SlideShare a Scribd company logo

Label based Mandatory Access Control on PostgreSQL

Kohei KaiGai
Kohei KaiGai

slides on PGcon2011

BusinessTechnology
1 of 29
Download to read offline
Label based Mandatory Access Control on PostgreSQL NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <kohei.kaigai@eu.nec.com>
SE-PostgreSQL got merged in v9.1 NEW! NEW! contrib/sepgsql contrib/sepgsql Page 2 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
History of development ▐ Sep-2006 Launch development of SE-PostgreSQL based on v8.2.x ▐ Apr-2007 First post to pgsql-hackers, after 2 weeks of feature freeze ▐ Mar-2007 SELinux Symposium 2007 ▐ Nov-2007 METI Japan gave an award due to SE-PostgreSQL ▐ May-2008 PGcon2008 – SE-PostgreSQL ▐ Jul-2008 Development Cycle for v8.4 Too large to review ▐ Jul-2009 Development Cycle for v9.0 Steps to consensus up to the current design ▐ May-2010 PostgreSQL Developer Summit ▐ Sep-2010 SECURITY LABEL statement got merged ▐ Jan-2011 contrib/sepgsql got merged ▐ May-2011 PGcon2011 – Label based MAC on PostgreSQL ▐ Jun-2011 1st Commit Fest of v9.2 development cycle Page 3 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 4 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Characteristics of MAC DAC (discretionary access control) : Owner decide access control rules read determine access read? control rules rwx rwx create rwx rwx Data Data MAC (mandatory access control) : A centralized security policy decides access control rules read read? confidential confidential confidential create confidential Data Data security security policy server determine access control rules Page 5 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Data Flow Control confidential unconfidential file with file with read write read write file with file with conffidential conffidential unconfidential unconfidential access control ▐ Keep confidential data in confidential domain No Read-Up No Write-Down (Only same level) Restriction to malicious internals ▐ Background TCSEC (Orange book; 1983) ISO/IEC15408 (CC: Common Criteria) Page 6 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Reference Monitor Concept Reference Query & Monitor Decision making Data Object Request Access Allowed Control User Denied Error Information Information Asset Asset Object Manager ▐ A module that suggests its access control decision ▐ Three characteristics Always invoked Tamperproof Small enough ▐ SELinux performs as reference monitor in Linux kernel Page 7 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Analogy in Linux and PostgreSQL system Filesystem LSM call permission Filesystem Security Security DAC MAC Server Policy SELinux SQL Database sepgsql ACL PostgreSQL SELinux SE-PostgreSQL Object manager Filesystem PostgreSQL Objects being referenced file, directory, device file, ... Schema, Table, Function, ... Way to request accesses System call SQL DAC Filesystem permission Database ACL MAC LSM & SELinux sepgsql & SELinux Page 8 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Decision making of SELinux (1/2) ▐ Access control logic like a function •• Filesystem Permission Filesystem Permission •• Database ACL Database ACL •• SELinux SELinux •• others…? others…? Subject Allowed Access Control Object Logic Denied Action Decision Decision Input Output read, write, read, write, select, … select, … •• Owner ID Owner ID •• Permission Bits Permission Bits •• User/Group ID User/Group ID •• ACL ACL •• Superuser Priv Superuser Priv •• Security Label Security Label •• Security Label Security Label Page 9 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Decision making of SELinux (2/2) ▐ The way to identify Subject/Object Path name? Owner ID? Security Label ▐ Security Label as a universal way for identification Example) system_u:system_r:postgresql_t:s0 system_u:object_r:sepgsql_ro_table_t:s0 ▐ Example of security policy allow staff_t sepgsql_ro_table_t : db_table { select }; 3rd item of the label being referenced 3rd item of the label being referencing Permission set being allowed SELinux uses white-list criteria. SELinux community provides general set of rules in default. Page 10 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
OT: source code of the default security policy Part of the “policy/modules/services/postgresql.te” at the default security policy policy_module(postgresql, 1.12.1) : type sepgsql_schema_t; postgresql_schema_object(sepgsql_schema_t) : type sepgsql_table_t; postgresql_table_object(sepgsql_table_t) : allow sepgsql_admin_type sepgsql_schema_type: db_schema { create drop getattr setattr relabelfrom relabelto search add_name remove_name }; allow sepgsql_client_type sepgsql_schema_t:db_schema { getattr search }; : allow sepgsql_admin_type sepgsql_table_type: db_table { create drop getattr setattr relabelfrom relabelto lock }; allow sepgsql_admin_type sepgsql_table_type: db_column { create drop getattr setattr relabelfrom relabelto }; : allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock }; allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert }; Page 11 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
System-wide consistency in Access control Human user a centralized security server Human user Security Policy SELinux Login Access control Login bash bash vi Filesystem vi Networks psql psql classified unclassified information information X-window PostgreSQL domain of inter process domain of classified processes communication channels unclassified processes Page 12 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 13 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Features needed to support Label based MAC ▐ Security Label mechanism to associate a short text with a particular database object something like xattr in filesystem cases ▐ Security Hook mechanism to acquire control on strategic points of the code something like LSM in Linux kernel cases ▐ Intermediation with SELinux mechanism to deliver a pair of security labels into SELinux in kernel, and prevents violated accesses according to its decision Page 14 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.1 New Features (1/3) – SECURITY LABEL SECURITY LABEL ON TABLE my_example FOR ‘selinux’ IS ‘system_u:object_r:sepgsql_ro_table_t:s0’; pg_seclabel system catalog classid objid subid provider label 2345 16384 0 ‘selinux’ ‘system_u:object_r:sepgsql_ro_table_t:s0’ Security Label Provider validation validation (module) check check ▐ Overview It enables to assign a text identifier of database objects. It allows security modules to reference security label of a particular object. ▐ Limitations Shared database objects are not supported, right now. Tuples in user-defined tables are not supported, right now. Page 15 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
OT: Labeled Networking staff_u:staff_r:staff_t:s0 getpeercon(3) getpeercon(3) SE-PgSQL IKE IKE Daemon Daemon user process Labeled IPsec connection PostgreSQL Authentication Hook ▐ Labeled Networking SELinux provides getpeercon(3) to get security label of the peer process. Kernel & IKE daemon were enhanced to exchange security labels. • supported on kernel-2.6.18 or later, ipsec-tools 0.72 or later ▐ Usecase in SE-PostgreSQL It obtains security label of the peer process on the authentication hook. Peer security label is applied to subject’s label on access control decision. Page 16 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.1 New Features (2/3) – Object Access Hooks DefineRelation() { 3rd Party modules : CREATE TABLE heap_create_with_catalog() sepgsql.so sepgsql.so sepgsql.so : •• compute a default to check permission to (*object_access_hook) • check permission securitya new table create label, and (OAT_POST_CREATE, ...); assign it a new table of create on the new •• assign security label of : table. security label assign the new table } the new table ▐ Overview It enables 3rd party modules to acquire control on strategic points of the code. E.g) Just after creation of the object for default labeling. The object_access_hook informs event type and object identifiers. ▐ Limitations Only OAT_POST_CREATE event type is supported, right now. May need OAT_CREATE, OAT_ALTER, ... Only object identifiers are informed via this hook, right now. Page 17 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.1 New Features (3/3) – contrib/sepgsql Client auth hook • Event Type • Object IDs Subject security label Query Hook invocation Required access policy Object security label Answer pg_seclabel contrib/sepgsql SELinux ▐ Overview It performs as intermediation between PostgreSQL and SELinux • PostgreSQL ... user Id, object Id, • SELinux ... security label, object class and permission ▐ Limitations only DML permissions are checked, right now default security labels on schemas, tables, columns and procedures Page 18 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 19 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Limitation in v9.1, and Challenges to v9.2 ▐ Frequent system-call invocations Add access control decision cache ▐ No security label on shared obejct Add pg_shseclabel catalog, and extend SECURITY LABEL ▐ No DDL Permission checks Extend object_access_hook to take arguments Put object_access_hook around existing DDL checks ▐ Row-level access control Fix leaky VIEWs problem Extend security label on user-defined tables Page 20 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.2 challenges (1/3) – Userspace access vector cache PostgreSQL contrib/sepgsql.so read-only mmap(2) read-only mmap(2) Status Page userspace # of loaded access vector invoke cache security (uavc) policy hooks access control SELinux logic (Linux kernel) ▐ Overview uavc keeps access control decision recently used; that allows to reduce number of system call invocations. ▐ Challenges Cache invalidation on security policy reloaded on kernel-side Linux 2.6.38 already support selinux status page. Page 21 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.2 challenges (2/3) – DDL Permissions postgres=# ALTER TABLE drink OWNER TO ymj; LOG: SELinux: denied { setattr } ¥ scontext=unconfined_u:unconfined_r:unconfined_t:s0 ¥ tcontext=system_u:object_r:sepgsql_table_t:s0:c0 ¥ tclass=db_table name=drink ERROR: SELinux: security policy violation ▐ Overview It allows to check permissions on DDL commands also. ▐ Challenges Larger number of strategic points than DML support object_access_hook with additional arguments Page 22 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
v9.2 challenges (3/3) – Row-level security postgres=# SELECT security_label, * FROM drink; security_label | id | name | price -----------------------------------------+----+-------+------- system_u:object_r:sepgsql_table_t:s0 | 1 | coke | 150 system_u:object_r:sepgsql_table_t:s0 | 2 | fanta | 130 system_u:object_r:sepgsql_table_t:s0:c0 | 3 | beer | 200 system_u:object_r:sepgsql_table_t:s0:c1 | 4 | sake | 240 system_u:object_r:sepgsql_table_t:s0:c2 | 5 | juice | 180 (5 rows) ▐ Overview Filter out rows based on security policy and labels of individual tuples ▐ Challenges Fix the problem known as Leaky-VIEWs Security label support for user-defined tables Query rewriter to append security-policy function Interaction with system catalog Page 23 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Future Vision (1/2) – Role based access control Only DDL, Only DDL, DML not allowed DML not allowed SQL with SQL with confined privileges Database confined privileges Administrator Execute Execute internet Backup SE-PostgreSQL System Log pg_dump/pg_restore Administrator customer Log File Page 24 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Future Vision (2/2) – Secure multi-tenancy Filesystem Shared Database Resource Filesystem Filesystem Filesystem Database Database Database http://www.blue.com/ http://www.red.com/ http://www.green.com/ blue red green SELinux performs as a logical-wall between security domains. Page 25 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Summary ▐ Overview of MAC Data flow control and Reference monitor concept SE-PostgreSQL enables to deploy RDBMS within DFC scheme. ▐ Features in v9.1 SECURITY LABEL Object access hooks contrib/sepgsql ▐ Challenges to v9.2 Userspace access vector cache DDL Permissions Row-level access control Page 26 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
Any Questions?
Thank you!
Label based Mandatory Access Control on PostgreSQL

Recommended

Security Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlSecurity Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlKohei KaiGai
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLMasahiko Sawada
 
20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_APIKohei KaiGai
 
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PGConf APAC
 
Couchbase 101
Couchbase 101 Couchbase 101
Couchbase 101 Dipti Borkar
 
PostgreSQL major version upgrade using built in Logical Replication
PostgreSQL major version upgrade using built in Logical ReplicationPostgreSQL major version upgrade using built in Logical Replication
PostgreSQL major version upgrade using built in Logical ReplicationAtsushi Torikoshi
 
PostgreSQL安定運用のコツ2009 @hbstudy#5
PostgreSQL安定運用のコツ2009 @hbstudy#5PostgreSQL安定運用のコツ2009 @hbstudy#5
PostgreSQL安定運用のコツ2009 @hbstudy#5Uptime Technologies LLC (JP)
 
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...EDB
 

Recommended

Security Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlSecurity Enhanced PostgreSQL - System-wide consistency in access control
Security Enhanced PostgreSQL - System-wide consistency in access controlKohei KaiGai
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLMasahiko Sawada
 
20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_API20221111_JPUG_CustomScan_API
20221111_JPUG_CustomScan_APIKohei KaiGai
 
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PGConf APAC
 
Couchbase 101
Couchbase 101 Couchbase 101
Couchbase 101 Dipti Borkar
 
PostgreSQL major version upgrade using built in Logical Replication
PostgreSQL major version upgrade using built in Logical ReplicationPostgreSQL major version upgrade using built in Logical Replication
PostgreSQL major version upgrade using built in Logical ReplicationAtsushi Torikoshi
 
PostgreSQL安定運用のコツ2009 @hbstudy#5
PostgreSQL安定運用のコツ2009 @hbstudy#5PostgreSQL安定運用のコツ2009 @hbstudy#5
PostgreSQL安定運用のコツ2009 @hbstudy#5Uptime Technologies LLC (JP)
 
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...EDB
 
Curso de MySQL 5.7
Curso de MySQL 5.7Curso de MySQL 5.7
Curso de MySQL 5.7Eduardo Legatti
 
PostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSPostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSNoriyoshi Shinoda
 
Oracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートOracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートオラクルエンジニア通信
 
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재[pgday.Seoul 2022] PostgreSQL구조 - 윤성재
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재PgDay.Seoul
 
PostgreSQL Performance Tuning
PostgreSQL Performance TuningPostgreSQL Performance Tuning
PostgreSQL Performance Tuningelliando dias
 
Azure上の データベース 機能の選び方。KVSからDWHまで
Azure上の データベース 機能の選び方。KVSからDWHまでAzure上の データベース 機能の選び方。KVSからDWHまで
Azure上の データベース 機能の選び方。KVSからDWHまでDaisuke Masubuchi
 
MHA for MySQLとDeNAのオープンソースの話
MHA for MySQLとDeNAのオープンソースの話MHA for MySQLとDeNAのオープンソースの話
MHA for MySQLとDeNAのオープンソースの話Yoshinori Matsunobu
 
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...NTT DATA Technology & Innovation
 
外部データラッパによる PostgreSQL の拡張
外部データラッパによる PostgreSQL の拡張外部データラッパによる PostgreSQL の拡張
外部データラッパによる PostgreSQL の拡張Shigeru Hanada
 
Mvcc in postgreSQL 권건우
Mvcc in postgreSQL 권건우Mvcc in postgreSQL 권건우
Mvcc in postgreSQL 권건우PgDay.Seoul
 
Azure databases for PostgreSQL, MySQL and MariaDB
Azure databases for PostgreSQL, MySQL and MariaDB Azure databases for PostgreSQL, MySQL and MariaDB
Azure databases for PostgreSQL, MySQL and MariaDB rockplace
 
SQL Server 入門
SQL Server 入門SQL Server 入門
SQL Server 入門Tsuyoshi Kitagawa
 
A Comparison of EDB Postgres to Self-Supported PostgreSQL
A Comparison of EDB Postgres to Self-Supported PostgreSQLA Comparison of EDB Postgres to Self-Supported PostgreSQL
A Comparison of EDB Postgres to Self-Supported PostgreSQLEDB
 
Productizing Structured Streaming Jobs
Productizing Structured Streaming JobsProductizing Structured Streaming Jobs
Productizing Structured Streaming JobsDatabricks
 
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]日本マイクロソフト株式会社
 
アイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれからアイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれからTatsuo Kudo
 
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksQuery Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksJaime Crespo
 
まずやっとくPostgreSQLチューニング
まずやっとくPostgreSQLチューニングまずやっとくPostgreSQLチューニング
まずやっとくPostgreSQLチューニングKosuke Kida
 
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...MinhLeNguyenAnh2
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 
Date security security principles
Date security security principlesDate security security principles
Date security security principlesLeo Mark Villar
 
Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSJames Morris
 

More Related Content

What's hot

PostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSPostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSNoriyoshi Shinoda
 
Oracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートOracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートオラクルエンジニア通信
 
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재[pgday.Seoul 2022] PostgreSQL구조 - 윤성재
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재PgDay.Seoul
 
PostgreSQL Performance Tuning
PostgreSQL Performance TuningPostgreSQL Performance Tuning
PostgreSQL Performance Tuningelliando dias
 
Azure上の データベース 機能の選び方。KVSからDWHまで
Azure上の データベース 機能の選び方。KVSからDWHまでAzure上の データベース 機能の選び方。KVSからDWHまで
Azure上の データベース 機能の選び方。KVSからDWHまでDaisuke Masubuchi
 
MHA for MySQLとDeNAのオープンソースの話
MHA for MySQLとDeNAのオープンソースの話MHA for MySQLとDeNAのオープンソースの話
MHA for MySQLとDeNAのオープンソースの話Yoshinori Matsunobu
 
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...NTT DATA Technology & Innovation
 
外部データラッパによる PostgreSQL の拡張
外部データラッパによる PostgreSQL の拡張外部データラッパによる PostgreSQL の拡張
外部データラッパによる PostgreSQL の拡張Shigeru Hanada
 
Mvcc in postgreSQL 권건우
Mvcc in postgreSQL 권건우Mvcc in postgreSQL 권건우
Mvcc in postgreSQL 권건우PgDay.Seoul
 
Azure databases for PostgreSQL, MySQL and MariaDB
Azure databases for PostgreSQL, MySQL and MariaDB Azure databases for PostgreSQL, MySQL and MariaDB
Azure databases for PostgreSQL, MySQL and MariaDB rockplace
 
A Comparison of EDB Postgres to Self-Supported PostgreSQL
A Comparison of EDB Postgres to Self-Supported PostgreSQLA Comparison of EDB Postgres to Self-Supported PostgreSQL
A Comparison of EDB Postgres to Self-Supported PostgreSQLEDB
 
Productizing Structured Streaming Jobs
Productizing Structured Streaming JobsProductizing Structured Streaming Jobs
Productizing Structured Streaming JobsDatabricks
 
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]日本マイクロソフト株式会社
 
アイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれからアイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれからTatsuo Kudo
 
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksQuery Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksJaime Crespo
 
まずやっとくPostgreSQLチューニング
まずやっとくPostgreSQLチューニングまずやっとくPostgreSQLチューニング
まずやっとくPostgreSQLチューニングKosuke Kida
 
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...MinhLeNguyenAnh2
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 

What's hot (20)

Curso de MySQL 5.7
Curso de MySQL 5.7Curso de MySQL 5.7
Curso de MySQL 5.7
 
PostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVSPostgreSQL Unconference #29 Unicode IVS
PostgreSQL Unconference #29 Unicode IVS
 
Oracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデートOracle Cloud Infrastructure:2022年9月度サービス・アップデート
Oracle Cloud Infrastructure:2022年9月度サービス・アップデート
 
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재[pgday.Seoul 2022] PostgreSQL구조 - 윤성재
[pgday.Seoul 2022] PostgreSQL구조 - 윤성재
 
PostgreSQL Performance Tuning
PostgreSQL Performance TuningPostgreSQL Performance Tuning
PostgreSQL Performance Tuning
 
Azure上の データベース 機能の選び方。KVSからDWHまで
Azure上の データベース 機能の選び方。KVSからDWHまでAzure上の データベース 機能の選び方。KVSからDWHまで
Azure上の データベース 機能の選び方。KVSからDWHまで
 
MHA for MySQLとDeNAのオープンソースの話
MHA for MySQLとDeNAのオープンソースの話MHA for MySQLとDeNAのオープンソースの話
MHA for MySQLとDeNAのオープンソースの話
 
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...
トランザクション処理可能な分散DB 「YugabyteDB」入門(Open Source Conference 2022 Online/Fukuoka 発...
 
外部データラッパによる PostgreSQL の拡張
外部データラッパによる PostgreSQL の拡張外部データラッパによる PostgreSQL の拡張
外部データラッパによる PostgreSQL の拡張
 
Mvcc in postgreSQL 권건우
Mvcc in postgreSQL 권건우Mvcc in postgreSQL 권건우
Mvcc in postgreSQL 권건우
 
Azure databases for PostgreSQL, MySQL and MariaDB
Azure databases for PostgreSQL, MySQL and MariaDB Azure databases for PostgreSQL, MySQL and MariaDB
Azure databases for PostgreSQL, MySQL and MariaDB
 
SQL Server 入門
SQL Server 入門SQL Server 入門
SQL Server 入門
 
A Comparison of EDB Postgres to Self-Supported PostgreSQL
A Comparison of EDB Postgres to Self-Supported PostgreSQLA Comparison of EDB Postgres to Self-Supported PostgreSQL
A Comparison of EDB Postgres to Self-Supported PostgreSQL
 
Productizing Structured Streaming Jobs
Productizing Structured Streaming JobsProductizing Structured Streaming Jobs
Productizing Structured Streaming Jobs
 
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]
M20_Azure SQL Database 最新アップデートをまとめてキャッチアップ [Microsoft Japan Digital Days]
 
アイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれからアイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれから
 
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksQuery Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
 
まずやっとくPostgreSQLチューニング
まずやっとくPostgreSQLチューニングまずやっとくPostgreSQLチューニング
まずやっとくPostgreSQLチューニング
 
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...
PostgreSQL_ Up and Running_ A Practical Guide to the Advanced Open Source Dat...
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
 

Viewers also liked

Date security security principles
Date security security principlesDate security security principles
Date security security principlesLeo Mark Villar
 
Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSJames Morris
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxFFRI, Inc.
 
[INFOREVER] 시큐리티 프레임웍 #6
[INFOREVER] 시큐리티 프레임웍 #6 [INFOREVER] 시큐리티 프레임웍 #6
[INFOREVER] 시큐리티 프레임웍 #6 skccsocial
 
Open splice dds security
Open splice dds securityOpen splice dds security
Open splice dds securityRamzi Karoui
 
Multi-tenancy with Rails
Multi-tenancy with RailsMulti-tenancy with Rails
Multi-tenancy with RailsPaul Gallagher
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureSabrina Kirrane
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Sim Janghoon
 
120515 security framework2.20
120515 security framework2.20120515 security framework2.20
120515 security framework2.20skccsocial
 
Best Practices for Becoming an Exceptional Postgres DBA
Best Practices for Becoming an Exceptional Postgres DBA Best Practices for Becoming an Exceptional Postgres DBA
Best Practices for Becoming an Exceptional Postgres DBA EDB
 
Sua 정보보호관리체계 최종_강의교안
Sua 정보보호관리체계 최종_강의교안Sua 정보보호관리체계 최종_강의교안
Sua 정보보호관리체계 최종_강의교안Lee Chanwoo
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
OpenSplice Security Module
OpenSplice Security ModuleOpenSplice Security Module
OpenSplice Security ModuleAngelo Corsaro
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Winbmbouter
 

Viewers also liked (16)

Date security security principles
Date security security principlesDate security security principles
Date security security principles
 
Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFS
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinux
 
[INFOREVER] 시큐리티 프레임웍 #6
[INFOREVER] 시큐리티 프레임웍 #6 [INFOREVER] 시큐리티 프레임웍 #6
[INFOREVER] 시큐리티 프레임웍 #6
 
Open splice dds security
Open splice dds securityOpen splice dds security
Open splice dds security
 
Week3 lecture
Week3 lectureWeek3 lecture
Week3 lecture
 
Multi tenancy with PostgreSQL
Multi tenancy with PostgreSQLMulti tenancy with PostgreSQL
Multi tenancy with PostgreSQL
 
Multi-tenancy with Rails
Multi-tenancy with RailsMulti-tenancy with Rails
Multi-tenancy with Rails
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and Future
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
 
120515 security framework2.20
120515 security framework2.20120515 security framework2.20
120515 security framework2.20
 
Best Practices for Becoming an Exceptional Postgres DBA
Best Practices for Becoming an Exceptional Postgres DBA Best Practices for Becoming an Exceptional Postgres DBA
Best Practices for Becoming an Exceptional Postgres DBA
 
Sua 정보보호관리체계 최종_강의교안
Sua 정보보호관리체계 최종_강의교안Sua 정보보호관리체계 최종_강의교안
Sua 정보보호관리체계 최종_강의교안
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
OpenSplice Security Module
OpenSplice Security ModuleOpenSplice Security Module
OpenSplice Security Module
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Win
 

Similar to Label based Mandatory Access Control on PostgreSQL

The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlKohei KaiGai
 
LAPP/SELinux - A secure web application stack using SE-PostgreSQL
LAPP/SELinux - A secure web application stack using SE-PostgreSQLLAPP/SELinux - A secure web application stack using SE-PostgreSQL
LAPP/SELinux - A secure web application stack using SE-PostgreSQLKohei KaiGai
 
SE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlSE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlKohei KaiGai
 
Getting Memcached Secure
Getting Memcached SecureGetting Memcached Secure
Getting Memcached SecureKohei KaiGai
 
LAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxLAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxKohei KaiGai
 
Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2Naba Barkakati
 
Windows server 2012 security Webinar
Windows server 2012 security WebinarWindows server 2012 security Webinar
Windows server 2012 security WebinarThe eCore Group
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerSANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerOracleIDM
 
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...IBM Danmark
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortEduardo Castro
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortEduardo Castro
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010Andris Soroka
 
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios
 
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...RUDDER
 
Rudder - Configuration management benefits for everyone (FOSDEM 2012)
Rudder - Configuration management benefits for everyone (FOSDEM 2012)Rudder - Configuration management benefits for everyone (FOSDEM 2012)
Rudder - Configuration management benefits for everyone (FOSDEM 2012)RUDDER
 
What’s new in windows server 2012
What’s new in windows server 2012What’s new in windows server 2012
What’s new in windows server 2012Alex de Jong
 
Centralizing sequence analysis
Centralizing sequence analysisCentralizing sequence analysis
Centralizing sequence analysisDenis C. Bauer
 

Similar to Label based Mandatory Access Control on PostgreSQL (20)

The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
 
LAPP/SELinux - A secure web application stack using SE-PostgreSQL
LAPP/SELinux - A secure web application stack using SE-PostgreSQLLAPP/SELinux - A secure web application stack using SE-PostgreSQL
LAPP/SELinux - A secure web application stack using SE-PostgreSQL
 
SE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access controlSE-PostgreSQL - System wide consistency of access control
SE-PostgreSQL - System wide consistency of access control
 
Getting Memcached Secure
Getting Memcached SecureGetting Memcached Secure
Getting Memcached Secure
 
LAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinuxLAPP/SELinux - A secure web application stack powered by SELinux
LAPP/SELinux - A secure web application stack powered by SELinux
 
Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
 
Windows server 2012 security Webinar
Windows server 2012 security WebinarWindows server 2012 security Webinar
Windows server 2012 security Webinar
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerSANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
 
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010
 
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - Merlin
 
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conf...
 
Rudder - Configuration management benefits for everyone (FOSDEM 2012)
Rudder - Configuration management benefits for everyone (FOSDEM 2012)Rudder - Configuration management benefits for everyone (FOSDEM 2012)
Rudder - Configuration management benefits for everyone (FOSDEM 2012)
 
Datasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneDatasheet stonegate fw-allinone
Datasheet stonegate fw-allinone
 
What’s new in windows server 2012
What’s new in windows server 2012What’s new in windows server 2012
What’s new in windows server 2012
 
Centralizing sequence analysis
Centralizing sequence analysisCentralizing sequence analysis
Centralizing sequence analysis
 

More from Kohei KaiGai

20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_HistoryKohei KaiGai
 
20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrowKohei KaiGai
 
20210928_pgunconf_hll_count
20210928_pgunconf_hll_count20210928_pgunconf_hll_count
20210928_pgunconf_hll_countKohei KaiGai
 
20210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.020210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.0Kohei KaiGai
 
20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCacheKohei KaiGai
 
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_IndexKohei KaiGai
 
20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGISKohei KaiGai
 
20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGISKohei KaiGai
 
20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_ProcessingKohei KaiGai
 
20200828_OSCKyoto_Online
20200828_OSCKyoto_Online20200828_OSCKyoto_Online
20200828_OSCKyoto_OnlineKohei KaiGai
 
20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdwKohei KaiGai
 
20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_FdwKohei KaiGai
 
20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_TokyoKohei KaiGai
 
20191115-PGconf.Japan
20191115-PGconf.Japan20191115-PGconf.Japan
20191115-PGconf.JapanKohei KaiGai
 
20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_BetaKohei KaiGai
 
20190925_DBTS_PGStrom
20190925_DBTS_PGStrom20190925_DBTS_PGStrom
20190925_DBTS_PGStromKohei KaiGai
 
20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGaiKohei KaiGai
 
20190516_DLC10_PGStrom
20190516_DLC10_PGStrom20190516_DLC10_PGStrom
20190516_DLC10_PGStromKohei KaiGai
 
20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdwKohei KaiGai
 
20190314 PGStrom Arrow_Fdw
20190314 PGStrom Arrow_Fdw20190314 PGStrom Arrow_Fdw
20190314 PGStrom Arrow_FdwKohei KaiGai
 

More from Kohei KaiGai (20)

20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History20221116_DBTS_PGStrom_History
20221116_DBTS_PGStrom_History
 
20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow20211112_jpugcon_gpu_and_arrow
20211112_jpugcon_gpu_and_arrow
 
20210928_pgunconf_hll_count
20210928_pgunconf_hll_count20210928_pgunconf_hll_count
20210928_pgunconf_hll_count
 
20210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.020210731_OSC_Kyoto_PGStrom3.0
20210731_OSC_Kyoto_PGStrom3.0
 
20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache20210511_PGStrom_GpuCache
20210511_PGStrom_GpuCache
 
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index20210301_PGconf_Online_GPU_PostGIS_GiST_Index
20210301_PGconf_Online_GPU_PostGIS_GiST_Index
 
20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS20201128_OSC_Fukuoka_Online_GPUPostGIS
20201128_OSC_Fukuoka_Online_GPUPostGIS
 
20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS20201113_PGconf_Japan_GPU_PostGIS
20201113_PGconf_Japan_GPU_PostGIS
 
20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing20201006_PGconf_Online_Large_Data_Processing
20201006_PGconf_Online_Large_Data_Processing
 
20200828_OSCKyoto_Online
20200828_OSCKyoto_Online20200828_OSCKyoto_Online
20200828_OSCKyoto_Online
 
20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw20200806_PGStrom_PostGIS_GstoreFdw
20200806_PGStrom_PostGIS_GstoreFdw
 
20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw20200424_Writable_Arrow_Fdw
20200424_Writable_Arrow_Fdw
 
20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo20191211_Apache_Arrow_Meetup_Tokyo
20191211_Apache_Arrow_Meetup_Tokyo
 
20191115-PGconf.Japan
20191115-PGconf.Japan20191115-PGconf.Japan
20191115-PGconf.Japan
 
20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta20190926_Try_RHEL8_NVMEoF_Beta
20190926_Try_RHEL8_NVMEoF_Beta
 
20190925_DBTS_PGStrom
20190925_DBTS_PGStrom20190925_DBTS_PGStrom
20190925_DBTS_PGStrom
 
20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai20190909_PGconf.ASIA_KaiGai
20190909_PGconf.ASIA_KaiGai
 
20190516_DLC10_PGStrom
20190516_DLC10_PGStrom20190516_DLC10_PGStrom
20190516_DLC10_PGStrom
 
20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw20190418_PGStrom_on_ArrowFdw
20190418_PGStrom_on_ArrowFdw
 
20190314 PGStrom Arrow_Fdw
20190314 PGStrom Arrow_Fdw20190314 PGStrom Arrow_Fdw
20190314 PGStrom Arrow_Fdw
 

Recently uploaded

Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 

Recently uploaded (20)

Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 

Label based Mandatory Access Control on PostgreSQL

  • 1. Label based Mandatory Access Control on PostgreSQL NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <kohei.kaigai@eu.nec.com>
  • 2. SE-PostgreSQL got merged in v9.1 NEW! NEW! contrib/sepgsql contrib/sepgsql Page 2 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 3. History of development ▐ Sep-2006 Launch development of SE-PostgreSQL based on v8.2.x ▐ Apr-2007 First post to pgsql-hackers, after 2 weeks of feature freeze ▐ Mar-2007 SELinux Symposium 2007 ▐ Nov-2007 METI Japan gave an award due to SE-PostgreSQL ▐ May-2008 PGcon2008 – SE-PostgreSQL ▐ Jul-2008 Development Cycle for v8.4 Too large to review ▐ Jul-2009 Development Cycle for v9.0 Steps to consensus up to the current design ▐ May-2010 PostgreSQL Developer Summit ▐ Sep-2010 SECURITY LABEL statement got merged ▐ Jan-2011 contrib/sepgsql got merged ▐ May-2011 PGcon2011 – Label based MAC on PostgreSQL ▐ Jun-2011 1st Commit Fest of v9.2 development cycle Page 3 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 4. Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 4 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 5. Characteristics of MAC DAC (discretionary access control) : Owner decide access control rules read determine access read? control rules rwx rwx create rwx rwx Data Data MAC (mandatory access control) : A centralized security policy decides access control rules read read? confidential confidential confidential create confidential Data Data security security policy server determine access control rules Page 5 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 6. Data Flow Control confidential unconfidential file with file with read write read write file with file with conffidential conffidential unconfidential unconfidential access control ▐ Keep confidential data in confidential domain No Read-Up No Write-Down (Only same level) Restriction to malicious internals ▐ Background TCSEC (Orange book; 1983) ISO/IEC15408 (CC: Common Criteria) Page 6 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 7. Reference Monitor Concept Reference Query & Monitor Decision making Data Object Request Access Allowed Control User Denied Error Information Information Asset Asset Object Manager ▐ A module that suggests its access control decision ▐ Three characteristics Always invoked Tamperproof Small enough ▐ SELinux performs as reference monitor in Linux kernel Page 7 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 8. Analogy in Linux and PostgreSQL system Filesystem LSM call permission Filesystem Security Security DAC MAC Server Policy SELinux SQL Database sepgsql ACL PostgreSQL SELinux SE-PostgreSQL Object manager Filesystem PostgreSQL Objects being referenced file, directory, device file, ... Schema, Table, Function, ... Way to request accesses System call SQL DAC Filesystem permission Database ACL MAC LSM & SELinux sepgsql & SELinux Page 8 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 9. Decision making of SELinux (1/2) ▐ Access control logic like a function •• Filesystem Permission Filesystem Permission •• Database ACL Database ACL •• SELinux SELinux •• others…? others…? Subject Allowed Access Control Object Logic Denied Action Decision Decision Input Output read, write, read, write, select, … select, … •• Owner ID Owner ID •• Permission Bits Permission Bits •• User/Group ID User/Group ID •• ACL ACL •• Superuser Priv Superuser Priv •• Security Label Security Label •• Security Label Security Label Page 9 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 10. Decision making of SELinux (2/2) ▐ The way to identify Subject/Object Path name? Owner ID? Security Label ▐ Security Label as a universal way for identification Example) system_u:system_r:postgresql_t:s0 system_u:object_r:sepgsql_ro_table_t:s0 ▐ Example of security policy allow staff_t sepgsql_ro_table_t : db_table { select }; 3rd item of the label being referenced 3rd item of the label being referencing Permission set being allowed SELinux uses white-list criteria. SELinux community provides general set of rules in default. Page 10 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 11. OT: source code of the default security policy Part of the “policy/modules/services/postgresql.te” at the default security policy policy_module(postgresql, 1.12.1) : type sepgsql_schema_t; postgresql_schema_object(sepgsql_schema_t) : type sepgsql_table_t; postgresql_table_object(sepgsql_table_t) : allow sepgsql_admin_type sepgsql_schema_type: db_schema { create drop getattr setattr relabelfrom relabelto search add_name remove_name }; allow sepgsql_client_type sepgsql_schema_t:db_schema { getattr search }; : allow sepgsql_admin_type sepgsql_table_type: db_table { create drop getattr setattr relabelfrom relabelto lock }; allow sepgsql_admin_type sepgsql_table_type: db_column { create drop getattr setattr relabelfrom relabelto }; : allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock }; allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert }; Page 11 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 12. System-wide consistency in Access control Human user a centralized security server Human user Security Policy SELinux Login Access control Login bash bash vi Filesystem vi Networks psql psql classified unclassified information information X-window PostgreSQL domain of inter process domain of classified processes communication channels unclassified processes Page 12 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 13. Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 13 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 14. Features needed to support Label based MAC ▐ Security Label mechanism to associate a short text with a particular database object something like xattr in filesystem cases ▐ Security Hook mechanism to acquire control on strategic points of the code something like LSM in Linux kernel cases ▐ Intermediation with SELinux mechanism to deliver a pair of security labels into SELinux in kernel, and prevents violated accesses according to its decision Page 14 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 15. v9.1 New Features (1/3) – SECURITY LABEL SECURITY LABEL ON TABLE my_example FOR ‘selinux’ IS ‘system_u:object_r:sepgsql_ro_table_t:s0’; pg_seclabel system catalog classid objid subid provider label 2345 16384 0 ‘selinux’ ‘system_u:object_r:sepgsql_ro_table_t:s0’ Security Label Provider validation validation (module) check check ▐ Overview It enables to assign a text identifier of database objects. It allows security modules to reference security label of a particular object. ▐ Limitations Shared database objects are not supported, right now. Tuples in user-defined tables are not supported, right now. Page 15 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 16. OT: Labeled Networking staff_u:staff_r:staff_t:s0 getpeercon(3) getpeercon(3) SE-PgSQL IKE IKE Daemon Daemon user process Labeled IPsec connection PostgreSQL Authentication Hook ▐ Labeled Networking SELinux provides getpeercon(3) to get security label of the peer process. Kernel & IKE daemon were enhanced to exchange security labels. • supported on kernel-2.6.18 or later, ipsec-tools 0.72 or later ▐ Usecase in SE-PostgreSQL It obtains security label of the peer process on the authentication hook. Peer security label is applied to subject’s label on access control decision. Page 16 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 17. v9.1 New Features (2/3) – Object Access Hooks DefineRelation() { 3rd Party modules : CREATE TABLE heap_create_with_catalog() sepgsql.so sepgsql.so sepgsql.so : •• compute a default to check permission to (*object_access_hook) • check permission securitya new table create label, and (OAT_POST_CREATE, ...); assign it a new table of create on the new •• assign security label of : table. security label assign the new table } the new table ▐ Overview It enables 3rd party modules to acquire control on strategic points of the code. E.g) Just after creation of the object for default labeling. The object_access_hook informs event type and object identifiers. ▐ Limitations Only OAT_POST_CREATE event type is supported, right now. May need OAT_CREATE, OAT_ALTER, ... Only object identifiers are informed via this hook, right now. Page 17 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 18. v9.1 New Features (3/3) – contrib/sepgsql Client auth hook • Event Type • Object IDs Subject security label Query Hook invocation Required access policy Object security label Answer pg_seclabel contrib/sepgsql SELinux ▐ Overview It performs as intermediation between PostgreSQL and SELinux • PostgreSQL ... user Id, object Id, • SELinux ... security label, object class and permission ▐ Limitations only DML permissions are checked, right now default security labels on schemas, tables, columns and procedures Page 18 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 19. Today’s Agenda ▐ Overview of label based MAC ▐ New features in v9.1 ▐ Our challenges to v9.2 Page 19 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 20. Limitation in v9.1, and Challenges to v9.2 ▐ Frequent system-call invocations Add access control decision cache ▐ No security label on shared obejct Add pg_shseclabel catalog, and extend SECURITY LABEL ▐ No DDL Permission checks Extend object_access_hook to take arguments Put object_access_hook around existing DDL checks ▐ Row-level access control Fix leaky VIEWs problem Extend security label on user-defined tables Page 20 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 21. v9.2 challenges (1/3) – Userspace access vector cache PostgreSQL contrib/sepgsql.so read-only mmap(2) read-only mmap(2) Status Page userspace # of loaded access vector invoke cache security (uavc) policy hooks access control SELinux logic (Linux kernel) ▐ Overview uavc keeps access control decision recently used; that allows to reduce number of system call invocations. ▐ Challenges Cache invalidation on security policy reloaded on kernel-side Linux 2.6.38 already support selinux status page. Page 21 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 22. v9.2 challenges (2/3) – DDL Permissions postgres=# ALTER TABLE drink OWNER TO ymj; LOG: SELinux: denied { setattr } ¥ scontext=unconfined_u:unconfined_r:unconfined_t:s0 ¥ tcontext=system_u:object_r:sepgsql_table_t:s0:c0 ¥ tclass=db_table name=drink ERROR: SELinux: security policy violation ▐ Overview It allows to check permissions on DDL commands also. ▐ Challenges Larger number of strategic points than DML support object_access_hook with additional arguments Page 22 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 23. v9.2 challenges (3/3) – Row-level security postgres=# SELECT security_label, * FROM drink; security_label | id | name | price -----------------------------------------+----+-------+------- system_u:object_r:sepgsql_table_t:s0 | 1 | coke | 150 system_u:object_r:sepgsql_table_t:s0 | 2 | fanta | 130 system_u:object_r:sepgsql_table_t:s0:c0 | 3 | beer | 200 system_u:object_r:sepgsql_table_t:s0:c1 | 4 | sake | 240 system_u:object_r:sepgsql_table_t:s0:c2 | 5 | juice | 180 (5 rows) ▐ Overview Filter out rows based on security policy and labels of individual tuples ▐ Challenges Fix the problem known as Leaky-VIEWs Security label support for user-defined tables Query rewriter to append security-policy function Interaction with system catalog Page 23 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 24. Future Vision (1/2) – Role based access control Only DDL, Only DDL, DML not allowed DML not allowed SQL with SQL with confined privileges Database confined privileges Administrator Execute Execute internet Backup SE-PostgreSQL System Log pg_dump/pg_restore Administrator customer Log File Page 24 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 25. Future Vision (2/2) – Secure multi-tenancy Filesystem Shared Database Resource Filesystem Filesystem Filesystem Database Database Database http://www.blue.com/ http://www.red.com/ http://www.green.com/ blue red green SELinux performs as a logical-wall between security domains. Page 25 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL
  • 26. Summary ▐ Overview of MAC Data flow control and Reference monitor concept SE-PostgreSQL enables to deploy RDBMS within DFC scheme. ▐ Features in v9.1 SECURITY LABEL Object access hooks contrib/sepgsql ▐ Challenges to v9.2 Userspace access vector cache DDL Permissions Row-level access control Page 26 PGcon2011 - Label Based Mandatory Access Control on PostgreSQL