Đang chuẩn bị liên kết để tải về tài liệu:
Bài giảng Bảo mật cơ sở dữ liệu: Chương 3 - Trần Thị Kim Chi (tt)

Bài giảng "Bảo mật cơ sở dữ liệu - Chương 3: Bảo mật theo cơ chế MAC" cung cấp cho người học các kiến thức: Define Mandatory Access Control Models, secrecy-preserving models, integrity-preserving models, multi-Level security, multi-level databases access control models,. . | Bảo mật theo cơ chế MAC Mandatory Access Control Models Agenda Define Mandatory Access Control Models Secrecy-preserving models Integrity-preserving models Multi-Level security Multi-level databases access control models Multi-level secure DBMS architecture MAC trong các hệ QTCSDL thông dụng 2 Define Mandatory Access Control Mandatory Access Control : A system-wide policy decrees who is allowed to have access; individual user cannot alter that access. Relies on the system to control access. Examples: The law allows a court to access driving records without the owners’ permission. Traditional MAC mechanisms have been tightly coupled to a few security models. Recently, systems supporting flexible security models start to appear (e.g., SELinux, Trusted Solaris, TrustedBSD, etc.) 3 Mandatory Access Control vs Discretionary Access Control MAC is centrally controlled by a security policy administrator; users do not have the ability to override the policy and, for example, grant access to files that would otherwise be restricted. DAC, which also governs the ability of subjects to access objects, allows users the ability to make policy decisions and/or assign security attributes. MAC-enabled systems allow policy administrators to implement organization-wide security policies. With DAC, users cannot override or modify this policy, either accidentally or intentionally. This allows security administrators to define a central policy that is guaranteed (in principle) to be enforced for all users. 4 Degrees of MAC system strength In some systems, users have the authority to decide whether to grant access to any other user. To allow that, all users have clearances for all data. This is not necessarily true of a MAC system. If individuals or processes exist that may be denied access to any of the data in the system environment, then the system must be trusted to enforce MAC. Since there can be various levels of data classification and user clearances, this implies a quantified . | Bảo mật theo cơ chế MAC Mandatory Access Control Models Agenda Define Mandatory Access Control Models Secrecy-preserving models Integrity-preserving models Multi-Level security Multi-level databases access control models Multi-level secure DBMS architecture MAC trong các hệ QTCSDL thông dụng 2 Define Mandatory Access Control Mandatory Access Control : A system-wide policy decrees who is allowed to have access; individual user cannot alter that access. Relies on the system to control access. Examples: The law allows a court to access driving records without the owners’ permission. Traditional MAC mechanisms have been tightly coupled to a few security models. Recently, systems supporting flexible security models start to appear (e.g., SELinux, Trusted Solaris, TrustedBSD, etc.) 3 Mandatory Access Control vs Discretionary Access Control MAC is centrally controlled by a security policy administrator; users do not have the ability to override the policy and, for example, grant access to