Research of Least Privilege for Database Administrators
نویسندگان
چکیده
Traditional database administrator (DBA) privileges are too high, which causes insider security threat problem. To solve this problem, an extended Role Based Access Control (RBAC) rights management model for DBA was brought out in this paper. Combined with the principle of least privilege security, this paper proposes a scheme which contains three management roles separation and dynamic constraints. It solved the problem that system administrator's privileges are too high and avoided the insider threats. Practice proves that this model has versatility, flexibility, and high security.
منابع مشابه
Secure Automation: Achieving Least Privilege with SSH, Sudo, and Suid
Automation tools commonly require some level of escalated privilege in order to perform their functions, often including escalated privileges on remote machines. To achieve this, developers may choose to provide their tools with wide-ranging privileges on many machines rather than providing just the privileges required. For example, tools may be made setuid root, granting them full root privile...
متن کاملCoordinating Accessibility versus Restrictions in Distributed Object Systems
This work aims to provide administrators with services for managing permissions in a distributed object system, by connecting business-level tasks to access controls on low level functions. Specifically, the techniques connect abilities (to complete externallyinvoked functions) to the access controls on individual functions, across all servers. Our main results are the problem formalization, pl...
متن کاملA Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities
Most Windows users run all the time with Administrator privileges, equivalent to root privileges on a UNIX system. The possession of Administrator privileges by every user significantly increases the vulnerability of Windows systems. For example, simply compromising a user network service, such as an instant messaging client, provides an attacker complete control of the system. We address this ...
متن کاملSecure Isolation of Untrusted Legacy Applications
Existing applications often contain security holes that are not patched until after the system has already been compromised. Even when software updates are available, applying them often results in system services being unavailable for some time. This can force administrators to leave system services in an insecure state for extended periods. To address these system security issues, we have dev...
متن کاملThe PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments
Many grid usage scenarios depend on small, dynamic working groups for which the ability to establish transient collaboration with little or no intervention from resource administrators is a key requirement. The system developed, PRIMA, focuses on the issues of management and enforcement of fine-grained privileges. Dynamic account creation and leasing as well as expressive enforcement mechanisms...
متن کامل