Your company decides to sell toys online and ships globally. An in-house team is responsible for developing the online shopping website. The management requires that the front line warehouse staff shall not have access to the product price of customer’s purchase orders. As a developer, which of the following is the most efficient technical control to address this requirement?
B. Restricted database views
C. Constrained interface
D. Access control policy
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Constrained interface.
Layered or tiered architecture is one of the most prevalent architecture nowadays. Modifying the elements at the lower level of the architectures has a more widespread impact on upper levels and needs more communication, evaluation, and implementation efforts.
Both restricted database views at the data access layer and constrained interface at the presentation layer can meet the requirements of the management, but the constrained interface is more efficient.
- Restricted database views may affect more elements across the architecture than the constrained interface.
- The constrained interface is controlled solely by the developer in charge of the software component in interest. The constrained interface affects fewer presentational components and won’t affect components at other levels.
- According to the principle of separation of duty, Creating new views or modifies views is conducted by the DBO or DB administrator. It takes more time to communicate, evaluating, and implement.
- Restricted database views require code changes in user interface and presentation layer, while the constrained interface can be implemented alone without modification to the database.
Polyinstantiation supported by RDBMS is implemented multilevel mandatory access control only. RDBMSs supporting polyinstantiation are typically customized edition and implemented by military-based or government systems. They are uncommon in commercial systems.
The question is asking for the most efficient technical control. The access control policy is administrative control. It can be ruled out in the first place.
MAC Security Issues
Inference: Derivation of new information from known information. The inference problem refers to the fact that the derived information may be classified at a level for which the user is not cleared. The inference problem is that of users deducing unauthorized information from the legitimate information they acquire.
Aggregation: The result of assembling or combining distinct units of data when handling sensitive information. Aggregation of data at one sensitivity level may result in the total data being designated at a higher sensitivity level.
Polyinstantiation: Polyinstantiation allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels.
Referential integrity: A database has referential integrity if all foreign keys reference existing primary keys.
Entity integrity: A tuple in a relation cannot have a null value for any of the primary key attributes.
Granularity: The degree to which access to objects can be restricted. Granularity can be applied to both the actions allowable on objects, as well as to the users allowed to perform those actions on the object.
Source: NIST SP 800-8 (obsoleted)