You are hereSecurity Policy Enforcement

Security Policy Enforcement

Trusted RUBIX enforces five distinct security policies: Multilevel Security (MLS), Type Enforcement (TE, SELinux only), Attribute Based Access Control/SPM (ABAC), TR Role Based Access Control (RBAC), and Discretionary Access Control (DAC). All but the DAC policy are mandatory policies in that normal database users have no control over their enforcement or configuration. The three MAC mechanisms of MLS, TE, and RBAC policies have full integration with the equivalent policies in the underlying operating system. The integrated MAC provides unified and coherent security behavior across all database and operating system objects. This simplifies security administration and prevents security violations when information moves between the database (e.g., a table) and the operating system (e.g., a file).


Mandatory Access Control (MAC) is the ability of a system to control access to specific data based upon a set of mandatory rules (i.e., a policy) defined by administrative personnel (e.g., the Security Administrator). MAC is enforced for every object and every operation in the system. MAC provides the highest level of security because neither the normal user nor the owner of an object has any influence over the policy that control access to the data. MAC effectively provides a protective wall around all data in the system and only the Security Administrator determines which data passes through the wall's single gate, based upon the user and the specific data being accessed.


To ensure the proper enforcement of these security policies, Trusted RUBIX uses an internal design that focuses on the modularity and layering principles which are critical in high assurance systems. The RDBMS mandatory policies are implemented as a minimized reference monitor within the database kernel. No query modification or SQL engine "hooks" are used.


The security policies are enforced over all RDBMS objects and operations, including the data dictionary. Polyinstantiation of RDBMS objects is used to prevent classified information from being inferred by non-cleared users who, during object creation, attempt to exploit unique object name conflicts between security domains. Furthermore, Trusted RUBIX uses a unique secure concurrency algorithm that removes covert channels between transactions of different security domains as they access common database objects. These features ensure that information is not leaked through "back-door" channels.


To find out more about the security policies enforced by the Trusted RUBIX RDBMS please follow the links below.