Analysis of a Mandatory Access Restriction System for Oracle DBMS
Below is a MRR and PLR article in category Computers Technology -> subcategory Software.
Analysis of a Mandatory Access Restriction System for Oracle DBMS
Summary
This article examines the mandatory access restriction system in Oracle DBMS and identifies several potential data leakage channels.
Keywords
Access Control, Database Security, Mandatory Access, Oracle DBMS, Mandatory Access Model, Oracle Label Security
Article
This article analyzes the mandatory access restriction system for Oracle DBMS, uncovering several possible leakage channels.
Implementing access restrictions that consider information value is a common challenge for large-scale government or corporate information systems, such as geographical or document management systems. These systems often utilize a mandatory access model, which prevents both intentional and accidental decreases in information value through information flow control. This model labels all subjects and objects within the access restriction system.
Oracle DBMS is a prominent industrial DBMS. Starting with Oracle9i, Oracle Label Security (OLS) has been implemented, enabling mandatory access control at the record level. To enable OLS, a security policy with specific labels must be created and applied to protected tables, granting users rights to corresponding labels.
Analyzing potential leakage channels of confidential information is critical. We propose a common analysis algorithm for the mandatory access model:
1. Identify Access Object Types: Determine access object types using documentation and DBMS investigation (e.g., tables, strings, or columns).
2. Analyze SQL Commands: Determine how users can modify access objects.
3. Create Objects with Varying Confidentiality: Develop multiple objects for each access type.
4. Create User Accounts with Different Rights: Set up user accounts with varying access rights.
5. Execute SQL Queries: Run queries with different access rights and confidentiality levels to build an access model and assess vulnerabilities.
In OLS, access objects are table records with unique labels. Although it is often suggested that tables themselves are access objects, they actually contain labeled rows.
Basic SQL operations for individual records include:
- CREATE: Create a new record.
- SELECT: Read an existing record.
- UPDATE: Modify an existing record.
- DELETE: Delete a record.
Our experiments involved sequences of queries executed by users with different access rights to objects of varying confidentiality levels, constructing the mandatory access model of OLS for records. We define two variables: I (object label value) and J (access level). Lower I values indicate higher confidentiality (0 is top secret).
The model is as follows:
1. CREATE/SELECT/UPDATE/DELETE, \( j = i \)
2. SELECT, \( j \neq i \)
This model aligns with the Bell-La Padula security model, demonstrating OLS's correct function at the record level. However, tables themselves can be modified by users, bypassing mandatory access policies. Users may alter table structures, such as adding fields, even if field names are confidential. This vulnerability allows a lower-access user to still view field names, potentially containing classified information.
For example, creating a field with the name "new_password_xxx" (where xxx is confidential) using:
```sql
ALTER TABLE user1.test_table ADD (new_password VARCHAR2(30));
```
Another user without rights could still see these field names by executing:
```sql
SELECT * FROM user1.test_table;
```
This creates potential duplex channels of data exchange between users with varying access rights, risking classified information leakage. Therefore, the mandatory access model in Oracle is not complete, allowing unchecked exchange of classified information, diminishing information value.
For more on biometric keyboard signature authentication, visit: [Biometric Keyboard Signature Authentication](http://www.allmysoft.com/biometric-keyboard-signature-authentication.html)
You can find the original non-AI version of this article here: Analysis of a Mandatory Access Restriction System for Oracle DBMS.
You can browse and read all the articles for free. If you want to use them and get PLR and MRR rights, you need to buy the pack. Learn more about this pack of over 100 000 MRR and PLR articles.