TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P20

Applied Oracle Security: Developing Secure Database and Middleware Environments- P20:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 164 Part II Oracle Database Vault The following table depicts a new DBV factor Connection_Type and its identities. We can define these identities based on these notional environment conditions with the Authentication_ Method ClientJP and Session_User factors contributing to identify the Connection_Type factor. Connection_Type Identity Authentication_Method Client_IP Session_User LOCAL_DBA OS or PASSWORD NULL SYS SYSTEM CORPORATE_SSL SSL LIKE . CORPORATE_ PASSWORD LIKE . PASSWORD OTHER NOT LIKE . The approach to identifying factors based on the identity of other factors requires the following steps 1. Define the factor to be identified by other factors. The factor that is identified by other factors is called the parent factor. 2. Define factor links between the parent and contributing factors. With the DVA web application this factor linking is done automatically with the underlying DBMS_ MACADM APIs. 3. Define the identities for the parent factor. 4. Define factors and identities for all factors that identify the parent factor. The factors that identify the parent factor are called child factors. 5. Define the identity maps that map the identities of the child factors to the parent factor. First we define the Connection_Type factor which is our parent factor with a get_expr parameter set to an expression that will resolve to one of our identities for the factor. This is simply a default expression before the other factors are resolved and it should default to our least trusted identity. BEGIN factor_name Connection_Type factor_type_name Application description Categorizes the connection security level. rule_set_name NULL get_expr UPPER OTHER validate_expr NULL identify_by labeled_by eval_options audit_options fail_options END PL SQL procedure successfully .