2. A new paradigm of database
security which assigns different security
levels to users and as well as attributes
depending upon some security policies as
per requirement
3.
4. • Conventional database security does not provide “granular security”
• You either have access or have no access to a database
• But items in a database are of different types, need different security
• One “easy” solution; keep items of same security levels in different
tables
Problems
• Conflict with relational dependencies
• Increased complexity in order to preserve both relational
dependencies and security dependencies
5. “Multi-level Security System”
Users of a particular security level can only access elements in a
database which correspond to his/her security level
This way, sensitive data in the same database will be hidden, while still
allowing the public to access the central database
6.
7. The Bell-LaPadula Model
This model focuses on data confidentiality and controlled access to
classified information. In this formal model, the entities in an
information system are divided into subjects and objects. The Bell–
LaPadula is built on the concept of a state machine with a set of
allowable “secure states”. The notion of a "secure state" is defined,
and it is proven that each state transition preserves security by
moving from secure state to secure state. This inductively proves
that the system satisfies the security objectives of the model
8. The Bell-LaPadula Model
The Bell–LaPadula model defines a “secure state” through three
multilevel properties
• The Simple Security Property (ss Property)
• The * (star) Security Property
• The Discretionary Security Property
9. The Simple Security Property
This policy requires a subject of lower security level cannot read
from an object of higher security level, that is, no “read-up”
10. The * (Star) Security Property
This policy requires a subject of higher security level not to write
on an object of lower security level, that is, no “write down”
11. The Discretionary Security Property
This policy does not require any hard and fast rule.
A security mapping is created between subjects and objects which
indicates which subject can read and write into which object.
12.
13. 1. Identification of subjects, objects and permitted actions
(identification process)
1. Identification of the subjects
2. Identification of the objects
2. Assignment of security labels (labeling process)
1. Assignment of security labels to the subjects
2. Assignment of security labels to the objects
15. Pros
• Gives finer control over the security of the database
• Attributes do not loose their functional dependency
• No need to change original database to implement this feature;
transparent. Hence, very easy to mobilize the technology
• There needs to be only one global database which users can use,
without any fear of leakage of sensitive data. No need to create a
separate database for different security levels
16. Cons
• For every query, the security level of every element needs to be
checked with the security level of the user. Hence, the process is a
bit slow
• Care has to be taken for some special conditions which might
arise during “write up” operations