Development and Implementation of Mandatory Access
Control Policy for RDBMS MySQL
Denis Kolegov, Nikolay Tkachenko, Dmitry...
Problem

Development and implementation of mandatory access control for
RDBMSs that originally based on discretionary acce...
Disadvantages of existence approaches

Absence of formal (mathematical) models for access control security
policies
Correc...
Purpose of the work

Enforcement of MLS policy in DBMS MySQL based on the formal models
The following problems were solved...
Research of access control in MySQL

Access control research was based on the documentation and source
code analysis and t...
Research of access control in MySQL

The following types of SQL statements can lead to unauthorized access
and MLS policy ...
Example of violating MLS policy information flow

user> insert tab2 values((select col1 from tab1 limit 1));
(

)

7 / 18
Policy restrictions

All information flows are considered within DBMS MySQL
Information flows generated by SELECT, INSERT, U...
The DP-models theory

DP-models were developed by Peter Devyanin in «Access control and
information flow security analysis ...
Elements of developed MySQL DP-model

Object entities O: columns COL, procedures Op , triggers Ot , views Ov
and variables...
Elements of developed MySQL DP-model

Set of access rights Rr = {readr , writer , appendr , deleter , alterr ,
executer , ...
Examples of transformation rules

Rule
create_session(u, s)

Initial state
u ∈ U, s ∈ S

s
∈ S, user (s) ∈ Lu ,
u ∈ U, l ≤...
Theorem
Definition 1
In the state G of system Σ(G ∗, OP) access (s, e, α) ∈ A satisfy to
ss-property, if α = appenda or fs ...
Security labels storing

(

)

14 / 18
Security labels processing

(

)

15 / 18
Mandatory access control scheme

(

)

16 / 18
Results

1) The implementation methods of violating MLS policy information
flows in DBMS MySQL were identified
2) The mathem...
Thank you for your attention!!!

Denis Kolegov,
d.n.kolegov@gmail.com
Nikolay Tkachenko,
n.o.tkachenko@gmail.com
Dmitry Ch...
Upcoming SlideShare
Loading in …5
×

Development and Implementation of Mandatory Access Control Policy for RDBMS MySQL

1,395 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,395
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Development and Implementation of Mandatory Access Control Policy for RDBMS MySQL

  1. 1. Development and Implementation of Mandatory Access Control Policy for RDBMS MySQL Denis Kolegov, Nikolay Tkachenko, Dmitry Chernov National Research Tomsk State University Department of Information Security and Cryptography ( ) 1 / 18
  2. 2. Problem Development and implementation of mandatory access control for RDBMSs that originally based on discretionary access control is one of the actual problem of computer security The MLS policy restricts access to entities based on the sensitivity of the information contained in its entities and the "clearance"of users to access such information MLS controls the flow of information across the entire system, guaranteeing that users with lower clearance know nothing about the existence or contents of data with higher sensitivities ( ) 2 / 18
  3. 3. Disadvantages of existence approaches Absence of formal (mathematical) models for access control security policies Correctness of mandatory access control is not proved Security requirements for information flows are not considered Mandatory access control mechanisms are not implemented as reference monitor of database kernel ( ) 3 / 18
  4. 4. Purpose of the work Enforcement of MLS policy in DBMS MySQL based on the formal models The following problems were solved for reaching the purpose: Research and modelling of discretionary access control mechanisms in MySQL Develompent of MySQL security policy including initially DAC policy and new MLS policy Implementation of MLS mechanism based on the created formal security model Access control mechanism security testing ( ) 4 / 18
  5. 5. Research of access control in MySQL Access control research was based on the documentation and source code analysis and tests The main storage and timing covert channels were identified and assessed Information flows arising from SQL statements execution and violating MLS policy were identified ( ) 5 / 18
  6. 6. Research of access control in MySQL The following types of SQL statements can lead to unauthorized access and MLS policy violating information flows: «INSERT INTO . . . VALUES((SELECT. . . ), . . . )»; «INSERT . . . SELECT»; «UPDATE . . . SET . . . = (SELECT . . . )». ( ) 6 / 18
  7. 7. Example of violating MLS policy information flow user> insert tab2 values((select col1 from tab1 limit 1)); ( ) 7 / 18
  8. 8. Policy restrictions All information flows are considered within DBMS MySQL Information flows generated by SELECT, INSERT, UPDATE and DELETE operators are considered Timing covert channels are out of scope ( ) 8 / 18
  9. 9. The DP-models theory DP-models were developed by Peter Devyanin in «Access control and information flow security analysis of Computer Systems» monography DP-models are based on the elements of Take-Grant model, Bell-LaPadula model, and Military Security Policy model DP-models are proposed for mathematical proving of access control security ( ) 9 / 18
  10. 10. Elements of developed MySQL DP-model Object entities O: columns COL, procedures Op , triggers Ot , views Ov and variables Ov Container entities C : tables TAB, databases DB and root container C0 Session subjects S, users’ accounts U Function of entity hierarchy H : C ∪ Op ∪ Ot ∪ S → 2O∪C Function of security classification of object entities fe : (O Ov ) ∪ C → L Function of security clearance of user’s accounts fs : U → L Function determining user by session subject user : S → U ( ) 10 / 18
  11. 11. Elements of developed MySQL DP-model Set of access rights Rr = {readr , writer , appendr , deleter , alterr , executer , creater , dropr , create_routiner , create_userr , triggerr , create_viewr } Set of accesses Ra = {reada , writea , appenda } Set of information flows Rf = {writem } Set of access rights that can be granted Grant ⊆ U × (C ∪ O) × Rr State of the model G = (U, S, E , R, A, H, (fs , fe ), user , Grant, execute_as, triggers, owner , operations, var ) Σ(G ∗ , OP) – computer system ( ) 11 / 18
  12. 12. Examples of transformation rules Rule create_session(u, s) Initial state u ∈ U, s ∈ S s ∈ S, user (s) ∈ Lu , u ∈ U, l ≤ fs (user (s)), (user (s), c0 , create_userr ) ∈ R grant_right(s, u, e, α, s ∈ S, u ∈ U, e ∈ C ∪O, α ∈ Rr , grant_option) grant_option ∈ {true, false}, ∃c ≥ e : (s, c , α) ∈ Rr , ∃c ≥ e : (user (s), c, α) ∈ Grant access_read(s, e) s ∈ S, e ∈ DB ∪ TAB ∪ COL, ∃c ∈ C ∪ O, that e < c or e = c, fs (user (s)) ≥ fe (c) and HLS(e, c) = true, e1 ∈ O ∪ C : fe (e1 ) < fe (e) and (s, e1 , α) ∈ A, where α ∈ {writea , appenda } create_user (s, u, l) ( Final state Ss = Ss ∪ {s}, fs (s) = fs (u), user (s) = u U = U ∪ {u}, fs (u) = l R = R ∪ {(u, e, α)}, if grant_option = true, then Grant = Grant ∪ {(u, e, α)} A = A ∪ {(s, e, reada )}, F = F ∪ {(e, s, writem )} ) 12 / 18
  13. 13. Theorem Definition 1 In the state G of system Σ(G ∗, OP) access (s, e, α) ∈ A satisfy to ss-property, if α = appenda or fs (user (s)) ≥ fe (e). Definition 2 In the state G of system Σ(G ∗, OP) accesses (s, e1 , reada ), (s, e2 , α) ∈ A, where α ∈ {writea , appenda } satisfy to *-property, if fe (e1 ) ≤ fe (e2 ). Theorem Let G0 – initial state of the system Σ(G ∗, OP, G0 ), that is secure in terms of Bell-LaPadula, and A0 = F0 = ∅. Then system Σ(G ∗, OP, G0 ) is secure in terms of Bell-LaPadula. ( ) 13 / 18
  14. 14. Security labels storing ( ) 14 / 18
  15. 15. Security labels processing ( ) 15 / 18
  16. 16. Mandatory access control scheme ( ) 16 / 18
  17. 17. Results 1) The implementation methods of violating MLS policy information flows in DBMS MySQL were identified 2) The mathematical DP-model of mandatory access control policy of DBMS MySQL was developed 3) The adaptation of developed model to access control mechanisms of DBMS MySQL was performed 4) The mandatory access control mechanism of DBMS MySQL was implemented as reference monitor on database kernel level ( ) 17 / 18
  18. 18. Thank you for your attention!!! Denis Kolegov, d.n.kolegov@gmail.com Nikolay Tkachenko, n.o.tkachenko@gmail.com Dmitry Chernov, dm.vl.chernov@gmail.com ( ) 18 / 18

×