Home

Trusted RUBIX Features

 Traditional DBMS Features

  • A client-server architecture which allows untrusted clients to access either a single or multiple trusted servers running Trusted RUBIX.

  • An SQL Interface which conforms to the ANSI SQL 92 standard and includes functions of the SQL3 standard.

  • Sophisticated techniques for cost-based and heuristic query optimization.

  • Users can write to standard Application Programming Interfaces (APIs) such as Call Level Interface (CLI) and ODBC.

  • Tools for database back-up, database recovery, table import, table export, row reclassification, and audit management.

  • Fully ACID complient transactional support (Atomicity, Consistency, Isolation, and Durability).

  • A savepoint mechanism which allows transactions to be partially rolled back (on user request). Thus, a user can undue all updates performed since the specified savepoint, while at the same time preserve updates performed prior to that point.

  • All of the features of Trusted RUBIX are available 24 hours a day. The system need not be shut down to fix a table if the system crashes. Trusted RUBIX enables the user to back up and recover data, add a new table, or make other changes to the database, and even modify the data dictionary - all while users continue to access the database.


Advanced Security Features

  • An internal design that focuses on the modularity and layering principles which are critical in high assurance systems. The DBMS MAC policy is implimented as a minimized reference monitor within the database kernel. No query modification or SQL engine "hooks" are used.

  • Validated at the EAL-4 Conformance Level on Trusted Solaris 8. For more information on the Common Criteria evaluation of Trusted RUBIX see http://www.niap-ccevs.org/cc-scheme/st/vid1015/.

  • Full integration of the host operating system's OS-MAC policy with the DBMS.

  • Supported OS-MAC policies include Multi-Level Security (Trusted Solaris 8, Solaris 10 TX, and SE-Linux), Type Enforcement (SE-Linux), and Role Based Access Control.

  • Full polyinstantiation of unique database objects (e.g., primary keys) to remove information flows accross security domains caused by naming conflicts. For example, an UNCLASSIFIED user would not be able to detect that a primary key exists at the SECRET level by attempting to insert a primary key with the same value. In this case, Trusted RUBIX will instantiate two versions of the primary key, one for UNCLASSIFIED users and one for SECRET users. Other DBMS vendors might return a "primary key exists" error code to the UNCLASSIFIED user resulting in an illegal information flow from the SECRET domain to the UNCLASSIFIED domain.

  • Attribute Based Access Control (ABAC) security policies are enforced using the Security Policy Manager (SPM). It allows highly customized, complex, and hierarchical security policies to be created using an XML language based upon the OASIS XACML 2.0 standard. The SPM policies and policy sets may be configured to further refine the underlying OS-MAC security policy or to allow highly controlled data releases across OS-MAC security domains.

  • A complete audit trail for all database operations. The SPM allows highly custom audit records to be written based upon the outcome of complex ABAC policy rules.

  • Discretionary Access Controls (DAC) specify who can do what to the data - who can read, who can insert, who can change, etc. The controls are discretionary in the sense that a user with certain access privilege is capable of passing that privilege to other users.

  • Full MAC policy control over the database dictionary.

  • Trusted RUBIX's unique multi-version timestamping concurrency control technique which enables the system to securely manage all changes taking place within the database, even with multiple applications running. This concurrency control technique removes covert channels between transactions of different security domains as they access common database objects.