Submodule 2: Access Control for DBMS

Assignment 2
Mandatory Access Control

Created: February 6, 2004
Last Updated: February 10, 2004

Assignment version number: Version 0.1
Author of the Assignment: Author: Dr. Morris Liaw


Level of Difficulty: Moderate

Completion Time: 1 week

Progaramming involved: No


Objectives

In this project, students will learn more about the concepts of Bell-LaPadula model for mandatory access control, covert channels, polyinstantiation, and why mandatory access control is necessary.

Description

1. Bell-LaPadula Model is a popular Mandatory Access Contal, is described in terms of objects (e.g., tables, views. rows, columns), subjects (e.g., users, programs), security classes, and clearness. It imposes Simple Security Property and *-Property rules on all reads and writes of database objects.
2. The presence of data objects that appear to have different values with different clearances is called polyinstantiation.
3. Information can flow from higher classification level to a lower classification level through indirect means, called covert channels.

The Project

Answer the following questions:

1. Explain the intuition behind the two rules in the Bell-LaPadula model for mandatory access control.
2. Give an example of how covert channels can be used to defeat the Bell-LaPadula model.
3. Give an example of polyinstantiation.
4. Describe a scenario in which mandatory access controls prevent a breach of security that cannot be prevented through discretionary controls.
5. Describe a scenario in which discretionary access controls are required to enforce a security policy that cannot be enforced using only mandatory controls.
6. If a DBMS already supports discretionary and mandatory access controls, is there a need for encryption?

Resources

Books
Articles
Links

Glossary

Security classes
Clearances
Simple Security Property
*-Property
Multilevel table
Trojan horse