Databases Reference
In-Depth Information
Content-Based Authorizations
Discretionary models can be further categorized according to whether they
support content-dependent access control. Content-dependent access con-
trol conditions the access to a given object to the content of one or more of
its components. For example, in a relational DBMS that supports content-
dependent access control, it is possible to authorize a subject to access infor-
mation only about employees whose salaries are not greater than $30,000.
There are two common approaches according to which content-based
access control is enforced. The first is association of a predicate (or a boolean
combination of predicates) with the authorization. The predicate expresses
the conditions on the object content that must be satisfied to authorize the
access. The second approach is to define a view that selects the objects whose
content satisfies a given condition and then grant the authorization on the
view instead of on the basic objects.
11.2.2.2 Mandatory Access Control Policies
Mandatory access control (MAC) policies specify the access that subjects
have to objects based on subject and object classification. This type of secu-
rity is also referred to as multilevel security. DB systems that satisfy multilevel
security properties are called multilevel secure DBMSs (MLS/DBMS) or
trusted DBMSs (TDBMS). Many of the MLS/DBMSs have been designed
based on the Bell and LaPadula policy [4] specified for operating systems.
We will first state that policy and then discuss how it has been adopted for
DBMSs.
In the Bell and LaPadula policy, subjects are assigned clearance levels,
and they can operate at a level up to and including their clearance levels.
Objects are assigned sensitivity levels. The clearance levels as well as the sensi-
tivity levels are called security levels. The set of security levels forms a partially
ordered lattice with Unclassified, Confidential, Secret, TopSecret. The fol-
lowing are the two rules in the policy:
Simple security property. A subject has read access to an object if its
security level dominates the level of the object.
·
*
-property (read star property). A subject has write access to an
object if the subjects security level is dominated by that of the
object.
·
These properties also apply to DB systems. However, for DB systems, the
*
-property is modified to read as follows: A subject has write access to an
