SlideShare ist ein Scribd-Unternehmen logo

Distributed database security with discretionary access control

Als PPTX, PDF herunterladen
Jyotishkar Dey
Jyotishkar Dey

Distributed database security with discretionary access control.. This was my my final year project.. This is based on Bell Lapadula model

BildungTechnologieBusiness
1 von 18
By Sumitro Bhaumik – 000911001011 Jyotishkar Dey – 000911001036
A new paradigm of database security which assigns different security levels to users and as well as attributes depending upon some security policies as per requirement
• Conventional database security does not provide “granular security” • You either have access or have no access to a database • But items in a database are of different types, need different security • One “easy” solution; keep items of same security levels in different tables Problems • Conflict with relational dependencies • Increased complexity in order to preserve both relational dependencies and security dependencies
“Multi-level Security System” Users of a particular security level can only access elements in a database which correspond to his/her security level This way, sensitive data in the same database will be hidden, while still allowing the public to access the central database
The Bell-LaPadula Model This model focuses on data confidentiality and controlled access to classified information. In this formal model, the entities in an information system are divided into subjects and objects. The Bell– LaPadula is built on the concept of a state machine with a set of allowable “secure states”. The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state. This inductively proves that the system satisfies the security objectives of the model
The Bell-LaPadula Model The Bell–LaPadula model defines a “secure state” through three multilevel properties • The Simple Security Property (ss Property) • The * (star) Security Property • The Discretionary Security Property
The Simple Security Property This policy requires a subject of lower security level cannot read from an object of higher security level, that is, no “read-up”
The * (Star) Security Property This policy requires a subject of higher security level not to write on an object of lower security level, that is, no “write down”
The Discretionary Security Property This policy does not require any hard and fast rule. A security mapping is created between subjects and objects which indicates which subject can read and write into which object.
1. Identification of subjects, objects and permitted actions (identification process) 1. Identification of the subjects 2. Identification of the objects 2. Assignment of security labels (labeling process) 1. Assignment of security labels to the subjects 2. Assignment of security labels to the objects
Identification of subjects Identification of objects Labeling of subjects Labeling of objects
Pros • Gives finer control over the security of the database • Attributes do not loose their functional dependency • No need to change original database to implement this feature; transparent. Hence, very easy to mobilize the technology • There needs to be only one global database which users can use, without any fear of leakage of sensitive data. No need to create a separate database for different security levels
Cons • For every query, the security level of every element needs to be checked with the security level of the user. Hence, the process is a bit slow • Care has to be taken for some special conditions which might arise during “write up” operations
• Banking • Defense • Office • Public/Private database
Distributed database security with discretionary access control

Empfohlen

Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access control
Jyotishkar Dey
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-db
uncleRhyme
 
Database security
Database securityDatabase security
Database security
keerthusandeepreddy
 
Database Security
Database SecurityDatabase Security
Database Security
ShingalaKrupa
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
G Prachi
 
Database security copy
Database security copyDatabase security copy
Database security copy
fika sweety
 
DB security
DB security DB security
DB security
ERSHUBHAM TIWARI
 
Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013
Prosanta Ghosh
 

Empfohlen

Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access control
Jyotishkar Dey
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-db
uncleRhyme
 
Database security
Database securityDatabase security
Database security
keerthusandeepreddy
 
Database Security
Database SecurityDatabase Security
Database Security
ShingalaKrupa
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
G Prachi
 
Database security copy
Database security copyDatabase security copy
Database security copy
fika sweety
 
DB security
DB security DB security
DB security
ERSHUBHAM TIWARI
 
Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013Dbms ii mca-ch12-security-2013
Dbms ii mca-ch12-security-2013
Prosanta Ghosh
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
Database security
Database securityDatabase security
Database security
Software Engineering
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
Neeharika Nidadavolu
 
An Overview of Security in Distributed Database Management System
An Overview of Security in Distributed Database Management SystemAn Overview of Security in Distributed Database Management System
An Overview of Security in Distributed Database Management System
IJSRD
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
Syaiful Ahdan
 
Database security
Database securityDatabase security
Database security
CAS
 
Security of the database
Security of the databaseSecurity of the database
Security of the database
Pratik Tamgadge
 
Database security
Database securityDatabase security
Database security
Birju Tank
 
Database security
Database securityDatabase security
Database security
Arpana shree
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
Pooja Dixit
 
Database security issues
Database security issuesDatabase security issues
Database security issues
n|u - The Open Security Community
 
Database security
Database securityDatabase security
Database security
Murchana Borah
 
Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of Data
Adeel Riaz
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
Sudeb Das
 
Chapter23
Chapter23Chapter23
Chapter23
gourab87
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITY
Wasim Raza
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Database Security
Database SecurityDatabase Security
Database Security
Ferdous Pathan
 
Database security
Database securityDatabase security
Database security
Prabhat gangwar
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
dos_security_final
dos_security_finaldos_security_final
dos_security_final
Michele Vincent
 
CISSP week 25
CISSP week 25CISSP week 25
CISSP week 25
jemtallon
 

Weitere ähnliche Inhalte

Was ist angesagt?

An Overview of Security in Distributed Database Management System
An Overview of Security in Distributed Database Management SystemAn Overview of Security in Distributed Database Management System
An Overview of Security in Distributed Database Management System
IJSRD
 

Was ist angesagt? (20)

security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
Database security
Database securityDatabase security
Database security
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
 
An Overview of Security in Distributed Database Management System
An Overview of Security in Distributed Database Management SystemAn Overview of Security in Distributed Database Management System
An Overview of Security in Distributed Database Management System
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
 
Database security
Database securityDatabase security
Database security
 
Security of the database
Security of the databaseSecurity of the database
Security of the database
 
Database security
Database securityDatabase security
Database security
 
Database security
Database securityDatabase security
Database security
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
Database security
Database securityDatabase security
Database security
 
Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of Data
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
 
Chapter23
Chapter23Chapter23
Chapter23
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITY
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Database Security
Database SecurityDatabase Security
Database Security
 
Database security
Database securityDatabase security
Database security
 
Database security
Database securityDatabase security
Database security
 

Andere mochten auch

CISSP week 25
CISSP week 25CISSP week 25
CISSP week 25
jemtallon
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CloudIDSummit
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
jemtallon
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
Information Technology
 

Andere mochten auch (20)

dos_security_final
dos_security_finaldos_security_final
dos_security_final
 
CISSP week 25
CISSP week 25CISSP week 25
CISSP week 25
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction Security
 
DISTRIBUTED DATABASE
DISTRIBUTED DATABASEDISTRIBUTED DATABASE
DISTRIBUTED DATABASE
 
Database auditing models
Database auditing models Database auditing models
Database auditing models
 
Mandatory access control for information security
Mandatory access control for information securityMandatory access control for information security
Mandatory access control for information security
 
Intro To Access Controls
Intro To Access ControlsIntro To Access Controls
Intro To Access Controls
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
 
Security models
Security models Security models
Security models
 
Accelerator Innovation Network Event: Session 2
Accelerator Innovation Network Event: Session 2 Accelerator Innovation Network Event: Session 2
Accelerator Innovation Network Event: Session 2
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and Practice
 
Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2Slide Deck CISSP Class Session 2
Slide Deck CISSP Class Session 2
 
Cyber Security Entrepreneurship (for Women in Security)
Cyber Security Entrepreneurship (for Women in Security)Cyber Security Entrepreneurship (for Women in Security)
Cyber Security Entrepreneurship (for Women in Security)
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password Authentication
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 

Ähnlich wie Distributed database security with discretionary access control

Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
chnrketan
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
FilGov
 
A Privacy Preserving Attribute Based Access Control Mechanism In Distributed ...
A Privacy Preserving Attribute Based Access Control Mechanism In Distributed ...A Privacy Preserving Attribute Based Access Control Mechanism In Distributed ...
A Privacy Preserving Attribute Based Access Control Mechanism In Distributed ...
Editor IJCATR
 

Ähnlich wie Distributed database security with discretionary access control (20)

Database Security - IG
Database Security - IGDatabase Security - IG
Database Security - IG
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
Security Architecture-Security Models
Security Architecture-Security ModelsSecurity Architecture-Security Models
Security Architecture-Security Models
 
The Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdfThe Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdf
 
Presentation security measure
Presentation security measurePresentation security measure
Presentation security measure
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
 
Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
 
A Privacy Preserving Attribute Based Access Control Mechanism In Distributed ...
A Privacy Preserving Attribute Based Access Control Mechanism In Distributed ...A Privacy Preserving Attribute Based Access Control Mechanism In Distributed ...
A Privacy Preserving Attribute Based Access Control Mechanism In Distributed ...
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
 
Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)Are Your Mobile Apps Secure? (Part I)
Are Your Mobile Apps Secure? (Part I)
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
JPD1422 Secure Data Retrieval for Decentralized Disruption-Tolerant Military...
JPD1422 Secure Data Retrieval for Decentralized Disruption-Tolerant Military...JPD1422 Secure Data Retrieval for Decentralized Disruption-Tolerant Military...
JPD1422 Secure Data Retrieval for Decentralized Disruption-Tolerant Military...
 
Security in oracle
Security in oracleSecurity in oracle
Security in oracle
 
JPJ1435 Secure Data Retrieval For Decentralized Disruption-Tolerant Militar...
JPJ1435 Secure Data Retrieval For Decentralized Disruption-Tolerant Militar...JPJ1435 Secure Data Retrieval For Decentralized Disruption-Tolerant Militar...
JPJ1435 Secure Data Retrieval For Decentralized Disruption-Tolerant Militar...
 
IEEE 2014 DOTNET NETWORKING PROJECTS Secure data-retrieval-for-decentralized-...
IEEE 2014 DOTNET NETWORKING PROJECTS Secure data-retrieval-for-decentralized-...IEEE 2014 DOTNET NETWORKING PROJECTS Secure data-retrieval-for-decentralized-...
IEEE 2014 DOTNET NETWORKING PROJECTS Secure data-retrieval-for-decentralized-...
 
2014 IEEE DOTNET NETWORKING PROJECT Secure data-retrieval-for-decentralized-d...
2014 IEEE DOTNET NETWORKING PROJECT Secure data-retrieval-for-decentralized-d...2014 IEEE DOTNET NETWORKING PROJECT Secure data-retrieval-for-decentralized-d...
2014 IEEE DOTNET NETWORKING PROJECT Secure data-retrieval-for-decentralized-d...
 
security in oracle database
security in oracle databasesecurity in oracle database
security in oracle database
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 

Kürzlich hochgeladen

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 

Kürzlich hochgeladen (20)

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 

Distributed database security with discretionary access control

  • 1. By Sumitro Bhaumik – 000911001011 Jyotishkar Dey – 000911001036
  • 2. A new paradigm of database security which assigns different security levels to users and as well as attributes depending upon some security policies as per requirement
  • 3.
  • 4. • Conventional database security does not provide “granular security” • You either have access or have no access to a database • But items in a database are of different types, need different security • One “easy” solution; keep items of same security levels in different tables Problems • Conflict with relational dependencies • Increased complexity in order to preserve both relational dependencies and security dependencies
  • 5. “Multi-level Security System” Users of a particular security level can only access elements in a database which correspond to his/her security level This way, sensitive data in the same database will be hidden, while still allowing the public to access the central database
  • 6.
  • 7. The Bell-LaPadula Model This model focuses on data confidentiality and controlled access to classified information. In this formal model, the entities in an information system are divided into subjects and objects. The Bell– LaPadula is built on the concept of a state machine with a set of allowable “secure states”. The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state. This inductively proves that the system satisfies the security objectives of the model
  • 8. The Bell-LaPadula Model The Bell–LaPadula model defines a “secure state” through three multilevel properties • The Simple Security Property (ss Property) • The * (star) Security Property • The Discretionary Security Property
  • 9. The Simple Security Property This policy requires a subject of lower security level cannot read from an object of higher security level, that is, no “read-up”
  • 10. The * (Star) Security Property This policy requires a subject of higher security level not to write on an object of lower security level, that is, no “write down”
  • 11. The Discretionary Security Property This policy does not require any hard and fast rule. A security mapping is created between subjects and objects which indicates which subject can read and write into which object.
  • 12.
  • 13. 1. Identification of subjects, objects and permitted actions (identification process) 1. Identification of the subjects 2. Identification of the objects 2. Assignment of security labels (labeling process) 1. Assignment of security labels to the subjects 2. Assignment of security labels to the objects
  • 14. Identification of subjects Identification of objects Labeling of subjects Labeling of objects
  • 15. Pros • Gives finer control over the security of the database • Attributes do not loose their functional dependency • No need to change original database to implement this feature; transparent. Hence, very easy to mobilize the technology • There needs to be only one global database which users can use, without any fear of leakage of sensitive data. No need to create a separate database for different security levels
  • 16. Cons • For every query, the security level of every element needs to be checked with the security level of the user. Hence, the process is a bit slow • Care has to be taken for some special conditions which might arise during “write up” operations
  • 17. • Banking • Defense • Office • Public/Private database

Hinweis der Redaktion

  1. Different tuples and different attributes are assigned a security level Different users have the same set of security levels