The Apall Lively Sslomient p on) Keerthivartha, Nam © Databaa Securvity ek R2BNC lor o¢Explore bell ard Lapadutals model and Sea Neus model , THAS model war Snverted by Sdenttit Dad efitot Bell and Leonard “J: Lapaduta Thus th mod % calted H. bell Capadata model. Thi Se ured te mabitady Re” Cofitentiality of Seat *Bell —Lapadule model ty ore of the mart: tafluesthal Mrandcitiny accem coitiol model} ckeveloped tn 42, (70s Broeng contidentalrty ym ps Secantty , espectally s put and government sptems, Dt dedoned t Prevent unautRovied dticlasure of “Snfornaittany. Key Objectres: | 5 Primary Goal :Menstan data Comtidenttabsty +focures on how Subjects (ares /precened) 0. objects (Files Jats) Uses a Beer clan featten Sytem Wee: silop Seeret 7 Secret reonfidertial > unclawtdye f , Seeustty : Security levels such ar “tap Secret vtal, for, coem “control bared on “Re subbecty d Object clarification level | ———Semple Se ; 3.8 P ar property , oA Subject Can only read! objects at © below sts cleavance level. \ Gs Stay property : +A subject ton only esatne aes at (ox) above Yt, Cleavance level. a How tb works > Sxample | : #A Subject har a confiderttad clearance ; ‘ s Am object clawitked a Senet . a Accem type | Allowed? tthy 2 5 Read No WVrolatin aimple security & property x write | yen [atte op the clacument — | op 1 at the Same xy < a ee, | tite te 2 4p unclotrfred No Wolater — Property Ss No “a “a up Ree ets top “ Usey__y eA 4 Usey __» = ae i ae thon ster Confteen tla lity wa ee (Ecees 3 wiht) oe—————— ee - —ttt—“i‘_ Bell- Lapa Stenple confidentta lity ml | {ater that the Subject le Srmple confidential by rule tates + Subje mead the Hles on the Same hae of Secreny but not the upper ee iisbshos mol 3 vules ' Can oly & the Lower legen of. Secreta ed keortey dus te wohteh wwe call ts sule 24 No Read-up. STAR content sule $ a eager vale state, thet the Subgect Peep te Bl he ane ge of eng Re upper layer of Seercey but mothe lower layer Of Secrecy, duc to cabtch we call thy rule 94 No wt, - Down, ars Stew Conbichentsaldty he. FR Strong Stav Confiderbality iets baghty Aap: “tesa woh ch shite, “Rat Subject. Can react $ x ca layer of Seocey only § not the 4pper loger of cei Co) the lower lary of Seeveey due te which we Call Ris vule ar No read wat SP hoon Sex Bew model! Sea New Seewtly model 3 an advan henfve multi lee! eu model developed yy the7 7 tate Un6or & eavly [9908 a9 part of The Statens project , funded by the Urs:cdepartment of defem, d fs © DL wor one of the fst practical attempts te Ymplement Woe relational Hatabare Syilem that entoveer bath dontidenitrality Gnte gn ty , neorparating lemons from earler moder Mee bell Lapaclula , Loba & clare - Wilson , OverWew * Aspect Deserrption ‘ ioe Goal Te Ald a-twited veletone! diem (em thot handler multilevel seaoity udth bots Sategaty % Confidentiality. Development | By seurs Compdthy coxperaction (sse) under U's: BOD a Baredon Trtegration af bell ~lapaduta % Lba models DeSigned te meet trusted Com putter Sgitimn Target level evaluction cAteta (Tesec) level Al Re haghest level. Fey Acaturer 4 Je Malt) level feeuotly : th, Sulgect Zobjers are ountgnedt ceoastty lalel,: Poly ngtanttation : sple vertows of the Same data Hem t Altos emul Bat ot Ay ferent Security levels, + Pyeventa gad erence attacks. a Pudrt § A ceourta bh (ty . extemive auditing mechasam te track all sccew § changes salitfyrng Alelevel TesFe requrement . LTwuted Path f Trusted Computing bared tneluded t eraure hagh omprance 4s Labeltrag 5 Be) el ewan ered AM quieter % tramacdtion, must prevene” peal Comtredint, Architecture| €xplatn trusted Com putter Seiler & etm oy preteetton 4m seouly mechantins « seurted Computer Syitem 4 Compiiter System $n tthe Co Svonmett thet sastes, fe ee A Twote wife te & dechalbase’ eh Secure weobert Seurnty policrer & # t endor cer Semd4ive Ynformnation seannty Renna Trusted data bane “PY STunteel etetetbenyen management syitin 3m one thot nent SR different security clearane ji policies gach on MAC, DAC) Req & multt level even Sr mul * Handles enuilttpl Pent e yeaa conte * Prevents wn forence , covert channel leaks, Funorowred accu . « Sappov ounditine accountability & data Labeling a + Ds past oh x tym ee evalaoted under Teshe Key components of % “TCS tm DR cea + Component Function ny oldtabare seuntly Seoity Kernel [mediates all cam ble subjesh s ofject Mac label data greta oceun bared on clearance levels . pac Allows ownen Le Jort devtuet acun ting roechertin | loge uae action {cate accen fry accourttaly ity. 4or te clawthed reports? | Only seen unclam ed jer Wews Secret data & logs Bay onndl ell ¢ edt) vecorts Re DBMS mut eniree Secutty polides autematienlly | ro that : : No confidential Wer can Sent secret ctatta. No tap secvct user wrttin te a confydenttal table Dnplementartion §n real syiteren | Trusted DEMS Implementations Include : | Sea View Multer RrBMs extentoa Oracle label Secuntty | DESO caine Rpertares @! Hh Se line | Ei enon pritectten + | Memon pritictien 1 = evudal seaumty mechanim that | Prevests unautRotied accem te ~ Syttenle memon, space, hel prng Safeguard data tenet , Coniclenth tty e Gyitim stabs ty. Wy £ emurer that one procen cannot Vitexferd wht memory Space of ancther.Paging Vaytual memo \olation |-Addvew Space lasoust Random. Gad pages/ Stack Conevies Use cre. mote Drader memory Inte amen, oa accem “Aght. “Aap Breaks memory ita Pages» Nach ical pa a cee Each proce operater my 4 od ‘Wrtue| memos {pace Randowiser freon locations 5 explost predverta ba lity. ey Prevents atick bared buffer 9 es attacks. tet Scenero multiple DB BY altRout ieaeeal Protec tn sy eevGVucseaeS ee mhasi One rer reads others |Holatel Wrtual men, tne exeatin data m memory Pe accem Contr) } ruts Buffer overd lou] Overwriter contr! | stack Coramen § ei wey flow { Lound oh | DB proces leaks data to 02 — || Segmentation fault erorh 6 oty pps [ered safe cherteloun Benefits + * Prevents mony leaks § pAvilese eucalctien» Protect agaimt buffer overflows % code ngeetron , Ensures Stalde § predictable exeeuition tn multl- urer databere. Mlurtrate derrgn Secantly Packaren & dita bare feeutty Aerdgn. “A seasty ‘cane veres ayeup. of Koved procedures , Finetions EAI IE OY Levincen Rat enforce austhertheation, accen control, en eyption , ovsdl ting G threat detection, ty the DAMS > Major Seeusity Packager % they Pintonal modules actage name| Fanétionatity Key moclules [procedures BPS | ACHiG ier | Management meen — PE Aceon aap) os, pPamword flash , eTP, togout: RGAC, pewfitlon check, PA lege Brant. Data ene wuBtion nc + Inet crenpt Decrypt 5 appt date, maabng. dae ee ke ‘ a aty da 5 § vent tog arn ts a b Ji”y, J Mewer: PatwAon detection ¢] Quen morhtor'n, _ [Atwuen 4 Wnfecton $4) Infection check| as ’ package : ; panword tncwyption § SemonMan Procedures 3 Ws Fanetion validate —urer Cp -Hername Varchar gy Pe Ppamword VARCHAR 2) Retim Boot Enny x RB Ranation nash = pamword CP-Pesndere VARCH ag a Retin VARCHAR 9’) 3+ PRo cours pe Oe dreuee & Accom contre! package: Goal? * Tnplement mole bared accom contre! eae) fehl Paulege validation. Madn prececlures ! ~\d Nomser ) I Procestune antgn -vole (purer td Number DP Ye vag > fanction cheat aceon Cp~urertol NUMBER p. a ’ Nag ron VaecHae a, p-obfect varchan 2) Retawn elie, ol n 3° Procedure co Pernititton Cp vole varctinn Rp 1 Poactia, Varta, p—object vaechan $): oa Pye graphy Package. | eal : Emu date Confidertality via encryption /manting. i ; ; mencipt data (p-plam tet Vaachar a) pevuen VARCHA Bsn. deeyot date (p— ~ency tad tert VAR cting 3) RETURN VAECIAR 2) spate) ae ——PRoceduRe astale ~enewpflion «key c) ) Pudlt troll package: geal tog otal actuttien for acca & compliance Pvacedurer ! IsPrecedave log -evert Cp VARCHAR §, wd 8: Function View — ser Sd Numper ) P-action ect ViechnR ppathme ttamp) 5 Ch-urer-Ad NuMBER, p~start date eM AS. date DATE) Reta s Durbudtion Detection package: Hloal : Detect threat Such ay Qu acceém , Procedturen } M Eanction detect ~ Se Sper a ~REFuRSOR fs jection Funcuthostrec n(P—tHery vancune s) Return, boolean +a Databare Seamsty dedgn i . bongn databare seowtty davelver pretectty a datatare fom yaternal and external threat, hl ernadny atta Conftderthality Weg ity Favela G oa Comprehensive data bare secuty dergn Yneludey coultple lagen ier Rea Stim dtabayg g applreation level. trobjedtre of databan ceoutty desgn Objertve Derorption : Combdend aby prevent unauitRovied accem te bts, Prteqaty rauve eae ly of dette, a Guure dette 1 aceeble whey needed & ue ee ANY irc 4 0 f 5 eae log § trace, adtion tors pedlhe Cn crte ‘ Bees & legal purpoter. Veciire Dettabare manasement layer Dprrsting tythem § netuort byer|. Ke Components of Actabare seearhty layer deagn. A Aucthestrertion & Auctton cation Use ca authentheatten ) Dmplemest vole-Lard accen control *Roler: DBA Read onl, qr tralnt, Applies + PexrrSaions amd rnment per vole not mdvrdual: urer{ B-Accem Corte! mechattim e Dac: Object Ownev auhans Mghts » Mac Syiten, Ne aceon label ABAC tunes wer | comextual att but > Pate en cvypition wat Rests + Gocypt Tran, Parent data en ey Pten Gr e), en oyples table Spaces. | ; Mr Specie. ceutttie columns tg ¢ mon\town ot i 1 = qrowed aidtting for sentitre tables : vee ll ~ Fes sl YnJection & thw eat preveation | Sse parameter Yaeter 6 Stored procedure, oWnpat valrdattion at applicttion level, PMc Va application Arewalls te datect or attem phy F. Backup G olisanter recover seeustty * Backups murt be . Exenypted * Storecl Stoavely * Ceample cattabane Seat’ pobere, Poltes Type Cram ple ule Pamuord tae midimum 12 chavattir, expe every qo Accom time pol Bas Ben only allowed Prom 9AM ~ 6PM Date vetartion | pebtm daletel rer diate for sodas, Policy Ren purge . beady pobey tog al) DBL charges for auditing Rasa level Cillows wer te drew only vecords ici MME oh. wer3 = gemnen 44,i iS S Took & “Kehnotontes Eee Teel 8 featane) ern atte | Sea Pracle label ioe Crflorces MAC Pita SOL Rte | Pyeges | caony marty Hoh) Corp Vat ey management for DB encryption trrtare ca 7 eet encnyftion iT AWS EMS Biesanement . 4 Dowdbe cteitrttal contests tn ohitttel detibes. Protection § types of attacks Statistical \ ditabare Seeuntly tmvolves wang ect analints techmbgne bt ; «Detect cromatre, & Snatrdtons . e monttoy Urey behatour | t Prevent bflerence attack, 14 thabette! dette Lay “ Optate accem Conte! § aauditnng poltcher: DE Combines tradd-tonal tatirticn! ult fecal cties hee Conf det tt ty, Dstheall abt eclosare corti! C spc): A Sem\tie Wfrmate, my ohilteteal Aitbharesi = s Prevent ference attacks where unrevs Aedaice Pek data ¢irom age gate. techmanver 3 ) o Notte add) thoy . Query Suppremdon . Fuey east, * Dif feeatial “patra: Rs Aroma detertion ay Statity, Wed my Antwiton detection Steen Setar behavoay profile Mean median ‘ Prequeney of alee : 1 Orie de teeter tee on Standard denmtron (4) WON nses ‘i assur i frle. Ht fame ennMiibel eg bi Warr, 3 Probe by ot BARR omemmest ° Prebalstyty of atttack Spe PAE au. of data emote * RES probably % Impact Ys Hypo thers, *tectny wh seuisty content : * Nault Kypothents HOH Ol user behastour % normal, Alternathyre hypothers HH VY Sopedoun behatoar | ehit.oa wed Yr) beharouy analy they User 4 + Automated feouhty decd ton systems © Pesrenton & Claw Heaibion : * Unear i logith, ~egrerton t predict Mk Scovey @) breach probally + Dediton tyes | Ranclom fovert \ at, fenton ar beatin @) mabdour, “Type of attacks VS OU Wjection Crour) Type? Code tnfection Goal? Gam unasthotied acetm rrandpulate dats Gry ’ exeeite arbitavy S$QL Commands , Ewample on’ pats aatto Ped accom ts ceafittee dit. authen Hatten , qieres [prepared gteotemersty ation & ca n\t}atin, ation firewalls.lids Males exealation Type: Nei cnay, contro! attack: Goal’ Gary higher Plage than awitannent Methods : | 7 * Explaiting mh. con figa vations, SOL oa oy) Syiten flows . Prevention aa , “Prbrdple of teat Prinlag. * Role bared’ aerey conto! + Regular Parle. audit. SP Ds Becces. attack : ’ | ips : Stabiticel attack” i Goal? : i Dediace cenStve Infornition fom "I .. Ipyte L2H mul a Query vesttetion Weatane | ee th Hyation lo) Exetevng| attacka KA ortsed yooh Rn 1 reading cn transfer of. data patie the Syitem, peition jptalel preverten oo acer gga % mont tain stn encryption, | a!) ye ‘Arvada Attack foal: Dvetload the detabare usth neqneiti na tng 3t naval lable ation | A Rate Unbtingy 2 QULY ‘thro tia tload balandng & vereurce cotton & Man my Re ~ mi dd, (myst m) Ypet Networé Carey dreppng oul i Datercest data bo chert and databare ,HH Metadata Cxploitation Type Drformatien DY closure Goal Gather Scheme aetallr “G prepare further attack, Prevention 0 thde Syitem eae eS + Diable Mnmecemary metadata accew & Buffy Over low “Type eae: i eeen | ement eetelt Goal! Create ob bane code by overenitin Pinot my PBMS procemen.. Prevention 3 * Trput bands checker © Steme ea Practices ty Dante * Patch vulreraby ler, TV Dudden Attacks ’ Piicac A attac te vred Werk pales thedy accen wy Ber cccto, of chicths. eA gate of employ ey action.