Orion a model for authorizaton
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

Orion - A model for authorizaton PowerPoint PPT Presentation


  • 56 Views
  • Uploaded on
  • Presentation posted in: General

Orion - A model for authorizaton. By Gigi Shum and Chi-Fung Wong. Introduction. Database security Protect data in the Database Do so by restricting/determining access Most models on authorizations thus far have been on relational databases.

Download Presentation

Orion - A model for authorizaton

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Orion a model for authorizaton

Orion - A model for authorizaton

By Gigi Shum and Chi-Fung Wong


Introduction

Introduction

  • Database security

    • Protect data in the Database

    • Do so by restricting/determining access

  • Most models on authorizations thus far have been on relational databases


Orion a model for authorizaton

  • Object oriented features not found in relational database require new security mechanisms to provide access to objects in a database.

  • Object Oriented database features such as class inheritance, composite classes need additional rules to govern access


Overview

Overview

  • Establishes a set of relationships between objects, the user, and the authorization modes for the object

  • Defines rules which are used to define implicit authorizations based on explicit authorizations

  • Proposes authorization methods for object oriented features such as inheritance and complex objects.


Overview cont

Overview cont..

  • Supports the following authorization types

    • Positive

    • Negative

    • Strong

    • Weak

    • Explicit

    • Implicit

  • Expands the definition and utilizes implicit authorizations

  • Outlines the calculation of implicit authorizations


Authorization types

Authorization Types

  • Positive authorization

    • ‘Yes’

  • Negative authorization

    • ‘No’

  • Explicit

    • Specifically saying if you have access

  • Implicit

    • Implying you have access

  • Strong

    • Authorization that can’t be overridden

  • Weak

    • Authorization than CAN be overridden


Weak and strong access bases

Weak and Strong Access Bases

  • This model defines two access bases

    • Weak

    • Strong

  • Both access bases include positive and negative rights

  • Weak authorization can be overridden allowing exceptions to be made in implicit authorization


Basics

Basics…

  • Authorizations are determined by three items

    • Subject (who)

    • Authorization Object (desired access)

    • Access privileges (r, w, rd, c)


Implicit authorization

Implicit Authorization

  • The core of this model

  • Authorization of a user for access of an object in the database implies it has other authorizations

  • Saves space

    • Don’t need to store all the explicit authorizations

    • Just calculate the implicit authorizations based on the minimally stored explicit authorizations


Implicit authorization cont

Implicit Authorization cont…

  • There is overhead in calculating implicit authorizations

    • May not be ‘cost effective’ if there is no need to define many authorizations on an individual object

    • In relational db, access is usually made on a relation (table) and not on a specific tuple (row in the table)

      • Therefore defining authorizations (explict or implict )for individual tuples is not very strong


Implicit authorizations cont

Implicit authorizations cont…

  • In this model, there are implicit authorizations for subjects, objects and privileges

  • The number of objects in a database can be very large, so saving space by using implicit authorizations makes sense


How to calculate implicit authorizatons

How to calculate implicit authorizatons?


Basics cont

Basics cont……

  • Explicit authorizations may imply authorizations along any combination of the 3 items previously listed

    • A group of users has write/update access on a set of objects

      • E.g. Group of users = the people who work at admissions and records on campus

      • Set of objects = student/faculty records

      • Implies one member from the group of users has update access on any one of the objects in the set

      • Also implies that any one user also has read access to an object in the set


Basics still cont

Basics still cont…

  • Hierarchies

    • The authorization triplet is organized into hierarchies

    • Role hierarchy

      e.g.

      Government leaders

      .

      .(other leaders)

      .

      .Average citizen


Basics keep going

Basics – keep going…

  • Role Hierarchies

    • Implies if Average Joe has access, President Bush will have access

    • Implies if President Bush doesn’t have access, Average Joe doesn’t have access

    • However, just because President Bush has access, doesn’t mean Average Joe will have access


Basics and going

Basics - ..and going

  • Access Privileges Hierarchy

    W>R, W>C, R>RD, C>RD

    W>RD


Orion a model for authorizaton

  • Authorization Object Schema (AOS)

    • Entities are also grouped into a hierarchal structure

    • Each is an authorization object type


Orion a model for authorizaton

  • Authorization Object Lattice (AOL)

    • A virtual structure derived from the AOS

    • Used to compute implicit authorizations

    • Each node belongs to one authorization type

    • Implication links to the set of authorization object at the next lower level (e.g. setof-instances) or only one implication link to the next lower level (e.g class)


Orion a model for authorizaton

  • Authorization Object Lattice (AOL) cont…

    • Implication links to the set of authorization object at the next lower level (e.g. setof-instances – links to all instance authorization objects of the class)

    • Or only one implication link to the next lower level (e.g class – links to only one setof-instances authorization object)


Orion a model for authorizaton

  • Authorization Association Matrix (AAM)

    • Note how authorization types propagate through the AOL

    • A.down

      • E.g. W&R access on an object high in the hierarchy implies you have W & R access on the set of authorization objects at the next lower level

    • A.up

      • E.g. RD of an instance means RD on a class, RD on a class means RD on a Database where the class resides

    • A.Nil

      • Having a create access on one thing does not imply that you have create access on anything else


Orion a model for authorizaton

  • The authorizations are specified by the users who have authorization for a given access privilege on a object. They can grant authorizations to other users. When they explicitly grant authorizations, implicit authorizations based on the implication relationships between the access privileges and the rules of propagation are automatically given.


Orion a model for authorizaton

Authorization Object Schema for an Object Oriented Database


Other implications from this model

Other implications from this model

  • A read or write privilege on a class of a inheritance implies R/W access on all the classes in the inheritance hierarchy

    • However, it does allow for the option that no authorization will be given to the subclass

      • This is to protect data in the subclass from other people that might have access to the parent class.


Other implications cont

Other implications cont…

  • Authorization on a composite class (class made up of other classes) means implicit authorization on the component classes

    • Note: this is for one instance only, not all instances of the component classes

  • Partial and total authorizations:

    • A total write access on a component of a composite class means total write access on all descendents and partial write access on all ancestors

    • A partial read access on a component of a composite class means the same privileges on the top level components


Main points of this model

Main points of this model…

  • Usage of implicit authorizations

  • Usage of explicit negative authorizations

  • Usage of weak authorizations as exceptions to the implicit authorizations

  • Extends the authorization models of today to object oriented databases

  • Lacking object and subject classification for mandatory access control.


  • Login