Security Policy Comparison Matrix

The Trusted RUBIX Access Control Policies are listed in the table below and indicate the following:

  • is the policy integrated with the OS policy;
  • is the policy discretionary or mandatory;
  • what are the characteristics of the policy rules; and
  • how is the policy configured.
Trusted RUBIX Security Policy Comparison Matrix


OS Integration1


Policy Rules

Policy Configuration

Multilevel Security  Yes Mandatory

Fixed Bell-Lapadula rules. Based upon primitive read, update, and create operations.

Objects assigned level of creating subject.
Subjects may read objects with dominated levels.

Subjects may update objects with equal levels.

Policy rules are fixed.

Type Enforcement

SELinux only



Rules define which role a user may assume. Roles determine set of domains a subject may have.

Rules define the type of an object based upon the creating subject’s domain and the parent object’s type.

Rules define an Access Control List over subject domain, object type, and SQL operation.

Script based policies created in OS files.

OS Security Admin inspects and assignes policies to the OS.

Policies may cover RDBMS and OS objects allowing for coherent policies.

Attribute Based Access Control/SPM



Flexible and dynamic modular policies based upon numerous attributes, including any row value. MLS and TE policy decisions useable as attributes.

XACML based rules control access to SQL operation. Policy decision may override MLS and TE.

Policy driven actions (audit, set column value) may be performed.

XML policies created in OS files.

RDBMS Security Admin inspects and assigns policies to RDBMS objects.

Policies may be inherited from parent object.

TR Role Based Access Control Yes Mandatory

Each authorization allows the execution of one or more actions.

A set of authorizations are mapped to a named role.

Each role may be associated with any number of users.

A user may transition between roles and is in exactly one role at any given time.

The actions a user may perform are bounded by its current role.

OS dependent.

SELinux: Scripted Type Enforcement policy rules include definitions for roles and specify the ability to transition between them. Roles are assigned to users using a GUI.

Solaris: Roles are configured by associating a set of authorizations using a GUI. Roles are assigned to users using a GUI.

Discretionary Access Control No  Discretionary

Access Control List over User ID/Group ID, object name, and SQL operation.

Non-administrative users distribute permissions to access objects they create.

Normal RDBMS users grant/revoke access to objects they control.

Ability to grant/revoke may itself be granted and revoked.

Part of SQL language.

1 The OS is consulted for policy decisions allowing for coherent policy behavior across RDBMS and OS operations and objects. The RDBMS user’s session label (context) is extracted from the OS process or socket. For RBAC, each role is recognized by both the OS and RDBMS and may give both OS and RDBMS abilities.
2 A discretionary policy is one in which the ability to allow or deny an operation is given to the object’s owner or other non-administrative RDBMS users. A mandatory policy is one in which only an administrator may configure which users may perform an operation.