Edition Chapter 7 DBMS Functions Objectives Introduce the functions, or services, provided by a DBMS Describe how a DBMS handles updating and retrieving data Examine

More information

SQL Server. 1. What is RDBMS?

SQL Server. 1. What is RDBMS? SQL Server 1. What is RDBMS? Relational Data Base Management Systems (RDBMS) are database management systems that maintain data records and indices in tables. Relationships may be created and maintained

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Aras Innovator Authentication Setup

Aras Innovator Authentication Setup Aras Innovator Authentication Setup Aras Innovator 9.1 Document #: 9.1.009032008 Last Modified: 3/12/2009 Copyright 2009 Aras Corporation ARAS CORPORATION Copyright 2009 All rights reserved Aras Corporation

More information

Reference Guide for Security in Networks

Reference Guide for Security in Networks Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template

More information

Database Security Sabrina De Capitani di Vimercati, Dip. Elettronica, Universita di Brescia, 25123 Brescia, Italy Pierangela Samarati, Dip. di Tecnologie dell'informazione, Universita di Milano, 26013

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

Eucalyptus 3.4.2 User Console Guide

Eucalyptus 3.4.2 User Console Guide Eucalyptus 3.4.2 User Console Guide 2014-02-23 Eucalyptus Systems Eucalyptus Contents 2 Contents User Console Overview...4 Install the Eucalyptus User Console...5 Install on Centos / RHEL 6.3...5 Configure

More information

www.gr8ambitionz.com

www.gr8ambitionz.com Data Base Management Systems (DBMS) Study Material (Objective Type questions with Answers) Shared by Akhil Arora Powered by www. your A to Z competitive exam guide Database Objective type questions Q.1

More information

Database Security. Chapter 21

Database Security. Chapter 21 Database Security Chapter 21 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. E.g., A student can t see other students grades. Integrity: Users should

More information

Installation Guide. Novell Storage Manager 3.1.1 for Active Directory. Novell Storage Manager 3.1.1 for Active Directory Installation Guide

Installation Guide. Novell Storage Manager 3.1.1 for Active Directory. Novell Storage Manager 3.1.1 for Active Directory Installation Guide Novell Storage Manager 3.1.1 for Active Directory Installation Guide www.novell.com/documentation Installation Guide Novell Storage Manager 3.1.1 for Active Directory October 17, 2013 Legal Notices Condrey

More information

Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3

Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3 Contents Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3 Introduction... 3 How to Register a UNIX Host in a One-Way Trust Domain Environment... 4 Creating a Windows Agentless

More information

An Oracle White Paper June 2014. Security and the Oracle Database Cloud Service

An Oracle White Paper June 2014. Security and the Oracle Database Cloud Service An Oracle White Paper June 2014 Security and the Oracle Database Cloud Service 1 Table of Contents Overview... 3 Security architecture... 4 User areas... 4 Accounts... 4 Identity Domains... 4 Database

More information

Change Management for Rational DOORS User s Guide

Change Management for Rational DOORS User s Guide Change Management for Rational DOORS User s Guide Before using this information, read the general information under Appendix: Notices on page 58. This edition applies to Change Management for Rational

More information

USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. www.pesa.com August 2014 Phone: 256.726.9200. Publication: 81-9059-0703-0, Rev. C

USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. www.pesa.com August 2014 Phone: 256.726.9200. Publication: 81-9059-0703-0, Rev. C USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION Publication: 81-9059-0703-0, Rev. C www.pesa.com Phone: 256.726.9200 Thank You for Choosing PESA!! We appreciate your confidence in our products. PESA produces

More information

1 File Processing Systems

1 File Processing Systems COMP 378 Database Systems Notes for Chapter 1 of Database System Concepts Introduction A database management system (DBMS) is a collection of data and an integrated set of programs that access that data.

More information

Data Security and Governance with Enterprise Enabler

Data Security and Governance with Enterprise Enabler Copyright 2014 Stone Bond Technologies, L.P. All rights reserved. The information contained in this document represents the current view of Stone Bond Technologies on the issue discussed as of the date

More information

Access Control Fundamentals

Access Control Fundamentals C H A P T E R 2 Access Control Fundamentals An access enforcement mechanism authorizes requests (e.g., system calls) from multiple subjects (e.g., users, processes, etc.) to perform operations (e.g., read,,

More information

etrust Audit Using the Recorder for Check Point FireWall-1 1.5

etrust Audit Using the Recorder for Check Point FireWall-1 1.5 etrust Audit Using the Recorder for Check Point FireWall-1 1.5 This documentation and related computer software program (hereinafter referred to as the Documentation ) is for the end user s informational

More information

Database Administration with MySQL

Database Administration with MySQL Database Administration with MySQL Suitable For: Database administrators and system administrators who need to manage MySQL based services. Prerequisites: Practical knowledge of SQL Some knowledge of relational

More information

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.

More information

The Relational Model. Ramakrishnan&Gehrke, Chapter 3 CS4320 1

The Relational Model. Ramakrishnan&Gehrke, Chapter 3 CS4320 1 The Relational Model Ramakrishnan&Gehrke, Chapter 3 CS4320 1 Why Study the Relational Model? Most widely used model. Vendors: IBM, Informix, Microsoft, Oracle, Sybase, etc. Legacy systems in older models

More information

Access Control. Dr George Danezis (g.danezis@ucl.ac.uk)

Access Control. Dr George Danezis (g.danezis@ucl.ac.uk) Access Control Dr George Danezis (g.danezis@ucl.ac.uk) Resources Key paper: Carl E. Landwehr: Formal Models for Computer Security. ACM Comput. Surv. 13(3): 247-278 (1981) See references to other optional

More information

Oracle Database Security

Oracle Database Security breaking through barriers to progress By Raman Jathar an award winning '2004 Future 50 Company' 18650 W. Corporate Drive Suite 120 Brookfield, WI 53045 262.792.0200 Database Security Lately, database security

More information

RSA Authentication Manager 7.1 Basic Exercises

RSA Authentication Manager 7.1 Basic Exercises RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo

More information

SQL Databases Course. by Applied Technology Research Center. This course provides training for MySQL, Oracle, SQL Server and PostgreSQL databases.

SQL Databases Course. by Applied Technology Research Center. This course provides training for MySQL, Oracle, SQL Server and PostgreSQL databases. SQL Databases Course by Applied Technology Research Center. 23 September 2015 This course provides training for MySQL, Oracle, SQL Server and PostgreSQL databases. Oracle Topics This Oracle Database: SQL

More information

Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification

Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 Outline More Complex SQL Retrieval Queries

More information

Database security. André Zúquete Security 1. Advantages of using databases. Shared access Many users use one common, centralized data set

Database security. André Zúquete Security 1. Advantages of using databases. Shared access Many users use one common, centralized data set Database security André Zúquete Security 1 Advantages of using databases Shared access Many users use one common, centralized data set Minimal redundancy Individual users do not have to collect and maintain

More information

Database security issues PETRA BILIĆ ALEXANDER SPARBER

Database security issues PETRA BILIĆ ALEXANDER SPARBER Database security issues PETRA BILIĆ ALEXANDER SPARBER Introduction Database security is one aspect of computer security It uses different information security controls to protect databases Information

More information

MapReduce. MapReduce and SQL Injections. CS 3200 Final Lecture. Introduction. MapReduce. Programming Model. Example

MapReduce. MapReduce and SQL Injections. CS 3200 Final Lecture. Introduction. MapReduce. Programming Model. Example MapReduce MapReduce and SQL Injections CS 3200 Final Lecture Jeffrey Dean and Sanjay Ghemawat. MapReduce: Simplified Data Processing on Large Clusters. OSDI'04: Sixth Symposium on Operating System Design

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may

More information

SQL Server An Overview

SQL Server An Overview SQL Server An Overview SQL Server Microsoft SQL Server is designed to work effectively in a number of environments: As a two-tier or multi-tier client/server database system As a desktop database system

More information

2. Basic Relational Data Model

2. Basic Relational Data Model 2. Basic Relational Data Model 2.1 Introduction Basic concepts of information models, their realisation in databases comprising data objects and object relationships, and their management by DBMS s that

More information

Dell InTrust 11.0. Preparing for Auditing Microsoft SQL Server

Dell InTrust 11.0. Preparing for Auditing Microsoft SQL Server 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement.

More information

HP Quality Center. Upgrade Preparation Guide

HP Quality Center. Upgrade Preparation Guide HP Quality Center Upgrade Preparation Guide Document Release Date: November 2008 Software Release Date: November 2008 Legal Notices Warranty The only warranties for HP products and services are set forth

More information

CS 665: Computer System Security. Designing Trusted Operating Systems. Trusted? What Makes System Trusted. Information Assurance Module

CS 665: Computer System Security. Designing Trusted Operating Systems. Trusted? What Makes System Trusted. Information Assurance Module CS 665: Computer System Security Designing Trusted Operating Systems Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Trusted? An operating system is

More information

Defense In-Depth to Achieve Unbreakable Database Security

Defense In-Depth to Achieve Unbreakable Database Security Defense In-Depth to Achieve Unbreakable Database Security Qiang Lin, Ph.D Abstract Enterprises realize that sole reliance on generic security mechanisms does not provide the protection they need for their

More information

Lecture 6. SQL, Logical DB Design

Lecture 6. SQL, Logical DB Design Lecture 6 SQL, Logical DB Design Relational Query Languages A major strength of the relational model: supports simple, powerful querying of data. Queries can be written intuitively, and the DBMS is responsible

More information

Technical Data Sheet: imc SEARCH 3.1. Topology

Technical Data Sheet: imc SEARCH 3.1. Topology : imc SEARCH 3.1 Database application for structured storage and administration of measurement data: Measurement data (measurement values, measurement series, combined data from multiple measurement channels)

More information