You are hereApplication User Mechansim Overview / Trusted RUBIX Solution

Trusted RUBIX Solution


This sections demonstrates how the Trusted RUBIX mandatory security policy on the users of the middleware application prevents a URL modification attack.

The figure below shows the architecture of the Trusted RUBIX solution. It shows a simplified Internet banking application with four users. Each user is color coded to represent the permissions it should have with respect to the application. The middleware application itself is colored blue to show the permissions of the RDBMS User (BigBankAdmin) executing the application.

Below the middleware application is the Trusted RUBIX RDBMS. Note that all rows in the Accounts table are color coded according to its corresponding Application User. The color shows the permissions needed to access each row. In this architecture the RDBMS User of the application may only access a row in the Accounts table if the corresponding Application User is authenticated.

In this figure, a URL modification attack is shown. The Application User Nancy (account #2) has modified her URL to read the account balance for the account owned by Bob (account #1). This was accomplished by modifying Nancy’s URL from

https://BigBank.com/index.php?acount=2

to

https://BigBank.com/index.php?acount=1

When this operation arrives at the middleware application, the program mistakenly does not verify the requested account number (#1) with the Application User requesting it (Nancy). It constructs the SQL command

select Balance from Accounts where Account#=1

and submits it to the RDBMS. Because the ABAC security requirements to access the row for account #1 are for the RDBMS User BigBankAdmin (blue) and Bob (yellow) to be authenticated, the SQL operation fails and the hackers attempts are thwarted.