This document discusses Security-Enhanced PostgreSQL (SE-PostgreSQL), which provides system-wide consistency in access controls for PostgreSQL. The key developer, KaiGai Kohei, has experience with Linux kernel development and PostgreSQL. SE-PostgreSQL applies a single, unified security policy to information assets regardless of how they are stored, using fine-grained mandatory access controls at the tuple and column level. It aims to prevent data leaks and manipulation through consistent, mandatory access controls.
Label based Mandatory Access Control on PostgreSQLKohei KaiGai
The document discusses label based mandatory access control (MAC) implemented in PostgreSQL through the contrib/sepgsql module, highlighting features added in version 9.1 such as the SECURITY LABEL statement and an overview of how MAC works to enforce centralized security policies and control data flow based on security labels rather than discretionary access control. It also provides an agenda for topics to be covered including an overview of MAC, new features in 9.1, and challenges for the 9.2 development cycle.
[Pgday.Seoul 2019] Citus를 이용한 분산 데이터베이스PgDay.Seoul
This document summarizes how to set up and use Citus, an open-source PostgreSQL-based distributed database. It explains how to install Citus, add worker nodes, create distributed tables, and use features like reference tables to perform distributed queries across the cluster.
29回勉強会資料「PostgreSQLのリカバリ超入門」
See also http://www.interdb.jp/pgsql (Coming soon!)
初心者向け。PostgreSQLのWAL、CHECKPOINT、 オンラインバックアップの仕組み解説。
これを見たら、次は→ http://www.slideshare.net/satock/29shikumi-backup
Label based Mandatory Access Control on PostgreSQLKohei KaiGai
The document discusses label based mandatory access control (MAC) implemented in PostgreSQL through the contrib/sepgsql module, highlighting features added in version 9.1 such as the SECURITY LABEL statement and an overview of how MAC works to enforce centralized security policies and control data flow based on security labels rather than discretionary access control. It also provides an agenda for topics to be covered including an overview of MAC, new features in 9.1, and challenges for the 9.2 development cycle.
[Pgday.Seoul 2019] Citus를 이용한 분산 데이터베이스PgDay.Seoul
This document summarizes how to set up and use Citus, an open-source PostgreSQL-based distributed database. It explains how to install Citus, add worker nodes, create distributed tables, and use features like reference tables to perform distributed queries across the cluster.
29回勉強会資料「PostgreSQLのリカバリ超入門」
See also http://www.interdb.jp/pgsql (Coming soon!)
初心者向け。PostgreSQLのWAL、CHECKPOINT、 オンラインバックアップの仕組み解説。
これを見たら、次は→ http://www.slideshare.net/satock/29shikumi-backup
This document provides an overview of advanced operations in NGSI-LD (Next Generation SI-LD), including:
- Specific headers used in NGSI-LD requests
- Supported content types and best practices for JSON-LD payloads
- Examples of temporal queries, geoqueries, and language maps
- Details on pagination, time limiting queries, and supported response formats
The document provides details on installing and configuring PostGIS on Windows. It describes downloading and installing PostgreSQL, PostGIS, and pgAdmin. The OpenGeo Suite is introduced as an alternative to installing components individually. Steps are outlined to add a PostgreSQL server in pgAdmin and begin using the query tool and other pgAdmin features to manage and interact with spatial databases.
The YANG syntax is similar to C and C++ and uses a C-like syntax that was chosen for its readability. This section introduces the YANG syntax. While SMIv1, SMIv2, and SPPI are bound to specific protocols like SNMP and COPS-PR, the purpose of SMIng is to define a common data definition language that can specify data models independently of protocols.
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlKohei KaiGai
The Security-Enhanced PostgreSQL (SE-PostgreSQL) provides system-wide consistency in access controls between the operating system and database management system through a single unified security policy. It implements fine-grained mandatory access controls, including column- and row-level access controls. The goal of SE-PostgreSQL is to allow the database to be part of data flow control schemes and prevent information leakage or manipulation by malicious actors.
LAPP/SELinux - A secure web application stack using SE-PostgreSQLKohei KaiGai
The document discusses a secure web application stack using SELinux and SE-PostgreSQL. It describes how SELinux can act as a conductor to provide system-wide access control consistency. SE-PostgreSQL allows PostgreSQL to make access control decisions based on the centralized SELinux security policy. This ensures least privilege and consistency across application layers compared to traditional stacks that rely on each layer having separate security mechanisms.
This document provides an overview of advanced operations in NGSI-LD (Next Generation SI-LD), including:
- Specific headers used in NGSI-LD requests
- Supported content types and best practices for JSON-LD payloads
- Examples of temporal queries, geoqueries, and language maps
- Details on pagination, time limiting queries, and supported response formats
The document provides details on installing and configuring PostGIS on Windows. It describes downloading and installing PostgreSQL, PostGIS, and pgAdmin. The OpenGeo Suite is introduced as an alternative to installing components individually. Steps are outlined to add a PostgreSQL server in pgAdmin and begin using the query tool and other pgAdmin features to manage and interact with spatial databases.
The YANG syntax is similar to C and C++ and uses a C-like syntax that was chosen for its readability. This section introduces the YANG syntax. While SMIv1, SMIv2, and SPPI are bound to specific protocols like SNMP and COPS-PR, the purpose of SMIng is to define a common data definition language that can specify data models independently of protocols.
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlKohei KaiGai
The Security-Enhanced PostgreSQL (SE-PostgreSQL) provides system-wide consistency in access controls between the operating system and database management system through a single unified security policy. It implements fine-grained mandatory access controls, including column- and row-level access controls. The goal of SE-PostgreSQL is to allow the database to be part of data flow control schemes and prevent information leakage or manipulation by malicious actors.
LAPP/SELinux - A secure web application stack using SE-PostgreSQLKohei KaiGai
The document discusses a secure web application stack using SELinux and SE-PostgreSQL. It describes how SELinux can act as a conductor to provide system-wide access control consistency. SE-PostgreSQL allows PostgreSQL to make access control decisions based on the centralized SELinux security policy. This ensures least privilege and consistency across application layers compared to traditional stacks that rely on each layer having separate security mechanisms.
This document discusses SE-PostgreSQL, which enables controlling access to database objects using SELinux security policies. It aims to provide system-wide consistent access control across filesystems and databases. The architecture hooks into PostgreSQL to allow SELinux plugins to make access control decisions. It introduces a pg_seclabel catalog and SECURITY LABEL statement. A demonstration shows how SE-PostgreSQL works with SELinux policies to enforce access controls on database queries and objects. Future work includes improving security hook coverage and supporting additional PostgreSQL features.
LAPP/SELinux - A secure web application stack powered by SELinuxKohei KaiGai
This document discusses using SELinux to improve security in a typical LAMP (Linux, Apache, PostgreSQL, PHP/Perl) web application stack, called LAPP. It describes how SELinux has been applied to PostgreSQL (SE-PostgreSQL) and Apache (Apache/SELinux Plus) to provide advanced access controls and assign privileges to web applications based on the authenticating user. The goal is to utilize SELinux at each layer of the LAPP stack to provide consistency in access controls and comprehensive security for the entire stack.
SE-PostgreSQL - System wide consistency of access controlKohei KaiGai
KaiGai Kohei from NEC presented on the SE-PostgreSQL project. The project aims to enable controlling access to database objects using a centralized SELinux security policy. It works by adding security hooks to PostgreSQL that allow a SE-PostgreSQL plugin to intercept operations and check them against the SELinux policy. The architecture includes a pg_seclabel system catalog for storing security labels and a new SECURITY LABEL statement for managing them. Future work includes improving security hook coverage and adding features like row-level access control.
This document provides an overview of SELinux including its history and development. It was originally created by the NSA as a way to implement mandatory access controls on Linux systems. Key points discussed include how SELinux implements the Flask architecture and uses security contexts, domains, and a policy language to enforce access controls at a more granular level than traditional Linux permissions. The document also covers SELinux file system labeling and different object classes.
Title: How to analyse your security data with Elastic SIEM.
We define Security Analytics as the highly scalable collection, indexing, and real-time advanced analysis of all kinds of security-related data.
We have introduced Elastic SIEM to provide a curated experience for security analysts and investigators to perform Security Information and Event Management, Thread Detection and Threat Hunting.
In this presentation, we'll show the main technical features of the new solution and we'll make a demo to show how to start with the analysis process.
SELinux provides mandatory access control on Linux systems to confine processes and restrict what they can do. It works by labeling system resources like files, processes, and ports with security contexts. When a process tries to access a resource, SELinux checks if the process's security context is allowed to access the target resource based on the SELinux policy. This provides finer-grained access control than traditional Linux discretionary access control based on users and groups. The security context includes the SELinux user, role, and type (domain) that together determine the process's permissions.
Présentation de la suite ELK dans un contexte SIEM et zoom sur Wazuh (OSSEC) , IDS open source
Venez découvrir comment être proactif face aux problèmes de cyber sécurité en analysant les données fournies par vos équipements et applications critiques.
Security analysis of a privacy preserving decentralized key-policy attribute-...JPINFOTECH JAYAPRAKASH
The document summarizes a research paper that analyzes the security of a decentralized key-policy attribute-based encryption (ABE) scheme proposed by Han et al. The summary states that while Han et al. claimed their ABE scheme achieved better privacy for users and was provably secure, after careful reexamination the scheme was found to be vulnerable to collusion attacks and failed to meet basic security definitions for ABE systems. A new ABE system is proposed that can resist collusion attacks.
Single Sign-On (SSO) allows users to securely store credentials in a centralized database and access services using common authentication protocols. gSSO is an open source SSO framework written in C that provides a secure credential storage system and implements common authentication methods like OAuth, SASL, and HTTP Digest. It allows applications to initiate authentication operations without directly accessing credentials. The gSSO architecture separates components like the credential database, access control plugins, and authentication method plugins to provide a flexible yet secure SSO solution.
This document discusses security architecture and models, including differences between commercial and government security requirements. It covers security evaluation criteria, security practices for the Internet, technical platforms in terms of hardware/software, and system security techniques like preventative, detective and corrective controls. The document also describes the layered approach to security architecture.
Metric for Evaluating Availability of an Information System : A Quantitative ...IJNSA Journal
The purpose of the paper is to present a metric for availability based on the design of the information
system. The availability metric proposed in this paper is twofold, based on the operating program and
network delay metric of the information system (For the local bound component composition the
availability metric is purely based on the software/operating program, for the remote bound component
composition the metric incorporates the delay metric of the network). The aim of the paper is to present a
quantitative availability metric derived from the component composition of an Information System, based
on the dependencies among the individual measurable components of the system. The metric is used for
measuring and evaluating availability of an information system from the security perspective, the
measurements may be done during the design phase or may also be done after the system is fully
functional. The work in the paper provides a platform for further research regarding the quantitative
security metric (based on the components of an information system i.e. user, hardware, operating
program and the network.) for an information system that addresses all the attributes of information and
network security.
The proposed system aims to address users' privacy concerns about data sharing in the cloud by developing a decentralized information accountability framework. The framework leverages JAR capabilities to create dynamic traveling objects that enclose user data, policies, and an automated logging mechanism. Any access to the enclosed data will trigger authentication and logging. Distributed auditing mechanisms are also provided to strengthen user control. The framework was experimentally evaluated and shown to efficiently and effectively track data usage in the cloud in a decentralized manner while minimizing overhead.
Symantec is building a consolidated cloud platform using OpenStack to host its SaaS applications. It is analyzing and improving OpenStack's security posture. Key security concepts for OpenStack's Grizzly release include centralized management, network segmentation, token/PKI authentication, distributed policy management, and auditing/compliance. Areas of focus for securing an OpenStack deployment include message queuing, database security, certificate management, distribution verification, and two-factor authentication.
Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...IJCERT JOURNAL
Cloud computing is one of the emerge technologies in order to outsource huge volume of data inters of storage and sharing. To protect the data and privacy of users the access control methods ensure that authorized users access the data and the system. Fine grained-approach is the appropriate method for data access control in cloud storage. However, CP-ABE schemes to data access control for cloud storage systems are difficult because of the attribute revocation problem. Specifically, in this paper we investigate on revocable multi-authority Fine-grained-Scheme performance.
The document discusses process behavior modelling using Linux Security Modules (LSM). It describes how LSM provides a framework for security modules by inserting hooks at critical points in the kernel. A behavior monitoring module is implemented that checks system calls of a process against an expected profile held by a daemon. If a call does not match, the process is terminated, otherwise it is allowed to continue. Experiments show the module can successfully intercept calls and monitor process behavior with minimal overhead.
The document presents an ontology of a general operating system that could be used as a guideline for security software to create snapshots of operating systems for intrusion detection. It describes the main classes that make up an operating system like SystemObject, Resource, ObjectType, and AdditionalObject. Resources like the CPU, memory, and hardware are described. Additional security objects like ACLs, DACLs, and users are also defined. System objects like files, processes, and threads are outlined. Object types that describe the possible states of system objects are included to make the ontology clear. Individual instances are created to make the ontology practical.
This document provides definitions and terminology related to computer security architecture and models. It defines key terms like access control, authentication, authorization, confidentiality, integrity, and availability. It also summarizes several influential security models like Bell-LaPadula, Biba, Clark-Wilson, and discusses certification and accreditation procedures. The document also briefly outlines the IPSEC standard and some general network and host security concepts.
This document discusses using HyperLogLog (HLL) to estimate cardinality for count(distinct) queries in PostgreSQL.
HLL is an algorithm that uses constant memory to estimate the number of unique elements in a large set. It works by mapping elements to registers in a bitmap and tracking the number of leading zeros in each hash value. The harmonic mean of these counts is used to estimate cardinality.
PG-Strom implements HLL in PostgreSQL to enable fast count(distinct) queries on GPUs. On a table with 60 million rows and 87GB in size, HLL estimated the distinct count within 0.3% accuracy in just 9 seconds, over 40x faster than the regular count(distinct).
PG-Strom is an extension of PostgreSQL that utilizes GPUs and NVMe SSDs to enable terabyte-scale data processing and in-database analytics. It features SSD-to-GPU Direct SQL, which loads data directly from NVMe SSDs to GPUs using RDMA, bypassing CPU and RAM. This improves query performance by reducing I/O traffic over the PCIe bus. PG-Strom also uses Apache Arrow columnar storage format to further boost performance by transferring only referenced columns and enabling vector processing on GPUs. Benchmark results show PG-Strom can process over a billion rows per second on a simple 1U server configuration with an NVIDIA GPU and multiple NVMe SSDs.
This document provides an introduction to HeteroDB, Inc. and its chief architect, KaiGai Kohei. It discusses PG-Strom, an open source PostgreSQL extension developed by HeteroDB for high performance data processing using heterogeneous architectures like GPUs. PG-Strom uses techniques like SSD-to-GPU direct data transfer and a columnar data store to accelerate analytics and reporting workloads on terabyte-scale log data using GPUs and NVMe SSDs. Benchmark results show PG-Strom can process terabyte workloads at throughput nearing the hardware limit of the storage and network infrastructure.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Security Enhanced PostgreSQL - System-wide consistency in access control
1. Security-Enhanced
PostgreSQL
- System-wide consistency in Access Control -
NEC OSS Promotion Center
KaiGai Kohei <kaigai@ak.jp.nec.com>
2. Who is KaiGai ?
Primary developer of SE-PostgreSQL
5 year's experience in Linux kernel development
Especially, SELinux and Security related.
Experience in PostgreSQL
About 8 years as a user :-)
About 2 years for development of SE-PostgreSQL
2 PGcon2008, Ottawa
3. Philosophical Background
Price of Notebook : $8.00
Price of Individual Info: priceless
What do you really want to protect from harms?
Individual info, Corporate secrets, Authentication data,...
called as "Information Asset"
Information Asset has to be stored in something.
Filesystem, Database, Paper, Brain, ...
3 PGcon2008, Ottawa
4. Philosophical Background
Information Asset
What decides the worth of Information Asset?
Contents, not the way to store
How access control mechanism works?
Filesystem: UNIX permission (rwxrwxrwx)
Database: Database ACL (GRANT/REVOKE)
Strongly depends on the way to store them!
We should apply consistent access control rules for same
information assets, independent from the way to store them!
4 PGcon2008, Ottawa
5. Consistency in access control policy
Access control policy depending on the way to store
Information Asset
Secret Data
SystemHigh
Operating System
Database ACL
(Own security policy)
SELinux
Security
Policy Filesystem Network IPC objects Databases
Application
Inter-processes
Inter-processes
communication
communication Unclassified Data
methods
methods SystemLow
5 PGcon2008, Ottawa
6. Consistency in access control policy
A single consistent security policy on whole of the system
Any query, Any object without Any exception
Secret Data
SystemHigh
Operating System
Database ACL
(Own security policy)
SELinux
Security Mandatory
Policy Filesystem Network IPC objects SE-PostgreSQL Access Control
(SELinux security policy)
Application
Inter-processes
Inter-processes
communication
communication Unclassified Data
methods
methods SystemLow
6 PGcon2008, Ottawa
7. The Feature of SE-PostgreSQL
"System-wide" consistency in access controls
A single unified security policy both OS/DBMS
Common security attribute representation
Fine-grained Mandatory Access Controls
Tuple/Column-level access controls
Non-bypassable, even if privileged users
The GOAL of SE-PostgreSQL?
Provision of System-wide Data Flow Controls
Prevention to leak/manipulate by malicious insider
Minimization of damages from SQL injection
7 PGcon2008, Ottawa
9. SE-PostgreSQL System Image
A single unified security policy is applied,
when user tries to read a file via system-calls
when user tries to select a table via SQL-queries
System Operating System
Call
Implementation of
Entry point
Files
Filesystem System Calls
Permission
SELinux
Subsystem Policy
A single unified
A single unified
security policy
security policy
SE-PostgreSQL
SE-PostgreSQL
Sub System Tables
Database
ACL ------ ---- -- -------
Query Execution Engine
*** *** * *****
SQL
+++ ++ + +++
## ### # #####
9 PGcon2008, Ottawa
10. How security policy works? (1/2)
SELinux makes a decision with security policy and context.
Security context
/var/lib/pgsql/*
system_u : object_r : postgresql_db_t : Classified
PostgreSQL
User Role Type/Domain MLS Label Database Files
Any process/resource have its security context.
It enables to show its attribute independent from its class.
Security policy
A set of massive rules to be allowed
Rules are described as relationships between two security
contexts and action.
postgresql_t is allowed to write files with postgresql_log_t.
SystemHigh is allowed to read file with Classified.
10 PGcon2008, Ottawa
11. How security policy works? (2/2)
Common attributes well formalized for various kind of resources.
Object manager has to maintain proper security context of its
managing objects
staff_u:staff_r:staff_t:SystemHigh
staff_u:staff_r:staff_t:SystemHigh
system_u:object_r:var_log_t:Unclassified
system_u:object_r:var_log_t:Unclassified system_u:object_r:sepgsql_table_t:Classified
system_u:object_r:sepgsql_table_t:Classified
shared
/var/log/messages ~/memo.txt memory SE-PostgreSQL
system_u:object_r:user_home_t:Unclassified
system_u:object_r:user_home_t:Unclassified system_u:object_r:postgresql_t:Unclassified
system_u:object_r:postgresql_t:Unclassified
user_u:user_r:user_t:SystemLow
user_u:user_r:user_t:SystemLow
11 PGcon2008, Ottawa
12. 'security_context' system column
postgres=# SELECT security_context, * FROM drink;
security_context | id | name | price | alcohol
------------------------------------------+----+-------+-------+---------
unconfined_u:object_r:sepgsql_table_t:s0 | 1 | water | 100 | f
unconfined_u:object_r:sepgsql_table_t:s0 | 2 | coke | 120 | f
unconfined_u:object_r:sepgsql_table_t:s0 | 3 | juice | 130 | f
system_u:object_r:sepgsql_table_t:s0:c0 | 4 | cofee | 180 | f
system_u:object_r:sepgsql_table_t:s0:c0 | 5 | beer | 240 | t
system_u:object_r:sepgsql_table_t:s0:c0 | 6 | sake | 320 | t
(6 rows)
A new system column of security_context.
It shows security context of each tuples.
In pg_attribute, it shows security context of the column.
ditto, for pg_class, pg_database, pg_class
Default security context of newly inserted tuples
Updating security context via writable system column
12 PGcon2008, Ottawa
13. How clients' authority decided?
Access controls, as if users access files via system calls.
But, queries come through networks.
Labeled Networking Technology
SELinux provides getpeercon() API, that enables to obtain the
security context of peer process.
SE-PostgreSQL applies it as a security context of client
Peer's context is delivered
during key exchanging.
...:SystemMiddle
Labeled IPsec Networks
...:SystemHigh
UNIX domain socket
SE-PostgreSQL IP address Normal TCP/IP
lookup
localhost ...:SystemLow
13 PGcon2008, Ottawa
15. Tuple-level Access Controls
SE-PostgreSQL filters any violated tuples from result set,
as if they are not on the target table.
ditto, on UPDATE and DELETE statement
Checks at tuple insertion for INSERT statement
Example:
Example:
SELECT * FROM employee NATURAL JOIN division;
parser
& optimizer
SeqScan
TABLE: employee
Plan tree
IndexScan
kernel space TABLE: division
Security
SE-PostgreSQL Hooks
Policy
15 PGcon2008, Ottawa
16. Column-Level Access Control
SE-PostgreSQL checks any column appeared in queries.
Abort query execution, if violated usage found.
SELECT c1, sin(c2), exp(c3+ln(c4)) FROM ttWHERE c5 < 100;
SELECT c1, sin(c2), exp(c3+ln(c4)) FROM WHERE c5 < 100;
Query parser
Walking on the node tree.
Query tree
c1 sin exp
targetList
'+' operation
'<' operation c2 float8pl
jointree float8lt c3 ln
c5 100 c4
Abort!
16 PGcon2008, Ottawa
17. Case Study (1/2)
SELECT name, price * 2 FROM drink WHERE id < 40;
db_column:{select} for name and price column
db_column:{use} for id column
{use} permission means "referred but consumed internally"
db_procedure:{execute} for int4mul and int4lt function
db_table:{select use} for drink table
Implementation of operators.
Implementation of operators.
The current transaction will be aborted,
if the client does not have enough permissions.
And
db_tuple:{select use} for each tuples
Any violated tuples are filtered from result set.
17 PGcon2008, Ottawa
18. Case Study (2/2)
UPDATE drink SET size = 500, price = price * 2
WHERE alcohol = true;
db_column:{update} for size column
db_column:{select update} for price column
price column is also read, not only updated.
db_column:{use} for alcohol column
db_procedure:{execute} for booleq and int4mul function
db_table:{select use update} for drink table
The current transaction will be aborted,
if the client does not have enough permissions.
And
db_tuple:{select use update} for each tuples
Any violated tuples are excepted from the target of updating.
18 PGcon2008, Ottawa
22. Performance
700 CPU: Core2Duo E6400, Mem: 1GB, HDD: SATA
CPU: Core2Duo E6400, Mem: 1GB, HDD: SATA
shared_buffer=512m, rest of options are in default.
shared_buffer=512m, rest of options are in default.
600
$$pgbench -c 22-t 200000
Transactions per second
pgbench -c -t 200000
500
400
300
200
100
0
2 4 6 8 10 12 14 16 18 20
Scaling factor
PostgreSQL 8.4devel SE-PostgreSQL 8.4devel
about 10% security-tradeoff
access vector cache (AVC) minimizes system-call invocation
22 PGcon2008, Ottawa
23. Platform dependency
SE-PostgreSQL always needs SELinux to run.
Is SE-PostgreSQL available on disabled SELinux?
Is SE-PostgreSQL available on any other operating system?
PostgreSQL Access Control Extension (PGACE)
A set of platform independent hooks
To apply various kind of security module with minimum impact
Base PostgreSQL implementation PGACE framework OS specific security module
pgaceHeapTupleInsert sepgsqlHeapTupleInsert
ExecInsert
fooHeapTupleInsert
static inline bool
static inline bool
pgaceHeapTupleInsert(Relation rel, HeapTuple tup,...)
pgaceHeapTupleInsert(Relation rel, HeapTuple tup,...) varHeapTupleInsert
{
{
#ifdef HAVE_SELINUX
#ifdef HAVE_SELINUX
database
if (sepgsqlIsEnabled())
if (sepgsqlIsEnabled())
return sepgsqlHeapTupleInsert(rel, tup, ...);
return sepgsqlHeapTupleInsert(rel, tup, ...);
#endif
#endif
return true;
return true;
23 PGcon2008, Ottawa }
}
24. The current status of SE-PostgreSQL
The current status
Now, it is available on Fedora 8 or later
Patches are reviewed at CommitFest:May
Thanks for many worthful comments/suggestions!
http://wiki.postgresql.org/wiki/CommitFest:May
In the next
Now revising my patches for CommitFest:Jul
design improvement, documentation, regression test, ...
Security Policy Upstreaming
24 PGcon2008, Ottawa
25. Summary
"System-wide" Consistency in Access Controls
ITS PHILOSOPHY:
Same access control policy should be applied to same
information asset, independent from the way to store.
Key concept is sharing a single unified security policy.
Fine-grained Mandatory Access Controls
Non-bypassable for everyone
Column-/Tuple-level flexibility
Any violated tuple is filtered, as if they don't exist.
Using violated column and others invokes execution aborts.
25 PGcon2008, Ottawa
27. Thank you!
Acknoledgement:
Information-Technology Promotion Agency (IPA), Japan supported
the development of SE-PostgreSQL as one of the Exploratory
Software Projects in later half of 2006FY.
28. Resources
Project Home
http://code.google.com/p/sepgsql/
SVN repository
svn co http://sepgsql.googlecode.com/svn/ sepgsql
Today's slide
http://sepgsql.googlecode.com/files/PGCON20080523.pdf
RPM Packages
http://code.google.com/p/sepgsql/downloads/list
And, see the repository of Fedora project
Logo Currently, he has no name.
28 PGcon2008, Ottawa