350 research outputs found
A Design of MAC Model Based on the Separation of Duties and Data Coloring: DSDC-MAC
Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects\u27 roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data
Advanced Access Control to Information Systems: Requirements, Compliance and Future Directives
The swift cadence of Information and Communication Technologies (ICT) is at the origin of a new generation of open, ubiquitous, large-scale, complex, and heterogeneous information systems (IS). Inextricably linked with this evolution, a number of technical, administrative, and social challenges should be urgently addressed. Security and privacy in critical IS are recognized as crucial issues. The access control is well adopted as a typical solution for securing sensitive resources and ensuring authorized interactions within IS. The chapter deals mainly with the thematic of advanced access control to IS and particularly to relational databases. We present a synthesis of the state of the art of access control that encloses a study of research advancements and challenges. We introduce and discuss requirements and main characteristics for deploying advanced access control infrastructures. Then, we discuss the problem of the conformity of concrete access control infrastructures, and we propose a conformity management scheme for monitoring the compliance between low-level and high-level policies. Finally, we provide and discuss proposals and directives to enhance provably secure and compliant access control schemes as a main characteristic of future IS
DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database
Database integrity is crucial to organizations that rely on databases of important data. They suffer from the vulnerability to internal fraud. Database tampering by internal malicious employees with high technical authorization to their infrastructure or even compromised by externals is one of the important attack vectors.
This thesis addresses such challenge in a class of problems where data is appended only and is immutable. Examples of operations where data does not change is a) financial institutions (banks, accounting systems, stock market, etc., b) registries and notary systems where important data is kept but is never subject to change, and c) system logs that must be kept intact for performance and forensic inspection if needed. The target of the approach is implementation seamlessness with little-or-no changes required in existing systems.
Transaction tracking for tamper detection is done by utilizing a common hashtable that serially and cumulatively hashes transactions together while using an external time-stamper and signer to sign such linkages together. This allows transactions to be tracked without any of the organizations’ data leaving their premises and going to any third-party which also reduces the performance impact of tracking. This is done so by adding a tracking layer and embedding it inside the data workflow while keeping it as un-invasive as possible.
DBKnot implements such features a) natively into databases, or b) embedded inside Object Relational Mapping (ORM) frameworks, and finally c) outlines a direction of implementing it as a stand-alone microservice reverse-proxy. A prototype ORM and database layer has been developed and tested for seamlessness of integration and ease of use. Additionally, different models of optimization by implementing pipelining parallelism in the hashing/signing process have been tested in order to check their impact on performance.
Stock-market information was used for experimentation with DBKnot and the initial results gave a slightly less than 100% increase in transaction time by using the most basic, sequential, and synchronous version of DBKnot. Signing and hashing overhead does not show significant increase per record with the increased amount of data. A number of different alternate optimizations were done to the design that via testing have resulted in significant increase in performance
Performance study of a COTS Distributed DBMS adapted for multilevel security
Multilevel secure database management system (MLS/DBMS) products
no longer enjoy direct commercial-off-the-shelf (COTS) support.
Meanwhile, existing users of these MLS/DBMS products continue to
rely on them to satisfy their multilevel security requirements.
This calls for a new approach to developing MLS/DBMS systems, one
that relies on adapting the features of existing COTS database
products rather than depending on the traditional custom design
products to provide continuing MLS support.
We advocate fragmentation as a good basis for implementing
multilevel security in the new approach because it is well
supported in some current COTS database management systems. We
implemented a prototype that utilises the inherent advantages of
the distribution scheme in distributed databases for controlling
access to single-level fragments; this is achieved by augmenting
the distribution module of the host distributed DBMS with MLS code
such that the clearance of the user making a request is always
compared to the classification of the node containing the
fragments referenced; requests to unauthorised nodes are simply
dropped.
The prototype we implemented was used to instrument a series of
experiments to determine the relative performance of the tuple,
attribute, and element level fragmentation schemes. Our
experiments measured the impact on the front-end and the network
when various properties of each scheme, such as the number of
tuples, attributes, security levels, and the page size, were
varied for a Selection and Join query. We were particularly
interested in the relationship between performance degradation and
changes in the quantity of these properties. The performance of
each scheme was measured in terms of its response time.
The response times for the element level fragmentation scheme
increased as the numbers of tuples, attributes, security levels,
and the page size were increased, more significantly so than when
the number of tuples and attributes were increased. The response
times for the attribute level fragmentation scheme was the
fastest, suggesting that the performance of the attribute level
scheme is superior to the tuple and element level fragmentation
schemes. In the context of assurance, this research has also shown
that the distribution of fragments based on security level is a
more natural approach to implementing security in MLS/DBMS
systems, because a multilevel database is analogous to a
distributed database based on security level.
Overall, our study finds that the attribute level fragmentation
scheme demonstrates better performance than the tuple and element
level schemes. The response times (and hence the performance) of
the element level fragmentation scheme exhibited the worst
performance degradation compared to the tuple and attribute level
schemes
Modelo de controlo de acesso para suportar orquestração de expressões CRUD
Mestrado em Engenharia de Computadores e TelemáticaAccess Control is a sensitive and crucial aspect when it comes to
securing the data present in the databases. In an application which is
driven by Create, Read, Update and Delete (CRUD) expressions, users
can execute a single CRUD expression or a sequence of CRUD
expressions to achieve the desired results. In such type of applications,
the Access Control is not just Iimited to authorizing the subject for
accessing the object, but it also aims to authorize and validate the
operations that a subject can perform on the data after the authorization.
Current Access Control models are generally concerned with restricting
the access to the resources. However, once the subject is authorized,
there are no restrictions on the actions a subject can perform on the
resources. In this work an Access Control Model has been presented
which extends current Access Control model's features to provide an
environment where a set of predefined policies are implemented as
graphs of CRUD expressions. The design of the access control policies
is based on the CRUD expressions that a user needs to execute to
complete a task. These graphs of CRUD expressions are hence used
for controlling and validating the actions that can be performed on
authorized information. In order to reuse the policies, presented model
allows the inter execution of the policies based on some predefined
rules. The aim of the present thesis work is to provide a structure which
allows the application users to only execute the authorized sequences
of CRUD expressions in a predefined order and allows the security
experts to design the policies in a flexible way through the graph data
structure. As a proof of concept, Role based Access Control model
(RBAC) has been taken as a reference access control model and the
base for this work is chosen as Secured, Distributed and Dynamic
RBAC (S-DRACA) which allowed the sequence of CRUD expressions to
be executed in single direction.O controlo de acesso é um aspecto sensível e crucial quando se fala de
proteger dados presentes em base de dados. Em aplicações que
assentam numa base de dados baseadas em expressões Creafe, Read,
Update e Delefe (CRUD) , os utilizadores podem executar uma ou uma
sequência de expressões CRUD para obter um dado resultado. Neste
tipo de aplicações o controlo de acesso não é limitado apenas a autorizar
o acesso a um objecto por um sujeito, mas também a autorizar e validar
as operações que o sujeito pode fazer sobre os dados depois de obter
autorização. Os modelos atuais de controlo de acesso geralmente focamse
em restringir o acesso aos recursos CRUD a CRUD. No entanto, logo
que o sujeito é autorizado, não há restrições sob as ações que este pode
efetuar sobre esses recursos. Neste trabalho é apresentado um modelo
de controlo de acesso que extende as funcionalidades dos modelos de
controlo de acesso atuais para fornecer um ambiente onde um conjunto
de politicas predefinidas são implementadas como grafos de expressões
CRUD. Estes grafos de expressões CRUD são considerados como
sequências que atuam como politicas guardadas e preconfiguradas. O
design das sequências é baseado nas operações que o utilizador deseja
efetuar para obter um dado resultado. Estas sequências de expressões
CRUD são assim usadas para controlar e validar as ações que podem
ser efetuadas sobre a informação armazenada. De forma a reusar estas
políticas, o modelo apresentado define o uso de execuçao externa de
políticas configuradas. O objetivo do trabalho nesta tese é fornecer uma
estrutura que permite aos utilizadores de aplicações apenas executarem
sequências autorizadas de expressões CRUD numa ordem predefinida e
permitir aos administradores de sistema de desenharem politicas de uma
forma flexível através de estruturas de grafos. Como prova de conceito, o
modelo Role Based Access Control (RBAC) foi tido como referência para
o modelo de controlo de acesso e para a base deste trabalho foi
escolhido o S-DRACA que permite sequências de expressões CRUD de
serem executadas por ordem
- …