[introduction to database system (Wang Shan)] Chapter 4 - Database Security

1、 Security level

       TCSEC Divide the system into four groups （ABCD） Seven levels , In turn, is D、C1、C2、B1、B2、B3、A1.
       D level ： Is the lowest level . All systems that do not meet higher standards are attributed to D Group . Such as DOS The security standard in the real operating system is D Typical example of level .
       C1 level ： Very primary autonomous security . Able to separate users and data , Self access control （DAC）, Protect or restrict the propagation of user rights .
        C2 level ： The lowest level of safety products . Provide controlled access protection , take C1 Class DAC Further refine , Register as a person responsible for , And implement audit and resource isolation . achieve C2 Grade a products are often not prominent in their names “ Security ”(Security) This feature .
        B1 level ： Mark security .“ Security ”(Security) or “ credible ”(Trusted) product .
Mark the data of the system , Enforce access control over the subject and object of the tag （MAC）、 Auditing and other security mechanisms .
        B2 level ： Structured protection . Establish a formal security policy model and implement it to all subjects and objects in the system DAC and MAC. Certified B2 There are very few safety systems above class .
        B3 level ： Security domain .
        A1 level ： Verification design , I.e B3 At the same time, the formal design description and verification of the system are given to ensure that each safety protection is truly realized .

2、 Database security control method ：

3、 User identification and authentication

        User ID ： Use a user name or user identification number to identify the user .
        password ： The system checks the password to identify the user .
        The basic method
               The system provides a certain way for users to identify their name or identity ;
               The system records the identification of all legal users ;
               Every time the user requests to enter the system , The system checks the identity provided by the user ;
               The right to use the machine will be provided only after passing the appraisal .
               User identification and authentication can be repeated many times
        This method is simple and easy to operate , But the user name and password are easy to be stolen .

4、 Access control

Composition of access control mechanism ：

        Define access （ user ） jurisdiction
        Check access rights

Define access rights ：

        Specify which users can perform what operations on data objects .

Check access rights ： Check whether the operation request exceeds the defined permission .

Common access control ：

Autonomous access control （DAC）：C2 level , Very flexible .

        The same user has different access rights to different data objects
        Different users have different permissions on the same object
        Users can also delegate their access rights to other users

Forced access control (MAC): B1 level , Quite strict .

        Each data object is marked with a certain level of secrecy
        Each user is also granted a certain level of license
        For any object , Only users with a valid license can access

5、 User permissions are composed of two elements: database objects and operation types .

6、 Autonomous access control （DAC） Method

        Mainly through SQL Provided grant Statement and revoke Statement to implement .
to grant authorization ： Defining access rights becomes authorization .

GRANT The general format of the statement ：

   GRANT < jurisdiction >[,< jurisdiction >]... 
      [ON < object type > < Object name >]
       TO < user >[,< user >]...
      [WITH GRANT OPTION];

GRANT function （ effect ）：

        Grant the specified operation permission to the specified user... For the specified operation object .

issue GRANT Object of statement ：

       DBA（ Database administrator ）, Database object Creator , Users who already have this permission .DBA Have all permissions on all objects in the database , Users have all the operation permissions for the basic tables and views they have created .
Users who accept permissions ： One or more specific users , or PUBLIC, That is, all users .

WITH GRANT OPTION:

        Users who have obtained certain permissions can also grant such permissions to other users . If the statement is not specified , Then the user can only use this permission , The permission cannot be propagated .

 example 1   Put the inquiry Student Table permissions are granted to users U1
  GRANT   SELECT（INSERT/UPDATE(Sno)）   Or for  ALL PRIVILEGES( All operation permissions )
  ON   TABLE   Student 
  TO   U1; perhaps  TO U1,U2,U3; perhaps  TO PUBLIC;
  
 example 2   Check the watch SC Of insert Authority granted to U5, And allow this permission to be granted to other users .
  GRANT INSERT
  ON  SC
  TO U5
  WITH GRANT OPTION;
	 Executive example 2 after ,U5 It's not just about having a watch SC Of INSERT jurisdiction , You can also propagate this permission ：
U5  You can grant this permission to U6（ That is to say U5 Issue the following statement ）
  GRANT INSERT
  ON  SC
  TO U6
  WITH GRANT OPTION;

REVOKE( Recycling )

REVOKE The general format of the statement is ：
    REVOKE < jurisdiction >[,< jurisdiction >]... 
    [ON < object type > < Object name >]
    FROM < user >[,< user >]...[CASCADE|RESTRICT];

REVOKE Sentence function ：

        Withdraw the specified permission on the specified object from the specified user

CASCADE: Combined recovery

   example    Put the user U4 The authority to modify the student number is withdrawn 
		REVOKE UPDATE(Sno)
		ON TABLE Student 
		FROM U4; Or for  PUBLIC 
    example     Put the user U5 Yes SC Tabular INSERT Withdrawal of authority 
	REVOKE INSERT 
	ON TABLE SC 
	FROM U5 CASCADE;// Directly or indirectly from U5 Got insert Permissions will also be recycled 
     notes ： Different systems , The default recycling is different , Some default to CASCADE, Some for RESTRICT

7、 Forced access control （MAC） Method

        stay MAC in ,DBMS All entities managed are divided into subject and object .
        Subject is the activity entity in the system , Both include DBMS The actual users managed , It also includes processes that represent users .
        An object is a passive entity in a system , Is manipulated by the subject , Including documents 、 Base watch 、 Indexes 、 View and so on .
        For subject and object ,DBMS For each of them （ value ） Assign a sensitivity marker （Label）.
        Sensitivity markers are divided into several levels , Usually it is ： Top secret (Top Secret)、 confidential (Secret)、 trusted (Confidential)、 Open (Public) etc. .
        The sensitivity flag of the principal is called the license level , The sensitivity marker of an object is called the secret level .
        When a user （ Or a subject ） To mark label When registering with the system , The system requires that his access to any object must follow the following rules ：
       (1) Only if the subject's license level is greater than or equal to the object's secret level , The subject can read the corresponding object ;
        (2) Only if the license level of the subject is equal to the secret level of the object , The subject can write the corresponding object .