Thread: implement BLP model on Postgresql db

implement BLP model on Postgresql db

From
"Pourghorban.S"
Date:
Dear Sirs,
 
     I have a undergraduate thesis with the title " implementing a discretionary access control model "  on Postgresql based on The Bell- La Padula Model (BLP).

    Please let me know how I could start working on my thesis.
    
    I mean, which materials or documents would be useful.
   

Regards,

Sara

    

Re: implement BLP model on Postgresql db

From
"Pourghorban.S"
Date:

I mean that what should I do?
For implement BLP model on postgresql?
Sara

--- On Sat, 11/20/10, robin <robin@edesix.com> wrote:

From: robin <robin@edesix.com>
Subject: Re: [ADMIN] implement BLP model on Postgresql db
To: "Pourghorban.S" <aras_h1988@yahoo.com>
Cc: pgsql-admin@postgresql.org
Date: Saturday, November 20, 2010, 9:41 PM

On Sat, 20 Nov 2010 08:14:58 -0800 (PST), "Pourghorban.S"
<aras_h1988@yahoo.com> wrote:
> Dear Sirs,
>  
>     
>  I have a undergraduate thesis with the title " implementing a
> discretionary access control model "  on Postgresql based on The Bell-
> La Padula Model (BLP).
>
>     Please let me know how I could start working on my thesis.
>     
One would hope _you_ would know that ... else why are you doing it.
<sigh>

All the documentation will be on the main postgres site, as is the source
code:

http://lmgtfy.com/?q=postgres+documentation

http://lmgtfy.com/?q=postgres+source+code

Hope this helps ...

Robin


Re: implement BLP model on Postgresql db

From
"Pourghorban.S"
Date:
yes I know the method for implement, but I do  not know where I should implement necessary changes ....
I know that I should add a additional column in my data base tables that show the level of access of each row.
these level types is finite.
and by the way I should add to a sql command which user issues, the condition that it checks whether he / she can access / gain the row he/ she want or not.
But I don't know these two steps how and where I should implement.

Regards,

 

--- On Sun, 11/21/10, Cliff Pratt <enkiduonthenet@gmail.com> wrote:

From: Cliff Pratt <enkiduonthenet@gmail.com>
Subject: Re: [ADMIN] implement BLP model on Postgresql db
To: "Pourghorban.S" <aras_h1988@yahoo.com>
Date: Sunday, November 21, 2010, 2:07 AM

On Sun, Nov 21, 2010 at 5:14 AM, Pourghorban.S <aras_h1988@yahoo.com> wrote:
>
> Dear Sirs,
>
>      I have a undergraduate thesis with the title " implementing a
> discretionary access control model "  on Postgresql based on
> The Bell- La Padula Model (BLP).
>
>     Please let me know how I could start working on my thesis.
>
>     I mean, which materials or documents would be useful.
>
Have you research the BLP model? That's what I would do first. Google it.

However even before that you should discuss this with your supervisor,
who no doubt has something in mind and can and should give you
references to follow.

Cheers,

Cliff

Re: implement BLP model on Postgresql db

From
Scott Ribe
Date:
On Nov 21, 2010, at 1:41 AM, Pourghorban.S wrote:

> yes I know the method for implement, but I do  not know where I should implement necessary changes ....
> I know that I should add a additional column in my data base tables that show the level of access of each row.
> these level types is finite.
> and by the way I should add to a sql command which user issues, the condition that it checks whether he / she can
access/ gain the row he/ she want or not.  
> But I don't know these two steps how and where I should implement.

Now at least you're giving us questions of "how do I do this in a database", rather than asking about how to write a
thesison a subject very few (if any) of us know about. That's progress ;-) 

So you want to add a column to a table:

<http://www.postgresql.org/docs/9.0/static/sql-altertable.html>

You might want to create an enum type for the access level and use that as the column type:

<http://www.postgresql.org/docs/9.0/static/sql-createtype.html>

How the command should work is rather vague, you might want to create a stored function to evaluate access:

<http://www.postgresql.org/docs/9.0/static/sql-createfunction.html>
<http://www.postgresql.org/docs/9.0/static/plpgsql.html>

But that would depend on some enforcement in an application or middleware. A function that just checks access is not
enough,you have to enforce it. And that is a more substantial project. You might be able to use rules. You might want
touse view whose statements use current_user(). 

<http://www.postgresql.org/docs/9.0/static/sql-createrule.html>
<http://www.postgresql.org/docs/9.0/static/sql-createview.html>
<http://www.postgresql.org/docs/9.0/static/functions-info.html>

If you have a lot of pre-existing tables to which the access info must be added, you might want to use dynamic sql to
automateadding that column. 

But, given that "I should add a additional column in my data base tables that show the level of access of each row"
seemedto be giving you trouble, you might want to first read an introductory book on SQL. 

--
Scott Ribe
scott_ribe@elevated-dev.com
http://www.elevated-dev.com/
(303) 722-0567 voice





Re: implement BLP model on Postgresql db

From
"Kevin Grittner"
Date:
"Pourghorban.S"  wrote:

> I know that I should add a additional column in my data base tables
> that show the level of access of each row.  these level types is
> finite.

You need to spend some time with the documentation:

http://www.postgresql.org/docs/current/interactive/index.html

You might want to pay particular attention to table inheritance and
the roles system available in PostgreSQL.  If each security level
inherits from the next level up, you might be able to grant
permissions to appropriate roles at each level to achieve what you
need.

-Kevin

Re: implement BLP model on Postgresql db

From
"Pourghorban.S"
Date:

Dear Scott,
Thank you very much for your answer. But my supervisor told me that I should add an extra column for all rows in my tables that show the level of access of each row, when a user gives a query.
Before I saw this link :
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-mls-ov.html

yes the important is, what considerations should I attention and which capabilities.



And I know abstractly about BLP model, SQL, and Database.



Sara


--- On Sun, 11/21/10, Scott Ribe <scott_ribe@elevated-dev.com> wrote:

From: Scott Ribe <scott_ribe@elevated-dev.com>
Subject: Re: [ADMIN] implement BLP model on Postgresql db
To: "Pourghorban.S" <aras_h1988@yahoo.com>
Cc: "admin" <pgsql-admin@postgresql.org>
Date: Sunday, November 21, 2010, 7:06 PM

On Nov 21, 2010, at 1:41 AM, Pourghorban.S wrote:

> yes I know the method for implement, but I do  not know where I should implement necessary changes ....
> I know that I should add a additional column in my data base tables that show the level of access of each row.
> these level types is finite.
> and by the way I should add to a sql command which user issues, the condition that it checks whether he / she can access / gain the row he/ she want or not.
> But I don't know these two steps how and where I should implement.

Now at least you're giving us questions of "how do I do this in a database", rather than asking about how to write a thesis on a subject very few (if any) of us know about. That's progress ;-)

So you want to add a column to a table:

<http://www.postgresql.org/docs/9.0/static/sql-altertable.html>

You might want to create an enum type for the access level and use that as the column type:

<http://www.postgresql.org/docs/9.0/static/sql-createtype.html>

How the command should work is rather vague, you might want to create a stored function to evaluate access:

<http://www.postgresql.org/docs/9.0/static/sql-createfunction.html>
<http://www.postgresql.org/docs/9.0/static/plpgsql.html>

But that would depend on some enforcement in an application or middleware. A function that just checks access is not enough, you have to enforce it. And that is a more substantial project. You might be able to use rules. You might want to use view whose statements use current_user().

<http://www.postgresql.org/docs/9.0/static/sql-createrule.html>
<http://www.postgresql.org/docs/9.0/static/sql-createview.html>
<http://www.postgresql.org/docs/9.0/static/functions-info.html>

If you have a lot of pre-existing tables to which the access info must be added, you might want to use dynamic sql to automate adding that column.

But, given that "I should add a additional column in my data base tables that show the level of access of each row" seemed to be giving you trouble, you might want to first read an introductory book on SQL.

--
Scott Ribe
scott_ribe@elevated-dev.com
http://www.elevated-dev.com/
(303) 722-0567 voice





--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: implement BLP model on Postgresql db

From
Richard Broersma
Date:
On 11/21/10, Pourghorban.S <aras_h1988@yahoo.com> wrote:

If your looking to add fine grained access control that is enforcable
at the DB level, I'd look into the following project:

http://wiki.postgresql.org/wiki/SEPostgreSQL

(I don't that this project is ready for production use however.)

Also this links might be useful:
http://it.toolbox.com/blogs/database-soup/thinking-about-row-level-security-part-1-30732
http://it.toolbox.com/blogs/database-soup/thinking-about-row-level-security-part-2-30757
http://pgexperts.com/document.html?id=39
http://momjian.us/main/writings/pgsql/securing.pdf



--
Regards,
Richard Broersma Jr.

Visit the Los Angeles PostgreSQL Users Group (LAPUG)
http://pugs.postgresql.org/lapug

Re: implement BLP model on Postgresql db

From
robin
Date:
On Sat, 20 Nov 2010 08:14:58 -0800 (PST), "Pourghorban.S"
<aras_h1988@yahoo.com> wrote:
> Dear Sirs,
>  
>     
>  I have a undergraduate thesis with the title " implementing a
> discretionary access control model "  on Postgresql based on The Bell-
> La Padula Model (BLP).
>
>     Please let me know how I could start working on my thesis.
>     
One would hope _you_ would know that ... else why are you doing it.
<sigh>

All the documentation will be on the main postgres site, as is the source
code:

http://lmgtfy.com/?q=postgres+documentation

http://lmgtfy.com/?q=postgres+source+code

Hope this helps ...

Robin