SE-PostgreSQL Linux SELinux Security-Enhanced PostgreSQL

Similar documents

DOUSHISYA-sports_R12339(高解像度).pdf

Introduction Purpose This training course demonstrates the use of the High-performance Embedded Workshop (HEW), a key tool for developing software for

3. XML, DB, DB (AP). DB, DB, AP. RDB., XMLDB, XML,.,,.,, (XML / ), XML,,., AP. AP AP AP 検索キー //A=1 //A=2 //A=3 返却 XML 全体 XML 全体 XML 全体 XMLDB <root> <A

Microsoft Word - j201drills27.doc

外部SQLソース入門

<4D F736F F D208BB38DDE5F F4390B394C52E646F6378>

Windowsユーザーの為のOracle Database セキュリティ入門

MAC root Linux 1 OS Linux 2.6 Linux Security Modules LSM [1] Security-Enhanced Linux SELinux [2] AppArmor[3] OS OS OS LSM LSM Performance Monitor LSMP

DEIM Forum 2019 H2-2 SuperSQL SuperSQL SQL SuperSQL Web SuperSQL DBMS Pi

Oracle Lite Tutorial

1,.,,,., RDBM, SQL. OSS,, SQL,,.

Copyright SATO International All rights reserved. This software is based in part on the work of the Independen

Actual ESS Adapterの使用について

クラウド時代のインフラ構成/変更管理とコンプライアンス管理

Microsoft Word - j201drills27.doc

,,.,,., II,,,.,,.,.,,,.,,,.,, II i

…l…b…g…‘†[…N…v…“…O…›…~…ﬁ…OﬁÁŸ_

open / window / I / shall / the? something / want / drink / I / to the way / you / tell / the library / would / to / me

fx-9860G Manager PLUS_J

Page 1 of 6 B (The World of Mathematics) November 20, 2006 Final Exam 2006 Division: ID#: Name: 1. p, q, r (Let p, q, r are propositions. ) (10pts) (a

1. 1 DBMS Unix (USP ) ( )[3] 20 UNIX [2] KISS UNIX 1. 2 (Tukubai ) Unix OS Unix USP Tukubai Tukubai 1. 3 Unix SQL Tukubai usp Tukubai Open usp Tukubai

第１０１回　日本美容外科学会誌／ｎｂｇｋｐ‐０１（大扉）

ｔｎｂｐ５９－２０＿Ｗｅｂ：Ｐ１／ｋｙ１０８６７９５０９６１０００２９４３

２７巻３号／ＦＵＪＳＹＵ０３‐１０７（プログラム）

Oracle Database 11g × Hitachi Storage Solutionsのベストプラクティス

パーキンソン病治療ガイドライン2002

本文２７／Ａ（ＣＤ－ＲＯＭ

Fortigate Ver.4.0MR3Patch12 Information 1

I N S T R U M E N T A T I O N & E L E C T R I C A L E Q U I P M E N T Pressure-resistant gasket type retreat method effective bulk compressibility Fro

TopLink å SampleClient.java... 5 Ò readallsample() querysample() cachesample() Ç..

,, create table drop table alter table

etrust Access Control etrust Access Control UNIX(Linux, Windows) 2

Tya-net Thirteen Rules of Use Tya-net Don't violate the intended use of Tya-net. Tya-net Don't let anyone know your passwords. Use strong passwords. M

BSD Unix IPv6 WIDE Project / ( ) All rights reserved. Copyright(c)2006 WIDE Project 1

Microsoft Word - D JP.docx

Hi. Hello. My name is What s your name? Nice to meet you. How are you? I m OK. Good morning. How are you? I am fine, thank you. My name is. Nice to me

S1Šû‘KŒâ‚è

第3回_416.ppt

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

FortiGate Ver.4.0MR3Patch14 Information 1

Zinstall WinWin 日本語ユーザーズガイド

Shonan Institute of Technology MEMOIRS OF SHONAN INSTITUTE OF TECHNOLOGY Vol. 41, No. 1, 2007 Ships1 * ** ** ** Development of a Small-Mid Range Paral

([ ],), : [Name], name1 name2 name10 4, 2 SuperSQL, ([ ]!), name1 name2 : [Name]! name SuperSQL,,,,,,, < < > } =,

EPSON ES-D200 パソコンでのスキャンガイド

Oracle DatabaseとIBM DB2 UDBの技術的比較: パフォーマンスを重視

<Documents Title Here>

C. S2 X D. E.. (1) X S1 10 S2 X+S1 3 X+S S1S2 X+S1+S2 X S1 X+S S X+S2 X A. S1 2 a. b. c. d. e. 2

FileMaker Server Getting Started Guide

Unix * 3 PC 2 Linux, Mac *4 Windows Cygwin Cygwin gnuplot Cygwin unix emulator online gnuplot *5 matplotlib *6 SuperMongo *7 gnuplot gnuplot OS *8 Uni

Answers Practice 08 JFD1

~~~~~~~~~~~~~~~~~~ wait Call CPU time 1, latch: library cache 7, latch: library cache lock 4, job scheduler co

<Documents Title Here>

<Documents Title Here>

Web Microsoft 2008 R2 Database Database!! Database 04 08

Z7000操作編_本文.indb

bc0710_010_015.indd

"CAS を利用した Single Sign On 環境の構築"

"CAS を利用した Single Sign On 環境の構築"

Wiki Wiki Wiki...

EPSON PX-503A ユーザーズガイド

PGECons技術ドキュメントテンプレート Ver.3

debian_manual.dvi

Oracle XML DB によるスケーラビリティおよびパフォーマンス検証 - MML v.3.0

RAID RAID 0 RAID 1 RAID 5 RAID * ( -1) * ( /2) * RAID A. SATA B. BIOS SATA ( 1) C. RAID BIOS RAID D. SATA RAID/AHCI 2 SATA M.2 SSD ( 2) ( (

Transcription:

Open Source Conference 2008.DB (07-Jun-2008, Tokyo/Japan) Security-Enhanced PostgreSQL OS OS <kaigai@kaigai.gr.jp>

SE-PostgreSQL http://code.google.com/p/sepgsql/ http://sepgsql.googlecode.com/files/osc2008.db-sepgsql.pdf Linux SELinux Security-Enhanced PostgreSQL 2006 IPA

1,280 PRICELESS etc...... UNIX permission... Database ACL

Operating System SELinux MAC MAC = Mandatory Access Control ( )

Operating System SELinux MAC SE-PostgreSQL MAC = Mandatory Access Control ( )

OS/DBMS OS... DBMS... SQL DB SE-PostgreSQL Operating System UNIX Permission SELinux Policy SE-PostgreSQL Database ACL SE-PostgreSQL ------ ---- -- ------- SQL Query Execution Engine *** +++ ## *** ++ ### * + # ***** +++ #####

SE-PostgreSQL PostgreSQL OS OS SQL

security_context postgres=# select security_context, * from drink; security_context id name price --------------------------------------------------+----+-------+------- unconfined_u:object_r:sepgsql_table_t 1 water 110 unconfined_u:object_r:sepgsql_table_t 2 coke 120 unconfined_u:object_r:sepgsql_table_t 3 milk 150 unconfined_u:object_r:sepgsql_table_t 4 juice 130 unconfined_u:object_r:sepgsql_table_t:classified 5 beer 240 unconfined_u:object_r:sepgsql_table_t:classified 6 wine 380 (6 rows) SELinux [kaigai@masu ~]$ ls -Z /etc/ -rw-r--r-- root root system_u:object_r:etc_aliases_t aliases -rw-r--r-- root root system_u:object_r:etc_t auto.master -rw-r--r-- root root system_u:object_r:etc_t auto.misc -rw-r--r-- root root system_u:object_r:etc_t group -r-------- root root system_u:object_r:shadow_t shadow -rw-r--r-- root root system_u:object_r:etc_t passwd : : : : :

SELECT... UPDATE/DELETE... / Unclassified water, coke, beer security_context id name price Unclassified...:sepgsql_table_t:Unclassified 1 water 110 SELECT...:sepgsql_table_t:Unclassified...:sepgsql_table_t:Classified 2 3 coke milk 120 150 SELECT...:sepgsql_table_t:Classified 4 juice 130 Classified...:sepgsql_table_t:Unclassified 5 beer 240...:sepgsql_table_t:Secret 6 wine 380 Unclassified Classified water, coke, milk, juice, beer

SELECT uid, uid, uname,, age(birthday), dname FROM person p JOIN division d ON ON p.did = d.did WHERE p.residence = OR OR d.address = ; person division SE-PostgreSQL uid did uname residence birthday did dname address

Case Study (1/2) SELECT name, price * 2 FROM drink WHERE id < 40; db_column:{select}... name price db_column:{use}... id {use} : db_procedure:{execute}... int4mulint4lt db_table:{select use}... drink SQL db_tuple:{select use}...

Case Study (2/2) db_column:{update}... size db_column:{select update}... price price db_column:{use}... alcohol db_procedure:{execute}... booleqint4mul db_table:{select use update}... drink SQL UPDATE drink SET size = 500, price = price * 2 WHERE alcohol = true; db_tuple:{select use update}...

Performance CPU: CPU: Core2Duo Core2Duo E6400, E6400, Mem: Mem: 1GB, 1GB, HDD: HDD: SATA SATA shared_buffer=512m, rest rest of of options options are are in in default. default. $ $ pgbench pgbench -c -c 22 -t -t 200000 200000 10% access vector cache (AVC):

Demonstration All or Nothing

World Wide (1/3) SELinux Linux kernel Fedora Project Fedora 8 SELinux Developer Summit 2007 @Baltimore, USA

World Wide (2/3) PostgreSQL Data: 2007-03-03 From: Josh Berkus I'm chasing a rumor that someone is working on integrating PostgreSQL with the SELinux security framework. Anyone know anything about this? SE-PostgreSQL Data: 2007-03-05 From: KaiGai Kohei Subject: [ANN] SE-PostgreSQL 8.2.3-1.0 alpha release SELinux PostgreSQL Conference version & Developer 8.3.0 Summit Feature 2007@Baltimore Freeze ( 08/04/01) (3/14-16) Data: 2007-04-17 From: KaiGai Kohei Subject: [RFC] PostgreSQL Access Control Extension (PGACE) Data: 2007-04-19 From: Tome Lane Well, personally I won't have any cycles to think hard about any post-8.3 work until after the beta is out. orz

World Wide (3/3) PostgreSQL v8.4 CommitFest:May PGcon2008@Ottawa Date: 2008-05-01 From: Josh Berkus Folks, For hackers who don't understand security frameworks, I'm going to make a strong case for KaiGai's patch. Because of... PostgreSQL Development Commit Fest PGcon 2008@Ottawa Beta version Stable Release

SE-PostgreSQL PostgreSQL PostgreSQL v8.4 Operating System SELinux MAC SE-PostgreSQL X-Window

SE-PostgreSQL Home http://code.google.com/p/sepgsql/ SVNRPM The SE-PostgreSQL Security Guide (/ ) http://www.selinux.gr.jp/ml.html @IT SE-PostgreSQL http://www.atmarkit.co.jp/fsecurity/rensai/sepgsql01/sepgsql01.html

Any Question?

Thank you!