You are hereAttribute Based Access Control/SPM / Example: Individual Tables with IP Address White Lists

Example: Individual Tables with IP Address White Lists


This example will use the Trusted RUBIX ABAC to create a white list of IP addresses for individual tables. The white list will map a named table to a set of IP addresses from which users are allowed to access the table. Furthermore, the white list will be maintained in a special table (PolicyData table) and will be updatable using standard SQL operations. Updates to the table containing the white list (PolicyData) are restricted to an administrative user (spmadmin) from the localhost (127.0.0.1).

 

To see a detailed description of this example, please see the Trusted RUBIX Security Policy Manager Tutorial.

 

The following diagram shows the architecture of the solution. There are two distinct security behaviors. The first restricts access to the UserTab1 table only from permitted IP address as determined by the white-list contained in the PolicyData table. The second protects the security critical white-list information contained in the PolicyData table. The PolicyData table is only accessible by the spmadmin user connecting from the localhost (127.0.0.1).

 

This example demonstrates that the behavior of an ABAC policy may be dynamically configured in real time. This is accomplished by inserting, deleting, or updating rows in the PolicyData table.

 

 

The RXSML security policy code is organized into one policy (deny) and two policy sets (policy-data and ip-user-table).

 

Policy and Policy Set descriptions and code are:

(Click the links on the policy names to see the corresponding RXSML policy code.)

 

The deny Policy: Always denies the operation. Used as the "catch-all" policy within policy sets when no other policy within the policy set permits an operation.

 

The policy-data Policy Set: Because a DBMS table contains the IP address white-list information, accessing the information is restricted to a special user named spmadmin and only when he is connecting from localhost. The policy-data policy set performs this functionality. A policy is explicitly defined within the policy set (as opposed to being included) which targets users with a name of spmadmin and an IP of 127.0.0.1. When the policy target matches, all operations are permitted; otherwise, the included deny policy will deny the operation.

 

The ip-user-table Policy Set: Determines if the user's current IP address is allowed for the table being accessed. It imports rows from the PolicyData table, filtering them using the name of the table being access by the user. That is, all rows are removed where the TableName field does not equal the table being accessed by the user. It then compares the user's IP address with the resulting set of IP's contained in the IPAddress field. If the user's IP is found in the set of IPAddress fields then the operation is permitted; otherwise, the operation is denied.