Several defense, public and government organizations use data with different classifications. Oracle Label Security helps you consolidate all of these data into a single database. This tool secures your data by restricting access based on the data’s classification as well as the application user’s security clearance. This helps you implement multi-level security for everything that resides in your Oracle Database Enterprise Edition, even including Oracle Exadata.
Oracle Label Security assigns a data classification or label to your application data using concepts from the United States Department of Defense Multi-Level Security. This allows your most confidential and sensitive information to be in the same database as other non-classified data.
How Oracle Label Security works is very simple. It checks the user’s security clearance and compares that to the data label to implement its control. These labels are included to an existing table using hidden columns so that existing applications can still access it without displaying the data label in the SQL statement.
There are three components for each label. One part is the hierarchical level, such as confidential, sensitive and public. Then there is the compartment and the group, both of which are optional.
Access and User Labels
The user labels contain these three components and when users access the database, Oracle Label Security would check the user label to determine whether the user would be able to access the data. For applications that do not have physical users, Oracle Label Security would rely on its inherent proxy capability to determine who the user is. For instance, Oracle Label Security would only allow access to data labeled as “Confidential:VIP:CEO“ to users that have access to confidential data, which is stored in the VIP compartment and belonging to the CEO group.
What’s more, Oracle Label Security is very flexible in that you could set it to work on read operations only, on write operations only or on both read and write operations.
Assignment of Data Labels and Management
The first step to assigning data labels is to define valid data labels and then storing in the Oracle data dictionary via Oracle Enterprise Manager. You can automatically assign data labels using a labeling function or you can insert using the “char_to_label” function or the numeric label tag.
It is very easy to manage your data labels, user labels and implementation options by using policy-based administration. Moreover, you can have several label security policies in a single database. All of these are managed through Oracle Enterprise Manager. You can also integrate Oracle Label Security with Oracle Identity Management. In short, you could easily use Oracle products to manage all your user labels, data labels and label security policies – entirely in one place.
If you want to learn more about Oracle Label Security, then you should call Four Cornerstone at 1 (817) 377 1144 and talk to a team of Oracle certified experts who could easily run you through how Oracle Label Security works and how you could use it to further strengthen your data security. You can also talk to Four Cornerstone for everything related to Oracle and MySQL!
Photo courtesy of Oracle.