TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P21

Applied Oracle Security: Developing Secure Database and Middleware Environments- P21:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 174 Part II Oracle Database Vault CUSTLAST CUSTYEAROFBIRTH CUSTMARIT CUSTINCOMELEVEL Beiers Duval Greeley Grover Hamilton Krider Majors Rowley Stone 9 rows selected. This example demonstrated column-level security using DBV factors and VPD. It is important to note that you can filter the records row-level security on the same table with the same approach. You can do this by omitting the sec_relevant_cols and sec_relevant_cols_opt parameters to the procedure call. With this approach MARY would not have been able to see any records no rows selected when querying the tables outside the corporate network. DBV Factor Integration with OLS DBV includes a feature that allows you to associate DBV identities with OLS labels. When a specific DBV identity is asserted for a session the OLS label associated with the identity will be merged with the maximum label that is assigned to the user. The merge operation is controlled by an OLS merge algorithm configured by the DBV security administrator. The merge results in an effective OLS session label that cannot be upgraded by the user because of the integrated access control of DBV and OLS. Even if the label assigned to the user exceeds the label of the DBV identity the effective OLS label could be downgraded by the label of the DBV identity. The OLS session label controls the records that a user can SELECT INSERT UPDATE or DELETE when OLS labels are applied to data tables. To illustrate this integration suppose we have an OLS policy that defines labels with which we will categorize customer data records based on their credit limit. We categorized the credit limits as shown in the table Credit Limit Category LOW MODERATE HIGH Credit Limit Range Less than 5000 Between 5000 and 9999 Greater than or equal to 10 000 We can associate these OLS labels with the DBV identities we defined for the Connection_ Type factor used in the preceding section to establish an effective session label for .

5    4    0
6    5    0