|5 April 1994|
Trusted Oracle7 provides all of the advanced cooperative server technology present in Oracle's base product Oracle7 (itself evaluated at Class C2), with the addition of multilevel security and labeled data management. All of the Oracle7 features are included in Trusted Oracle7 and enhanced where necessary for multilevel security. Trusted Oracle7 is certified by NIST as 100% compliant for ISO5057/ANSI SQL89 level 2 including the integrity enhancement feature. Trusted Oracle7 includes support for stored procedures, triggers, declarative integrity constraints, synonyms, asynchronous replication, and resource limits.
Trusted Oracle7 applies the mandatory access control (MAC) security policy of the underlying operating system to database activity and objects. Trusted Oracle7 uses sensitivity labels as the basis for mandatory access control. Trusted Oracle7 can be configured in either of two modes: DBMS MAC or OS MAC mode. DBMS MAC mode relies on the MAC label definitions and MAC policy provided by the underlying operating system. Trusted Oracle7 applies these labels to database rows and enforces the policy within the database. In OS MAC mode, only the underlying operating system enforces MAC security policies on single-level storage objects at the file level. Each database is single level; however, users can read information from lower level databases.
Trusted Oracle7 provides authentication via the identification and authentication mechanism of the underlying operating system. The label at which the user is operating and the clearance range of the user is obtained from the operating system.
Discretionary access control in Trusted Oracle7 is achieved through the use of privileges. The privileges come in two forms: object and system privileges. Object privileges control access to particular database objects. System privileges control use of SQL commands. In order to facilitate privilege administration, Trusted Oracle7 privileges can be grouped in roles. Roles are defined groups of privileges that can be granted to users and other roles. Trusted Oracle7 in DBMS MAC mode provides additional privileges that apply to MAC: readup, writeup, and writedown. These privileges can be granted to a user or a role.
Trusted Oracle7 controls object reuse by allocating storage objects for use as part of an Trusted Oracle7 tablespace only after all traces of remnant data are removed.
Trusted Oracle7 provides a highly configurable set of auditing capabilities. Trusted Oracle7 provides the ability to selectively audit very specific operations by narrowing the scope of the audit to only the desired information, thereby reducing the system resources needed for auditing. Application specific auditing can be implemented using Trusted Oracle7 triggers. In addition, all audit records include the MAC label of the process causing the audit record to be generated as well as the MAC label of the relevant object.
Trusted Oracle7 provides extensive data integrity features in addition to its security features. Trusted Oracle7 uses row-level locking and multi- version read consistency to provide high performance concurrency controls. Declarative integrity constraints and trigger procedures can be used to assure that the data maintained by Trusted Oracle7 is constrained by the business rules defined for the database.
Trusted Oracle7 was evaluated against the "DoD Trusted Computer System Evaluation Criteria", DoD 5200.28-STD, dated December, 1985 as interpreted by the "Trusted Database Interpretation of the Trusted Computer System Evaluation Criteria", dated April 1991 as a B1 class database management system.
The NSA evaluation team has determined that the highest class at which Trusted Oracle7 running on HP-UX BLS satisfies all specified requirements of the Criteria is class B1. For a complete description of how Trusted Oracle7 running on HP-UX BLS satisfies each requirement of the TCSEC and TDI, see the Final Evaluation Report, Oracle Corporation Oracle7 and Trusted Oracle7 (Report CSC-EPL-94/003).
Oracle Corporation has satisfied the requirements for participation in the Ratings Maintenance Program (RAMP) and it is anticipated that ports to additional platforms will be evaluated under RAMP.