ComputerScienceExpert
$18/per page/
q
Database Security
Â
General instructions: Consider that the set of attached SQL commands have already been run as a set up to this exam. You do not have to run them and should not run them (they are very complex to run). Your exam answers should be based on your understanding of the effect of those commands. The relevant material is in the database link session and the OLS sessions.
Â
Â
1. Critique Oracle Label Security (OLS) based upon your understanding of the Bell and LaPadula (BLP) Model (you may want to consider: 1) does OLS implement BLP fatefully (does it implement all the feature of BLP); 2) what if anything does OLS have the BLP does not; 3) are there any features of BLP and OLS partially implement (but not fully). (30 points). Answer to be limited eight pages double-spaced, 1 inch margins, Arial or Times New Roman 12 pt.
Â
Â
2. Congratulations! You have just been appointed to the newly created position of chief Database Security Architect for the Department of Homeland Security. You were selected at the recommendation of Professor Martin because of your knowledge of how to secure Database Systems. The Chief Information Security Officer has requested that you provide a four-page memo, suitable for presenting to the senior executives at DHS, that outlines your proposal to secure critical data.  (30 points) limit eight pages, double spaced, 1-inch margins, Arial or Times New Roman 12 pt.
Â
Â
Â
3. Show the answers/results from the following SQL commands (24 points).
Assume that the role faculty was created and granted to Martin & Seaver and that Martin & Seaver users were created and granted create session.
Â
Execute MICHAEL.UPDATE_HOURS(4); (by User Seaver)
Execute MICHAEL.UPDATE_SALARY(50000); (by User Seaver)
Execute MICHAEL.UPDATE_SALARY(70000); (by User Michael)
Â
ScenarioSQL> connect MLM/m@oemrepConnected.SQL> select * from emp_salary;EMPNOHOURS_ENTERED NAMESALARY-------------------------------------------9808MARTIN10000054307SEAVER9000019688MICHAEL80000SQL> select username from user_users;USERNAME------------------------------MLMconnect Michael/mmmmmm0# @mlmtest;Connected.SQL> CREATE DATABASE LINK OUR_SALARY CONNECT TO MLM IDENTIFIED BY M2USING '(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=martin)(PORT=1521)))3(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=OEMREP)))';Database link created.SQL> create synonym salary for mlm.emp_salary@our_salary;Synonym created.SQL>SQL> select * from salary;EMPNOHOURS_ENTERED NAMESALARY----------------------------------------9808MARTIN10000054307SEAVER9000019688MICHAEL80000SQL> CREATE VIEW E_SALARY AS SELECT * FROM SALARY WHERE USER = NAME;View created.SQL> GRANT SELECT ON E_SALARY TO FACULTY;Grant succeeded.1
Attachments: