|
|
| Re: Trusted Oracle [message #19094 is a reply to message #19083] |
Thu, 28 February 2002 04:41  |
pratap kumar tripathy
Messages: 660
Registered: January 2002
|
Senior Member |
|
|
Central to understanding what Trusted Oracle does is understanding the concept
of a LABEL. Labels are security clasifications for data. Most people are
familiar with labels without being aware of it, they include clasifications
such as SECRET, TOP SECRET, CONFIDENTIAL, etc.
According to government specifications for trusted computing, data
must be labeled, and those labels enforced by the software or hardware so if a
user cleared for SECRET tries to access data labelled at TOP SECRET, they
will not be given access to the data. Likewise, a user running at SECRET may
not write to a file labelled at CONFIDENTIAL, as they might place SECRET data
in it, allowing another user cleared only to CONFIDENTIAL to access the data.
These two rules are known commonly as NO WRITEDOWN and NO READUP.
Trusted Oracle runs on any one of several Trusted Operating Systems, the most
common two being Trusted Solaris and Trusted HP-UX. In these OS environments,
labels are placed on users, processes, files, devices, and ports. Trusted
Oracle relies heavily on the OS enforcement of labels and the no
writedown/readup rules.
To the OS capabilites, Trusted Oracle adds row-level enforcement of labels.
Each table has a column of datatype MLSLABEL, called ROWLABEL, and each row
takes on the label of it's user who inserted it, i.e. if a user is logged in
at SECRET, any row they insert will be labelled SECRET. The user has no control
over this.
Two special labels, DBHIGH (the highest level of data allowed in the database)
and DBLOW (the lowest level data allowed in the database) are chosen at install.
These can be found in the view "V$SYSLABEL".
Each user, at both the OS and database level, is given a clearance range they
are allowed to log in at, and the DB clearance range must be a subset of the OS
level. A user will be logged into the database at the level they are running
at within the OS. Special privileges at both the OS and database level must be
given to the user to change their label once logged in. Most users must log
out, open a window in the OS at a different label, and log in again to change
their label within the database.
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
