You are hereApplication User Mechansim Overview / Threats Mitigated by Application Users and ABAC

Threats Mitigated by Application Users and ABAC


The Trusted RUBIX Application User mechanism in conjunction with the Attribute Based Access Control/SPM (ABAC) security enforcement mitigate several common security threats to data driven applications.

Threats fall into two broad categories: malicious user input to the RDBMS application and controlling the programming logic of the RDBMS  application (i.e., application hijacking). In the first case, the hacker submits user input to the application that will cause it to execute SQL operations that violate the security requirements. In the second case, the hacker attempts to directly control the programming logic of the application to cause it to execute SQL operations that violate the security requirements. Note that in both cases, the vulnerability exists in typical RDBMSs because the RDBMS middleware application must execute with privileges sufficient to access all database objects necessary to satisfy any potential operation.

The Trusted RUBIX Application User mechanism removes these vulnerabilities by restricting the RDBMS middleware application to permissions sufficient to access only database objects that satisfy the current operation.