Security in Information Systems: Chapter 2 - Discretionary access control

DISCRETIONARY ACCESS CONTROL Tran Thi Que Nguyet Faculty of Computer Science & Engineering HCMC University of Technology ttqnguyet@cse.hcmut.edu.vn Outline 1 Introduction to Discretionary Access Control 2 Propose Models for DAC 3 SQL for Data Control 4 DAC & Information Flow Controls Homework: Case study in SQL Server 2008 – Reading chapter 4 – Access control for Databases: Concepts and Systems. Elisa Bertino, et al. 2 Ho Chi Minh City University of Technology Faculty of Computer Science and Engineering © 2011 Information Systems Security Chapter 2: Introduction to DAC 2 Introduction to DAC  Discretionary Access Control (DAC):  User can protect what they own.  The owner is given all privileges on their own data.  The owner can define the type of access (read/write/execute/…) and grant access to others.  The typical method of enforcing DAC in a database system is based on the granting and revoking privileges 3 Ho Chi Minh City University of Technology Faculty of Computer Science and Engineering © 2011 Information Systems Security Chapter 2: Introduction to DAC 3 Introduction to DAC  Types of Discretionary Privileges:  The account/system level: The administrator specifies the particular privileges that each account holds independently of the objects in the database system.  The object level: The administrator can control the privilege to access each individual object in the database system. 4 Ho Chi Minh City University of Technology Faculty of Computer Science and Engineering © 2011 Information Systems Security Chapter 2: Introduction to DAC 4 Introduction to DAC  The account/system level privileges (example)  CREATE SCHEMA  CREATE TABLE  CREATE VIEW  ALTER  DROP  MODIFY  SELECT Ho Chi Minh City University of Technology Faculty of Computer Science and Engineering © 2011 Information Systems Security Chapter 2: Introduction to DAC 5 ... - tailieumienphi.vn