1 " QK - - PDF document

SLIDE 1

1

MCI MCI

1

• Jalili@sharif.edu
• 89
• 90

MCI MCI

2

• !"
• #

) #% " &'#% (

– )

• #
• *
• 89
• 90

MCI MCI

3

• 89
• 90
• +

2

• . /#0 -

– ' : Logical view – ' 1. 2 – 345 2

• 6'#

) 345 ' (

• 7

– 80#9 1* – :; 1* – <=> 1*

MCI MCI

4

• 89
• 90
• +

View

• /);
• CREATE VIEW failed-students

ON STUDENTS WHERE STUDENTS.Average < 10.

MCI MCI

5

• 89
• 90
• &1#? @
• " A 7

: 1 + 9= : "DE ?5 /? F GA H*6I . 2 + =

• :

HK6 HL; /? F GA H*6I "DE . 3 + N # : "DE )91 /? F GA #% . 5 A% " .

MCI MCI

6

• 89
• 90
• # HA;
• A

– OK )7I 6 – 45 G9 45 0 P – 9%9 P

• 1*

– "D ! – 0# &*

• P
• P

SLIDE 2

2

MCI MCI

7

• 89
• 90

"9

• " QK
• " QK
• N GD9 " A. R;

: 1 + # # : ST #T% ;T*6I U ! # # P V9W

• .

. 2 + X## # : HT*6I " 9= H*6I X## " F "D )

• Y

( 3 +

• )

: + F !7#? + 9Z " # ; + N9 4D; )

• (

MCI MCI

8

• 89
• 90

"9

• " QK
• +
• 4

+

• ;1* )

+ 91

• +

N

• +

NF &W

• 5

+

• A )

+ #) = 6 + TT%K 9TT

• MCI

MCI

9

• 89
• 90

"9

• " QK
• +

3

7 +

! > "K 8 + %K " QK 9 + =a QK 10 + "= SI " 9 V #P9 '#9 + "D A>9 + c5K A>9 + 0 A>9

MCI MCI

10

• 89
• 90

;W SI " # A># :

1 + ! # : !T VT HT*6I !T @d V # #%

• .

. " !9P @6e

• V#.9
• .

1 :

• fT. - H*6I 1g 2 ! G*

. QK #1 . + " Th4 T3 T. T19 &T'# HT*6I V* )W HT*6I " T#5F H*6I : Th4 ;T*6I !T

• +
• 9T. *W i0? "D H9

. T T) %a f. 41; 3 . i0? f. %K .

MCI MCI

11

• 89
• 90

;W SI " # A># :

2 + X## # : '#% E i0?; " " QK . !Y ) @

• SI "
• .

## 9 : 2 + 1 '#%E # : A;

• T# SK

' >

• 1A5

.

• !!"#$%&'!#!()

STK > 67W j9Y ? X 9 9Y V#%9 !

MCI MCI

12

• 89
• 90

;W SI " # A># :

2 + 2 R7; : Z= T * K # SK A; T

• K

. 2 + 3 T T l m ?9 h (Missing) #%a %K 1A5 A ! 2 + 4 Y X## : Y U; SI " SQL ' : 6#P (Perturbation) # ) "9 V n ! 6e (

SLIDE 3

3

MCI MCI

13

• 89
• 90

;W SI " # A># :

3 + # # : T '#T% # 1 3 " !1I # ? RP Q# o'W .

• &. # # #%

– # ? RP *W " *1D – ># " *1D

MCI MCI

14

• 89
• 90

# #

P # *W # # # 9 # " P L; ? RP #

MCI MCI

15

• 89
• 90

# ? RP

• 7 /); Hg
• # " = ? RP

:

– "D &WK – "D eK

• #% #%

) ) p &3. (

• " #%

) ) p &3. (

• "D ? RP

!! qV#5TF r ! qSK s SK

MCI MCI

16

• 89
• 90
• :
• # #

: #% #%

• Y

N

MCI MCI

17

• 89
• 90

# # : " #%

• :

!" # Y N

MCI MCI

18

• 89
• 90

# ? RP + 2

• # ? RP

:

– 41# – . U"; – 7; % 41#9 – #3> : #P l> . – )1 #P ) 9F 1:; 5 l " t (

• T1 ;*6I ! A9Y = a # #%

.

– 7 : ) p &3. – #P : ) p &3. . F r" ru ?#9 !3 !!

• lT RT; V#.9 !9P v. v. l " ;*6I ! !3

!; 9 &* .

– 49 ? RP w; !3

SLIDE 4

4

MCI MCI

19

• 89
• 90

#P # # (Discretionary)

• $
• #%

#& '( N Y

• #%

)* " '( N Y

MCI MCI

20

• 89
• 90

#P # # A> + 1

• +,

T T T *W . T T# @3 i0? d # x9 3 .

• VT31 T TP R; @! "D f* !3
• .
• STK lT> T 93> ? RP @ G5 V; y

r 3 * ! P F .

• V h d l @# # r;

.

• #% d V % #P A> '

.

MCI MCI

21

• 89
• 90

# # A> #P + 2

• # r;

) access matrix (

• HRU
• NP

+ * ) Take - Grant (

• ...

MCI MCI

22

• 89
• 90

7 # # (Mandatory)

• #
• /

'% $ / 01 2 " '( #& Y N 01 #

MCI MCI

23

• 89
• 90

7 # # A>

• 2 +,

T# fT. &* 3 .

• #% )5 &* &) f.

.

• T T1 # 6 l @f. &*

. TF :0? ) T# (

• fT. &T* VT

. " V31 # @. W .

• Bell & Lapadula

d V h .

MCI MCI

24

• 89
• 90

t'9 # # A> + 7

• 34 +,

5 #2 wE !" # "9 t. z . h @9 3; t'9 = .

• T*1D lT T t'9 F

w%# t'9 l 5 # P /Q GD9 #% t; .

• 7 #P &.

:

– ! "D *{ !3 )

• F

( ? #P ? RP – "D F 8%#9 = P /; !3 ? 7 ? RP

• A> 9P

RBAC

9 W # V .

SLIDE 5

5

MCI MCI

25

• 89
• 90

# H93

• DBMS

5

• 9 /#0 H
• #
• # A># /#0 x9
• ."D

) Authorization (

• =a QK
• T

T0 T T9 V#T T.9 ) Covert Channel :( |T T7; d H*6I "DE # '#%E .

• X## #

) Inference (

MCI MCI

26

• 89
• 90

# H93

• DBMS

5 )

• (
• 919 a

(polyinstantiation) " FT T X## : /#0 ! c9 " !%3 } H# }? .

• ) # 9= # A. ! au3
• Hc9

(auditing)

• 4 " &K ') Y
• #
• ! #

(flow) H*6I :'

MCI MCI

27

• 89
• 90
• DBA
• (DBA)

/Q GD9 ;# "D . #. " ) A> 1;

• x9

DBMS

• :(
• D

: 7* ~1 V); D .

• "D *

: l G"n "D ! .

• "D L>

: . "D ! &I .

• # 2 i:0;

: w # 2 p:#P .

MCI MCI

28

• 89
• 90

l # A# " )

DBMS

• dP A?;

+ P

• "D &WK

) Least Privilege :( T"D &WK ! @G"n

• # c9

.

• !
• . .
• /Q l3;

) Separation of Duties :( T9#9 • # f P "D " )

• w0;

.(

MCI MCI

Well-formed transaction

• The principle of well-formed transaction is defined as a

transaction where the user is unable manipulate data arbitrarily, but only in constrained (limitations or boundaries) ways that preserve or ensure the integrity

• f the data. A security system in which transactions are

well-formed ensures that only legitimate actions can be

• executed. Ensures the internal data is accurate and

consistent to what it represents in the real world

29

• 89
• 90

MCI MCI

30

• 89
• 90

# A# " ) l

DBMS

)

• (
• H1* G;

DBMS €'9 G .

• )W 9 A# 8#

.

• UW ""
• "D " # f

.

• %
• P" * # A>

.

• " NF

: A# "D p:#P .

SLIDE 6

6

MCI MCI

1) l DBMS &. F•

• #

31

• 89
• 90

MCI MCI

32

• 89
• 90

# l 4

• A*

) subjects (

• f.

)

• bjects

(

• # A#>K

) access modes (

• )

policies (

• ."D
• )

authorizations (

• # "D

) administrative rights (

• )

axioms (

MCI MCI

4 l

• #

)

• (

33

• 89
• 90

MCI MCI

34

• 89
• 90

/);

• # "

/

– !" l # "9 9 – #% "DE HnK " "D HnK l3;

• # 0

– # ? RP " x4#9 l – V''= " P '#* : # ? RP !

• 0#

: #% # G493

> S:; . (Identification & Authentication)

+

."D G493 (Authorization)

MCI MCI

35

• 89
• 90

3?;

http://nsc.sharif.edu