Re: Label Security and Fine-grained auditing

Rohit Khare wrote:
> I once discussed with you all regarding Oracle's FlashBack Query feature
> to recover a database to a certain point of time. That time you all
> suggested some indepth cons of this and how it is resource hungry.
>
> One more feature that I am not sure PostgreSQL has is, row-level,
> column-level security. Oracle call this Label-Security in which you
> define a policy for certain columns so that they are not visible to
> un-authorised users during SELECT queries. This is an important security
> enhancement. One other feature is called Fine-Grained Auditing. Ability
> to track user activities. I hope this is in PostgreSQL in one form or
> the other.
>
> I want to know your views on this.

Do you know the Security-Enhanced PostgreSQL project?

It provides fine grained mandatory access control on database objects,
integrated with the security policy of the operating system.
This feature includes row- and column-level access control as you said.

Linux Weekly News provides a good abstraction:
http://lwn.net/Articles/241464/

What is the definition of Fine-Grained Auditing?
SE-PostgreSQL also provides an audit enhancement in row- and column-level.
It can be controled AUDITALLOW of DONTAUDIT rules in the security policy.

See the following URL, to know more details.
There are several documents, SVN repository and RPM packages.
http://code.google.com/p/sepgsql/

Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>