Thread: implement BLP model on Postgresql db
| Dear Sirs, I have a undergraduate thesis with the title " implementing a discretionary access control model " on Postgresql based on The Bell- La Padula Model (BLP). Please let me know how I could start working on my thesis. I mean, which materials or documents would be useful. Regards, Sara |
I mean that what should I do? For implement BLP model on postgresql? Sara --- On Sat, 11/20/10, robin <robin@edesix.com> wrote:
|
| yes I know the method for implement, but I do not know where I should implement necessary changes .... I know that I should add a additional column in my data base tables that show the level of access of each row. these level types is finite. and by the way I should add to a sql command which user issues, the condition that it checks whether he / she can access / gain the row he/ she want or not. But I don't know these two steps how and where I should implement. Regards, --- On Sun, 11/21/10, Cliff Pratt <enkiduonthenet@gmail.com> wrote:
|
On Nov 21, 2010, at 1:41 AM, Pourghorban.S wrote: > yes I know the method for implement, but I do not know where I should implement necessary changes .... > I know that I should add a additional column in my data base tables that show the level of access of each row. > these level types is finite. > and by the way I should add to a sql command which user issues, the condition that it checks whether he / she can access/ gain the row he/ she want or not. > But I don't know these two steps how and where I should implement. Now at least you're giving us questions of "how do I do this in a database", rather than asking about how to write a thesison a subject very few (if any) of us know about. That's progress ;-) So you want to add a column to a table: <http://www.postgresql.org/docs/9.0/static/sql-altertable.html> You might want to create an enum type for the access level and use that as the column type: <http://www.postgresql.org/docs/9.0/static/sql-createtype.html> How the command should work is rather vague, you might want to create a stored function to evaluate access: <http://www.postgresql.org/docs/9.0/static/sql-createfunction.html> <http://www.postgresql.org/docs/9.0/static/plpgsql.html> But that would depend on some enforcement in an application or middleware. A function that just checks access is not enough,you have to enforce it. And that is a more substantial project. You might be able to use rules. You might want touse view whose statements use current_user(). <http://www.postgresql.org/docs/9.0/static/sql-createrule.html> <http://www.postgresql.org/docs/9.0/static/sql-createview.html> <http://www.postgresql.org/docs/9.0/static/functions-info.html> If you have a lot of pre-existing tables to which the access info must be added, you might want to use dynamic sql to automateadding that column. But, given that "I should add a additional column in my data base tables that show the level of access of each row" seemedto be giving you trouble, you might want to first read an introductory book on SQL. -- Scott Ribe scott_ribe@elevated-dev.com http://www.elevated-dev.com/ (303) 722-0567 voice
"Pourghorban.S" wrote: > I know that I should add a additional column in my data base tables > that show the level of access of each row. these level types is > finite. You need to spend some time with the documentation: http://www.postgresql.org/docs/current/interactive/index.html You might want to pay particular attention to table inheritance and the roles system available in PostgreSQL. If each security level inherits from the next level up, you might be able to grant permissions to appropriate roles at each level to achieve what you need. -Kevin
Dear Scott, Thank you very much for your answer. But my supervisor told me that I should add an extra column for all rows in my tables that show the level of access of each row, when a user gives a query. Before I saw this link : http://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-mls-ov.html yes the important is, what considerations should I attention and which capabilities. And I know abstractly about BLP model, SQL, and Database. Sara --- On Sun, 11/21/10, Scott Ribe <scott_ribe@elevated-dev.com> wrote:
|
On 11/21/10, Pourghorban.S <aras_h1988@yahoo.com> wrote: If your looking to add fine grained access control that is enforcable at the DB level, I'd look into the following project: http://wiki.postgresql.org/wiki/SEPostgreSQL (I don't that this project is ready for production use however.) Also this links might be useful: http://it.toolbox.com/blogs/database-soup/thinking-about-row-level-security-part-1-30732 http://it.toolbox.com/blogs/database-soup/thinking-about-row-level-security-part-2-30757 http://pgexperts.com/document.html?id=39 http://momjian.us/main/writings/pgsql/securing.pdf -- Regards, Richard Broersma Jr. Visit the Los Angeles PostgreSQL Users Group (LAPUG) http://pugs.postgresql.org/lapug
On Sat, 20 Nov 2010 08:14:58 -0800 (PST), "Pourghorban.S" <aras_h1988@yahoo.com> wrote: > Dear Sirs, > > > I have a undergraduate thesis with the title " implementing a > discretionary access control model " on Postgresql based on The Bell- > La Padula Model (BLP). > > Please let me know how I could start working on my thesis. > One would hope _you_ would know that ... else why are you doing it. <sigh> All the documentation will be on the main postgres site, as is the source code: http://lmgtfy.com/?q=postgres+documentation http://lmgtfy.com/?q=postgres+source+code Hope this helps ... Robin