An access control system provides multilevel and mandatory access control for a database management system. The access control systems provide access control at the row level in a relational database table. The database table contains a security label column within which is recorded a security label that is defined within a hierarchical security scheme. A user's security label is encoded with security information concerning the user. When a user requests access to a row, a security mechanism compares the user's security information with the security information in the row. If the user's security dominates the row's security, the user is given access to the row.
|US5483596||Jan 24, 1994||Jan 9, 1996||Paralon Technologies, Inc.||Apparatus and method for controlling access to and interconnection of computer system resources|
|US5572673||Dec 1, 1993||Nov 5, 1996||Sybase, Inc.||Secure multi-level system for executing stored procedures|
|US5692179||Feb 16, 1995||Nov 25, 1997||Sharp Kabushiki Kaisha||Information retrieving apparatus|
|US5751949||May 23, 1995||May 12, 1998||MCI Corporation||Data security system and method|
|US5787428||Aug 21, 1996||Jul 28, 1998||British Telecommunications public limited company||Control of database access using security/user tag correspondence table|
|US5893087||Apr 10, 1996||Apr 6, 1999||Dex Information Systems, Inc.||Method and apparatus for improved information storage and retrieval system|
|US5913037||Jul 3, 1996||Jun 15, 1999||Compaq Computer Corporation||Dynamic management information base manager|
|US5915086||Apr 3, 1997||Jun 22, 1999||Oracle Corporation||Hierarchical protection of seed data|
|US5941947||Aug 18, 1995||Aug 24, 1999||Microsoft Corporation||System and method for controlling access to data entities in a computer network|
|US5963642||Dec 30, 1996||Oct 5, 1999||Method and apparatus for secure storage of data|
|US5974408||Aug 4, 1998||Oct 26, 1999||Oracle Corporation||Method and apparatus for executing a query that specifies a sort plus operation|
|US6006234||Oct 31, 1997||Dec 21, 1999||Oracle Corporation||Logical groupings within a database|
|US6044373||Sep 29, 1997||Mar 28, 2000||International Business Machines Corporation||Object-oriented access control method and system for military and commercial file systems|
|US6044378||Sep 29, 1997||Mar 28, 2000||International Business Machines Corporation||Method and system for a federated digital library by managing links|
|US6098075||Dec 16, 1997||Aug 1, 2000||International Business Machines Corporation||Deferred referential integrity checking based on determining whether row at-a-time referential integrity checking would yield the same results as deferred integrity checking|
|US6134549||Mar 31, 1995||Oct 17, 2000||Showcase Corporation||Client/server computer system having personalizable and securable views of database data|
|US6219790||Jun 19, 1998||Apr 17, 2001||Lucent Technologies Inc.||Centralized authentication, authorization and accounting server with support for multiple transport protocols and multiple client types|
|US6233617||Aug 17, 1999||May 15, 2001||Siebel Systems, Inc.||Determining the visibility to a remote database client|
|US6266673||Jun 7, 2000||Jul 24, 2001||Oracle Corporation||Performing operations on objects in a database system in a response to a request that specifies references that indicate where the objects reside|
|US6286104||Aug 4, 1999||Sep 4, 2001||Oracle Corporation||Authentication and authorization in a multi-tier relational database management system|
|US6369840||Mar 10, 1999||Apr 9, 2002||America Online, Inc.||Multi-layered online calendaring and purchasing|
|US6405212||Sep 27, 1999||Jun 11, 2002||Oracle Corporation||Database system event triggers|
|US6484180||Aug 2, 1999||Nov 19, 2002||Oracle Corporation||Accessing domain object data stored in a relational database system|
|US6487552||Oct 5, 1998||Nov 26, 2002||Oracle Corporation||Database fine-grained access control|
|US6578037||Jun 7, 2000||Jun 10, 2003||Oracle Corporation||Partitioned access control to a database|
|US6606627||Aug 27, 2001||Aug 12, 2003||Oracle Corporation||Techniques for managing resources for multiple exclusive groups|
|US6631371||Sep 18, 2002||Oct 7, 2003||Oracle International Corporation||Database fine-grained access control|
|US6711579||Apr 20, 2001||Mar 23, 2004||Sree Ayyanar Spinning and Weaving Mills Limited||Data storage schema independent programming for data retrieval using semantic bridge|
|US6775668||Sep 11, 2000||Aug 10, 2004||Novell, Inc.||Method and system for enhancing quorum based access control to a database|
|US6820082||Apr 3, 2000||Nov 16, 2004||Allegis Corporation||Rule based database security system and method|
|US6922696||Nov 9, 2000||Jul 26, 2005||SRI International||Lattice-based security classification system and method|
|US6931411||May 30, 2002||Aug 16, 2005||Cryptek, Inc.||Virtual data labeling system and method|
|US7134022||Jul 16, 2002||Nov 7, 2006||Multi-level and multi-category data labeling system|
|US7240046||Sep 4, 2002||Jul 3, 2007||International Business Machines Corporation||Row-level security in a relational database management system|
|US7464080||May 10, 2007||Dec 9, 2008||International Business Machines Corporation||Row-level security in a relational database management system|
|US20020073072||Dec 13, 2001||Method of controlling access to database, database device, method of controlling access to resource, information processing device, program, and storage medium for the program|
|US20020095405||Jan 18, 2001||Hitachi America, Ltd.||View definition with mask for cell-level data access control|
|US20030046576||Aug 30, 2001||International Business Machines Corporation||Role-permission model for security policy administration and enforcement|
|US20030140097||Jun 19, 2002||Method and device for presenting data to a user|
1. An apparatus for use within a database management system having a data manager and a database, for determining whether a user is authorized to perform a requested operation on a row of data held within the database, the user being associated with a user security label and the row having a row security label, the apparatus comprising:
- a user security unit having recorded therein a hierarchy of security labels;
- a read security unit connected to the user security unit and between the data manager and the database, and configured to return the row from the database to the data manager only if the user security label is located in the hierarchy at a level with privileges that are greater than or equal to privileges for a level in the hierarchy at which the row security label is located.
2. The apparatus of claim 1, further comprising a write security unit connected to the data security unit and between the data manager and the database, and configured to set the row security label to the same value as the user security label if the requested operation is a row update operation.
3. The apparatus of claim 2, wherein the write security unit is further configured to set the row security label with a level lower than the user security level if the user is authorized to update rows with a lower level security label and if security categories specified for the lower level security label are a proper subset of security categories associated with the user security label.
4. The apparatus of claim 1, wherein the requested operation is submitted in a request from a user that does not contain a view operation.
5. The apparatus of claim 1, wherein a table containing the row of data contains access control information for limiting user access to the database.
6. The apparatus of claim 1, further comprising a cache configured to store security information associated with a cached security label, wherein the read access control unit uses the security information in the cache if the row security label matches the cached security label.
7. The apparatus of claim 1, wherein the read security unit compares, for each row of the database satisfying the requested operation, the user security level associated with the user with the row security level associated with the row.
8. The apparatus of claim 1, wherein the hierarchy of security labels correspond to a group of different levels of security in a multilevel security system.
9. A program product embodied on a computer readable medium, for controlling access to a relational database, comprising program instructions which when executed cause a computer to:
- receive a user request for data from the database, the request including a request to perform a database operation and a user security label;
- determine user security information from the user security label;
- retrieve, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
- determine row security information for each of the retrieved rows based on the row's security label;
- determine, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and
- return only the rows for which the user is determined to have authorization to access.
10. The program product of claim 9, wherein the request one or more queries of one or more tables.
11. The program product of claim 9, wherein the table containing the rows of data contains access control information for limiting user access to the database.
12. The program product of claim 9, wherein the database operation is a query.
13. The program product of claim 9, wherein the database operation involves a row update.
14. The program product of claim 9, wherein said determining row security information includes checking a cache for row security information corresponding to the row's security label.
15. The program product of claim 9, wherein the user security label is one of plurality of security labels arranged in a hierarchy of security levels.
16. The program product of claim 15, wherein the user is determined to be authorized to access the retrieved row only if the user security level corresponds to a security level having greater than or equal degree of access than a security level indicated by the retrieved row's security label.
17. The program product of claim apparatus of claim 15, wherein the hierarchy of security labels correspond to a group of different levels of security in a multilevel security system.
18. The program product of claim 9, wherein the determining if the user security information dominates the row security information is based on comparing, for each row of the database satisfying the requested operation, the user security level associated with the user with the row security level associated with the row.