1 label security & db audit for oracle 9i database security 정보보호학과 032isi01 김 정...

1

Label Security & DB Auditfor Oracle 9i

DATABASE SECURITY

정보보호학과 032ISI01 김 정 수

DATABASE 보안 2 2정보보호학과 김 정 수

Label Security What is Oracle9i Label Security? Label Security Access Mediation Security Label Components Oracle 9i Label Security Implementation SQL*PLUS POLICY_MANAGER AUDITING AUDITING 이란 ? AUDITING 의 종류 INFORMIX AUDITING References

목 차


What is Oracle9i Label Security?

Oracle9i Label Security leverages the Oracle9i Enterprise Edition virtual private database (VPD) security features to provide a comprehensive, highly customizable, out-of-the-box solution for row level security.

Oracle9i Label Security is a security option for the Oracle9i Enterprise Edition and dramatically reduces the need to isolate information, build complex application code, and rely on manual or physical controls to protect your data.

Oracle9i Label Security mediates access using sensitivity labels assigned to individual table rows combined with user label authorizations


Label Security Access Mediation

DataLabels

Users

User Authorizations

Data Sensitivity

Access Mediation


Security Label Components

define increasing data sensitivity

define the areas to which data access

is restricted

define who is the owner of

the data and provides


Oracle 9i Label Security Implementation


Part I

SQL*PLUS


Label Security 예제

ss_test 의 Table 구성도

id cust_type first_name last_name region credit1 SILVER Harry Hill NORTH 110002 SILVER Vic Reeves NORTH 20003 SILVER Bob Mortimer WEST 5004 SILVER Paul Whitehouse SOUTH 10005 SILVER Harry Enfield EAST 20006 GOLD Jenifer Lopaz WEST 5007 GOLD Kylie Minogue NORTH 10008 GOLD Maria Carey WEST 10009 GOLD Dani Minogue SOUTH 200010 GOLD Whitney Houston EAST 50011 PLATINUM Robbie Williams SOUTH 50012 PLATINUM Thom Yorke NORTH 200013 PLATINUM Gereth Gates WEST 1000014 PLATINUM Darius Dinesh EAST 200015 PLATINUM Will Young EAST 100

MANAGER NORTHSOUTHEASTWEST L3:M,E:R80

L3:M,E:R20,R40,R60,R80L3:E:R20L3:E:R20,R40,R80L3:E:R60

ss_test 의 Label 적용


Part II

POLICY MANAGER

DATABASE 보안 10 10

정보보호학과 김 정 수

Policy Manager 화면

구성요소 Lable Data Lable



AUDITING 이란 ?

개요 사용자의 행동을 감시하거나 데이타베이스에 관한 통계자료를 얻는 목적으로 사용

설정 AUDIT 기능은 init<SID>.ora 화일에 AUDIT_TRAIL 파라미터를 설정하고 DB 를 shutdown/s

tartup 하면 작동한다 . (1) $ORACLE_HOME/dbs/initSID.ora file AUDIT_TRAIL=DB <= 설정 (2) $ORACLE_HOME/rdbms/admin directory 의 cataudit.sql <= “sys user” 로 실행 결과물

AUDIT_TRAIL=DB 로 설정 => SYS.AUD$ 테이블에 쌓이게 되고 AUDIT_TRAIL=OS 로 설정

=> Flie 로 생기게 된다 .



AUDITING 종류 STATEMENT AUDITING : 명령의 종류에 따라서 AUDITING 설정 EX)AUDIT TABLE BY SCOTT BY ACCESS WHENEVER SUCCESSFUL;

PRIVILEGE AUDITING : 사용되는 PRIVILEGE 에 따른 AUDITING 설정 EX)AUDIT CREATE TABLE BY SCOTT BY SESSION;

OBJECT AUDITING : 적용되는 OBJECT 에 따른 AUDITING 설정 EX)AUDIT ALL ON SCOTT.EMP;

설정된 AUDIT 기능은 NOAUDIT 명령으로 없앨 수 있다 . EX)NOAUDIT ALL ON SCOTT.EMP;



Statement Auditing

*** Statement Audit 설정 ***

SQL> audit not exists by ss_test ;SQL> select * from dba_stmt_audit_opts ;

USER_NAME AUDIT_OPTION SUCCESS FAILURE --------------------------------------------------------- SS_TEST NOT EXISTS BY ACCESS BY ACCESS

*** Statement Audit 실례 ***

SQL> grant select on not_exist_tab to wookpark ; grant select on not_exist_tab to wookpark * ERROR at line 1: ORA-00942: table or view does not exist

SQL> select os_username,username,timestamp,obj_name,action_name, obj_privilege, grantee 2 from dba_audit_statement ;

OS_USERNAME USERNAME TIMESTAMP OBJ_NAME ACTION_NAME OBJ_PRIVILEGE GRANTEE ------------------------------------------------------- rctest73 SS_TEST 19-MAY-04 NOT_EXIST_TAB GRANT OBJECT --Y--- WOOKPARK



Privilege Auditing

*** Privilege Audit 설정 *** SQL> audit create session by ss_test ; SQL> select * from dba_priv_audit_opts ;

USER_NAME PRIVILEGE SUCCESS FAILURE ------------------------------------------------------ SS_TEST CREATE SESSION BY ACCESS BY ACCESS

*** Privilege Audit 실례 ***

SQL> connect ss_test/password SQL> disconnect SQL> connect system/manager SQL> select os_username, timestamp, logoff_time, logoff_lread, logoff_pread 2 from dba_audit_session 3 where username = ‘SS_TEST' ;

OS_USERNAME TIMESTAMP LOGOFF_TIME LOGOFF_LREAD LOGOFF_PREAD --------------------------------------------------------------------------- ss_test 19-MAY-04 19-MAY-04 115 1



Object Auditing

SQL> create table ss_test.aud1 (a char(1)) ;SQL> audit insert on ss_test.aud1 by session whenever not successful ;SQL> select * from dba_obj_audit_opts where owner = ‘SS_TEST' and object_name = 'AUD1' ;

OWNER OBJECT_NAME OBJECT_TY --------------------------------------------------------------- ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE --------------------------------------------------------------- SS_TEST AUD1 TABLE -/- -/- -/- -/- -/- -/- -/S -/- -/- -/- -/- -/- -/-

SQL> insert into aud1 values ('5byte') ; insert into aud1 values ('5byte') * ERROR at line 1: ORA-01401: inserted value too large for column SQL> insert into aud1 values ('a') ; SQL> select username, timestamp, action_name, ses_actions 2 from dba_audit_object 3 where owner = ‘SS_TEST' and obj_name = 'AUD1' ;

USERNAME TIMESTAMP ACTION_NAME SES_ACTIONS ------------------------------------------------------ SS_TEST 19-MAY-04 SESSION REC ----F----



AUDITING 특징

내려진 명령이 ROLLBACK 되더라도 AUDIT 에 의해 기록된 정보는 그대로 남아 있다 .

SYS 또는 INTERNAL 로 접속하여 행하는 명령은 AUDIT 에 의해서 기록되지 않는다 .

오라클은 AUDIT 기능의 세팅 여부와는 관계없이 STARTUP, SHUTDOWN, CONNECT INTERNAL 과 같은 정보는 OS 상의 화일로 기록을 남겨준다 .

REMOTE DB 에 대해서 행해지는 작업은 AUDIT 대상이 되지 않는다 . 이것은 REMOTE DB 에서 처리해 주어야 한다 .

만약 두개의 AUDIT 가 동시에 적용되는 경우라면 하나의 레코드만 생성된다 . OBJECT AUDITING 은 모든 유저에 대해서 적용된다 . 특정한 유저를 지정하지

못한다 . BY SESSION 은 접속된 세션에 대해서 하나의 레코드만 생성하고 BY ACCESS 는

해당 명령이 내려질 때마다 정보를 기록한다 .

DDL 을 AUDIT 하는 SYSTEM AUDIT, PRIVILEGE AUDIT 의 경우는 BY ACCESS 가 디폴트이고 그 외의 경우는 BY SESSION 이 디폴트이다 .



AUDITING – INFORMIX (1)

% onstat -g ses ( 세션정보 )

session #RSAM total used

id user tty pid hostname threads memory memory

225196 informix - 0 - 0 12288 11200

34 tuxedo - 17607 cstst1 1 61440 43896

33 tuxedo - 17606 cstst1 1 36864 35304



AUDITING – INFORMIX (2)

% onstat -g sql 34Sess SQL Current Iso Lock SQL ISAM F.E.

Id Stmt type Database Lvl Mode ERR ERR Vers

34 - ppcommon CR Not Wait 0 0 9.03

Last parsed SQL statement :

update ppcommon : st201 set unisys_down = ? , online_close = ? Where rec_no = 0

% ps -ef | grep 17607 tuxedo 17607 1 0 Apr 23 ? 0:00 tcis01ys -g 610 -i 611 -u cstst1 -

U /infordump/log.dir/ULOG -m



Trigger 를 이용한 DML AUDITING(1)

CREATE OR REPLACE TRIGGER LogEmpChanges BEFORE INSERT OR DELETE OR UPDATE ON scott.emp FOR EACH ROW DECLARE v_ChangeType CHAR(1); BEGIN IF INSERTING THEN v_ChangeType := 'I'; ELSIF UPDATING THEN v_ChangeType := 'U'; ELSE v_ChangeType := 'D'; END IF;




INSERT INTO emp_audit (change_type, changed_by, timestamp, old_empno, old_ename, old_job, old_mgr, old_hiredate, old_sal, old_comm, old_deptno, new_empno, new_ename, new_job, new_mgr, new_hiredate, new_sal, new_comm, new_deptno) VALUES (v_ChangeType, USER, SYSDATE, :old.empno, :old.ename, :old.job, :old.mgr, :old.hiredate, :old.sal, :old.comm, :old.deptno, :new.empno, :new.ename, :new.job, :new.mgr, :new.hiredate, :new.sal, :new.comm, :new.deptno); END LogEmpChanges; /




AUDIT 결과 확인 SQL> delete from emp where empno=7934; 1 row deleted.SQL> commit; Commit complete.SQL> select * from emp_audit ;

OLD_EMPNO OLD_ENAME OLD_JOB OLD_MGR OLD_HIREDATE OLD_SAL---------- ---------- --------- ---------- ------------------- --------OLD_COMM OLD_DEPTNO NEW_EMPNO NEW_ENA

ME NEW_JOB NEW_MGR---------- ---------- ---------- ---------- --------- ----------NEW_HIREDATE NEW_SAL NEW_COMM NEW_DEPTNO CHANGED_ C TIMESTAMP

7934 MILLER CLERK 7782 1982/01/23 00:00:00 1300 10 SCOTT D 2004/5/19 09:54:41



References

Oracle 9i Label Security – data sheet Oracle 9i Label Security – Controlling Access to

Data Oracle 9i Label Security – An Oracle White Paper

January 202 Security Solutions In Application Hosting

Oracle 9i Database Administrator's Guide

1 label security & db audit for oracle 9i database security 정보보호학과 032isi01 김 정...

Documents