ACL MODEL IN ORACLE AND COMMON SECURITY FRAMEWORK
Table of Contents ACL MODEL IN ORACLE AND COMMON SECURITY FRAMEWORK 1
1. Problem definition 1
2. Background 2
3. Objectives 2
4. Description of project 2
5. Identifying the Components of framework: LWUR (Lightweight users and roles), LWS (Light weight session), ACL (Access control list) 3
6. Forerunner of ACL model and XML format representation of ACL 4
7. ACE ordering/ First match semantics 7
8. Types of ACL 7
9. ACL inheritance 8
10. ACL optimization 9
11. ACL Validation 10
12. Useful Functions 10
13. Upcoming Research Areas: 10
14. Timeline 12
15. References 12
1. Problem definition
A common framework for access control across the database and application server tier is necessary to enforce simplicity in maintenance as well as consistency in security policies. The common framework is the core of next generation Oracle Enterprise Application. This project will survey the common access control model used by Oracle and application server tiers.
Different components of the security skeleton will be analyzed and ACL model (access control list) will have the focus as the key component in the structure. Also future research pointers relating this topic will be outlined as future hot spots. This paper will survey the topic “ACL model in Oracle and Common Security Framework”.
2. Background
In regular case, database systems use various access control mechanisms by assigning roles, creating views, enforcing granular level (row, column, table level) authorization. But sometimes these methods become heavyweight. So for ease of operations, applications create their own policies and apply them in application layer. This difference between the database layer and application tier creates serious problems because the same data has to be accessed by different applications. Also many tools demand direct access to database by SQL and keeping access check points at the application tier reduces the performance significantly. Due to all these issues a common security framework is proposed for use across Oracle database and application tier. LWUR (light weight users and roles), LWS (light weight sessions), ACL (access control list) are the components of this frame and ACL is considered the key deciding component for large scale enterprise application.
3. Objectives
The objective of this paper is to study the components of the security framework maintained in Oracle and do an in depth study of the ACL model. Potential research areas and recent measures taken by different organizations will also be highlighted.
4. Description of project
This project will be broken down into eight areas. At first, the security framework components will be identified. It will be followed by analyzing ACL model and identifying new arenas. Optimization mechanisms needed for large scale enterprise system will also be considered to check the scalability issue as this is of utmost importance for next generation Oracle Enterprise Application. These are the eight areas that this paper will concentrate:
Identifying the Components of framework
Forerunner of ACL model and XML format representation of ACL
1. Example of Simple ACL
2. ACL with Security Class
3. ACL with specific time period
4. Updating ACL
First Match semantics and ACE Ordering
Types of ACL
1. System ACL
2. Time Sensitive ACL
3. Static ACL
4. Dynamic ACL
ACL inheritance
1. Extends From
2. Constrained With
ACL Optimization
1. ACL Caching
2. Cost Based Query Rewrite Optimization
3. Predicate Reordering
ACL Validation and Useful Functions
Potential Upcoming Research Areas
5. Identifying the Components of framework: LWUR (Lightweight users and roles), LWS (Light weight session), ACL (Access control list)
The common security framework is composed of these three main parts. LWUR provides ways to create and manage large number of logical users and roles and helps to group the
