Building protected databases using mandatory access control in PostgreSQL
Role-based access control (RBAC) is one of the main mechanisms used for access control in many DBMS, including PostgreSQL. This model is a sub-type of traditional discretionary access control with its restrictions. In addition to DAC, many operating systems also use mandatory access control (MAC) based on security labels. This additional security mechanism is obligatory for protecting information that demands higher levels of security. Naturally, we would like to use MAC within DBMS when working in OS with mandatory access control switched on.
In this talk, we'll give an overview of existing MAC implementations in DBMS, as well as share our approach to using security mechanisms provided by SELinux, the sepgsql extension for PostgreSQL, and the standard mechanism of row-level security (RLS), which has been available in PostgreSQL starting from version 9.5.
In our presentation, we will use the "Airlines" demo database provided by the Postgres Professional company to show how to protect sensitive information and personal data, compare different ways of storing security labels, and assess performance of our solution.
Слайды
Видео
Другие доклады
-
45 мин
Oleg Bartunov Postgres ProfessionalEverything about full text seach
PostgreSQL built-in full text search gives unique possibilities inaccessible for external search engines, such as virtual or generated document search and search with access restrictions. I will talk about these and other features, full text search configuration, indexes, and highlight the latest advances and future expectations
-
45 мин
Andrei Salnikov Data EgretTracking poor queries
Tracking poor queries is an infinity quest for developers, who works with databases. Often we think that it is guilty the slow and big queries. But what to do if we do not have that kind of queries between backend and database? Which kind of queries should we looking for? What tools should be used for that work? This talk will cover all these questions.
-
180 мин
Christopher Travers DeliveryHero SEExtending PostgreSQL in C: A Tutorial
PostgreSQL is one of the most readily extensible databases in the world. Custom data types, aggregations, functions, and more can be easily and safely written in C.
This hands-on tutorial covers the basics of writing functions, data types, and aggregates in C. It is recommended (though not strictly required) that bring their own laptops and be prepared to actually try the exercises.
Topics covered include: 1. The PostgreSQL type system 2. Creating a simple custom type in C 3. Common errors for non-C programmers 4. Creating a simple aggregate in C
There will be many opportunities for questions and discussion through the tutorial.
-
45 мин
Тарас Чикин ЦифромедTo Eat "the Elephant" in chunks: how we made friends with MSSQL, Postgres, wrote our replication, and transferred to Postgres one of the largest MISes in Russia.
It is our experience of the medical information system "RT MIS" transfer from MSSQL to PostgreSQL . When the necessity of transfer to PostgreSQL in our "RT MIS", one of the largest medical information systems, became imminent, we felt really terrified having assessed its amount: there was a huge number of stored procedures, functions, SQL-queries in its application code and services. It all requested transcribing, was exacerbated by demands on the system accessibility. So the variant "we awoke in the morning and PostgreSQL was working everywhere" was definitely impossible. That is why we chose another way: began eating "the elephant (PostgreSQL)" in chunks.
In my report, I am going to share our practical experience of the transfer, the instruments we used, the reason for another replication, the problems we met and their solutions. And finally, what turned out to be better: PostgreSQL or MSSQL.