Your SlideShare is downloading. ×
Distributed database security with discretionary access control
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Distributed database security with discretionary access control

344
views

Published on

Distributed database security with discretionary access control.. This was my my final year project.. This is based on Bell Lapadula model

Distributed database security with discretionary access control.. This was my my final year project.. This is based on Bell Lapadula model

Published in: Education, Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
344
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Different tuples and different attributes are assigned a security level Different users have the same set of security levels
  • Transcript

    • 1. By Sumitro Bhaumik – 000911001011 Jyotishkar Dey – 000911001036
    • 2. A new paradigm of database security which assigns different security levels to users and as well as attributes depending upon some security policies as per requirement
    • 3. • Conventional database security does not provide “granular security” • You either have access or have no access to a database • But items in a database are of different types, need different security • One “easy” solution; keep items of same security levels in different tables Problems • Conflict with relational dependencies • Increased complexity in order to preserve both relational dependencies and security dependencies
    • 4. “Multi-level Security System” Users of a particular security level can only access elements in a database which correspond to his/her security level This way, sensitive data in the same database will be hidden, while still allowing the public to access the central database
    • 5. The Bell-LaPadula Model This model focuses on data confidentiality and controlled access to classified information. In this formal model, the entities in an information system are divided into subjects and objects. The Bell– LaPadula is built on the concept of a state machine with a set of allowable “secure states”. The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state. This inductively proves that the system satisfies the security objectives of the model
    • 6. The Bell-LaPadula Model The Bell–LaPadula model defines a “secure state” through three multilevel properties • The Simple Security Property (ss Property) • The * (star) Security Property • The Discretionary Security Property
    • 7. The Simple Security Property This policy requires a subject of lower security level cannot read from an object of higher security level, that is, no “read-up”
    • 8. The * (Star) Security Property This policy requires a subject of higher security level not to write on an object of lower security level, that is, no “write down”
    • 9. The Discretionary Security Property This policy does not require any hard and fast rule. A security mapping is created between subjects and objects which indicates which subject can read and write into which object.
    • 10. 1. Identification of subjects, objects and permitted actions (identification process) 1. Identification of the subjects 2. Identification of the objects 2. Assignment of security labels (labeling process) 1. Assignment of security labels to the subjects 2. Assignment of security labels to the objects
    • 11. Identification of subjects Identification of objects Labeling of subjects Labeling of objects
    • 12. Pros • Gives finer control over the security of the database • Attributes do not loose their functional dependency • No need to change original database to implement this feature; transparent. Hence, very easy to mobilize the technology • There needs to be only one global database which users can use, without any fear of leakage of sensitive data. No need to create a separate database for different security levels
    • 13. Cons • For every query, the security level of every element needs to be checked with the security level of the user. Hence, the process is a bit slow • Care has to be taken for some special conditions which might arise during “write up” operations
    • 14. • Banking • Defense • Office • Public/Private database