Overview of Security Policies
Trusted RUBIX enforces five distinct security policies. In general, each policy must permit an operation for it to be successful.
- Multilevel Security (MLS): RDBMS objects and user sessions are assigned classifications levels. Fixed Bell-La Padula rules define allowable operations (users allowed to read objects with dominated classifications, users allowed to write objects with equal classifications).
- Type Enforcement (TE, SELinux only): User sessions are assigned domains and RDBMS objects are assigned types. A scripting language is used to define which type is assigned to an object and which domain is assigned to a user session. The scripting language is also used to define if a user session may perform an operation on an object given the user session's domain, the object's type, and the RDBMS operation being performed.
- Attribute Based Access Control (ABAC): XML policies (based upon the XACML standard) are assigned to named RDBMS objects and control the RDBMS operations that may be performed on that object. Modular and dynamic policy logic uses numerous RDBMS attributes and consists of rules, policies, and policy sets. Policy driven actions may also be performed (e.g., produce a custom audit record, calculate and set a column value).
- Role Based Access Control (RBAC): Named roles are given a set of authorizations (the ability to perform one or more RDBMS actions). Each role is assigned to any number of users. A user assumes a single role at a time and may transition between roles. The set of actions a user may perform is bounded by its current role. RBAC may cover RDBMS client based actions (e.g., connect to a database) and RDBMS administrative actions (e.g., backup the database).
- Discretionary Access Control (DAC): Traditional SQL standard access control mechanism. An Access Control List consisting of the user/group ID, the object name, and the SQL operation is used to control access to objects.