Orion a model for authorizaton
Download
1 / 25

Orion - A model for authorizaton - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

Orion - A model for authorizaton. By Gigi Shum and Chi-Fung Wong. Introduction. Database security Protect data in the Database Do so by restricting/determining access Most models on authorizations thus far have been on relational databases.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Orion - A model for authorizaton' - avalon


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Orion a model for authorizaton

Orion - A model for authorizaton

By Gigi Shum and Chi-Fung Wong


Introduction
Introduction

  • Database security

    • Protect data in the Database

    • Do so by restricting/determining access

  • Most models on authorizations thus far have been on relational databases



Overview
Overview require new security mechanisms to provide access to objects in a database.

  • Establishes a set of relationships between objects, the user, and the authorization modes for the object

  • Defines rules which are used to define implicit authorizations based on explicit authorizations

  • Proposes authorization methods for object oriented features such as inheritance and complex objects.


Overview cont
Overview cont.. require new security mechanisms to provide access to objects in a database.

  • Supports the following authorization types

    • Positive

    • Negative

    • Strong

    • Weak

    • Explicit

    • Implicit

  • Expands the definition and utilizes implicit authorizations

  • Outlines the calculation of implicit authorizations


Authorization types
Authorization Types require new security mechanisms to provide access to objects in a database.

  • Positive authorization

    • ‘Yes’

  • Negative authorization

    • ‘No’

  • Explicit

    • Specifically saying if you have access

  • Implicit

    • Implying you have access

  • Strong

    • Authorization that can’t be overridden

  • Weak

    • Authorization than CAN be overridden


Weak and strong access bases
Weak and Strong Access Bases require new security mechanisms to provide access to objects in a database.

  • This model defines two access bases

    • Weak

    • Strong

  • Both access bases include positive and negative rights

  • Weak authorization can be overridden allowing exceptions to be made in implicit authorization


Basics
Basics… require new security mechanisms to provide access to objects in a database.

  • Authorizations are determined by three items

    • Subject (who)

    • Authorization Object (desired access)

    • Access privileges (r, w, rd, c)


Implicit authorization
Implicit Authorization require new security mechanisms to provide access to objects in a database.

  • The core of this model

  • Authorization of a user for access of an object in the database implies it has other authorizations

  • Saves space

    • Don’t need to store all the explicit authorizations

    • Just calculate the implicit authorizations based on the minimally stored explicit authorizations


Implicit authorization cont
Implicit Authorization cont… require new security mechanisms to provide access to objects in a database.

  • There is overhead in calculating implicit authorizations

    • May not be ‘cost effective’ if there is no need to define many authorizations on an individual object

    • In relational db, access is usually made on a relation (table) and not on a specific tuple (row in the table)

      • Therefore defining authorizations (explict or implict )for individual tuples is not very strong


Implicit authorizations cont
Implicit authorizations cont… require new security mechanisms to provide access to objects in a database.

  • In this model, there are implicit authorizations for subjects, objects and privileges

  • The number of objects in a database can be very large, so saving space by using implicit authorizations makes sense


How to calculate implicit authorizatons
How to calculate implicit authorizatons? require new security mechanisms to provide access to objects in a database.


Basics cont
Basics cont…… require new security mechanisms to provide access to objects in a database.

  • Explicit authorizations may imply authorizations along any combination of the 3 items previously listed

    • A group of users has write/update access on a set of objects

      • E.g. Group of users = the people who work at admissions and records on campus

      • Set of objects = student/faculty records

      • Implies one member from the group of users has update access on any one of the objects in the set

      • Also implies that any one user also has read access to an object in the set


Basics still cont
Basics still cont… require new security mechanisms to provide access to objects in a database.

  • Hierarchies

    • The authorization triplet is organized into hierarchies

    • Role hierarchy

      e.g.

      Government leaders

      .

      .(other leaders)

      .

      .Average citizen


Basics keep going
Basics – keep going… require new security mechanisms to provide access to objects in a database.

  • Role Hierarchies

    • Implies if Average Joe has access, President Bush will have access

    • Implies if President Bush doesn’t have access, Average Joe doesn’t have access

    • However, just because President Bush has access, doesn’t mean Average Joe will have access


Basics and going
Basics - ..and going require new security mechanisms to provide access to objects in a database.

  • Access Privileges Hierarchy

    W>R, W>C, R>RD, C>RD

    W>RD


  • Authorization Object Schema (AOS) require new security mechanisms to provide access to objects in a database.

    • Entities are also grouped into a hierarchal structure

    • Each is an authorization object type


  • Authorization Object Lattice (AOL) require new security mechanisms to provide access to objects in a database.

    • A virtual structure derived from the AOS

    • Used to compute implicit authorizations

    • Each node belongs to one authorization type

    • Implication links to the set of authorization object at the next lower level (e.g. setof-instances) or only one implication link to the next lower level (e.g class)


  • Authorization Object Lattice (AOL) cont… require new security mechanisms to provide access to objects in a database.

    • Implication links to the set of authorization object at the next lower level (e.g. setof-instances – links to all instance authorization objects of the class)

    • Or only one implication link to the next lower level (e.g class – links to only one setof-instances authorization object)


  • Authorization Association Matrix (AAM) require new security mechanisms to provide access to objects in a database.

    • Note how authorization types propagate through the AOL

    • A.down

      • E.g. W&R access on an object high in the hierarchy implies you have W & R access on the set of authorization objects at the next lower level

    • A.up

      • E.g. RD of an instance means RD on a class, RD on a class means RD on a Database where the class resides

    • A.Nil

      • Having a create access on one thing does not imply that you have create access on anything else


  • The authorizations are specified by the users who have authorization for a given access privilege on a object. They can grant authorizations to other users. When they explicitly grant authorizations, implicit authorizations based on the implication relationships between the access privileges and the rules of propagation are automatically given.


Authorization Object Schema for an Object Oriented Database authorization for a given access privilege on a object. They can grant authorizations to other users. When they explicitly grant authorizations, implicit authorizations based on the implication relationships between the access privileges and the rules of propagation are automatically given.


Other implications from this model
Other implications from this model

  • A read or write privilege on a class of a inheritance implies R/W access on all the classes in the inheritance hierarchy

    • However, it does allow for the option that no authorization will be given to the subclass

      • This is to protect data in the subclass from other people that might have access to the parent class.


Other implications cont
Other implications cont…

  • Authorization on a composite class (class made up of other classes) means implicit authorization on the component classes

    • Note: this is for one instance only, not all instances of the component classes

  • Partial and total authorizations:

    • A total write access on a component of a composite class means total write access on all descendents and partial write access on all ancestors

    • A partial read access on a component of a composite class means the same privileges on the top level components


Main points of this model
Main points of this model…

  • Usage of implicit authorizations

  • Usage of explicit negative authorizations

  • Usage of weak authorizations as exceptions to the implicit authorizations

  • Extends the authorization models of today to object oriented databases

  • Lacking object and subject classification for mandatory access control.


ad