Skip site navigation (1) Skip section navigation (2)

Re: Updates of SE-PostgreSQL 8.4devel patches

From: Andrew Sullivan <ajs(at)commandprompt(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Date: 2008-09-26 21:32:25
Message-ID: 20080926213225.GV26537@commandprompt.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Dear colleagues,

I said earlier I'd ask around about some of the literature on security
controls vs. databse accessibility and side channels.  I did, and I
heard back.

One person told me that this conference often has things on this
topic:

http://www.ieee-security.org/TC/SP-Index.html

From my brief glimpse of the TOCs from the proceedings, as well as
some spelunking in the ACM guide, it seems to me that some people have
already worked out what ought to happen in many of these cases, and
all we need to do is write down what we think ought to happen for the
various use cases.  I note in particular that an awful lot of work
seems to be coming out of the health care sector in this area.  That
strikes me as at least as good a guide as national security concerns,
and anything that one might want to do probably ought to be able to
cope with at least those two caricatures of use cases.

I also found a 2007 doctoral thesis by Azhar Rauf, Colorado Technical
University, _A tradeoff analysis between data accessibility and
inference control for row, column, and cell level security in
relational databases_.  The title and abstract make me think it might
be worth looking at.

Hope this is helpful,

A

-- 
Andrew Sullivan
ajs(at)commandprompt(dot)com
+1 503 667 4564 x104
http://www.commandprompt.com/

In response to

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2008-09-26 22:11:14
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Previous:From: Joshua DrakeDate: 2008-09-26 21:21:34
Subject: Re: parallel pg_restore - WIP patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group