Veil2 0.9 (beta) Documentation


1. Introduction
2. What Is A Relational Security System?
3. How Is Relational Security Different?
3.1. The Traditional Approach
3.2. The Relational Security Approach
3.3. Where Are Access Controls Implemented In A Relational Security System?
3.4. How Is Access Restricted In A Relational Security System?
3.5. Ease of Reasoning
3.6. Comprehensiveness
4. Why Use Veil2
5. Veil2 Concepts
5.1. Privileges
5.2. Scopes
5.3. Roles
5.4. Role Assignments
5.5. Security Contexts
5.6. Privilege Promotion
5.7. Authentication Contexts
6. What is Veil2 And What Does It Provide?
6.1. How Does It Work?
6.2. Refactoring Your Systems To Use Veil2
7. How Difficult Is This?
7.1. Frequently Imagined Criticisms (FIC)
8. Getting Started With Veil2
8.1. Installing Veil2
8.2. Installing The Demo
9. Exploring The Veil2 Demo
9.1. The Security Contexts
9.2. The Organizational Hierarchy
9.3. Exploring It
10. Setting Up A Veil2 Virtual Private Database - Overview
11. Identify and Define Your Scope Types
11.1. In Summary
12. Setting Up Authentication and Session Management
12.1. Authentication
12.2. Associate Your Users With Their Authentication Contexts
12.3. Define Your get_accessor() Function
12.4. Session Management
12.5. In Summary
13. Create Initial Privileges
13.1. In Summary
14. Integrate And/Or Create Roles
14.1. Integrating Existing Roles
14.2. Create New Roles
14.3. In Summary
15. Link Your Users To Veil2's Accessors
15.1. Create Foreign-Key Links to Your Users
15.2. Create Insert Trigger
15.3. Copy Existing User Records
15.4. Copy Existing Authentication Details
15.5. Ensure Authentication Changes Are Propagated
15.6. In Summary
16. Link Your Scopes and Security Contexts
16.1. Create Foreign Key Links
16.2. Create Insertion Triggers
16.3. Link Existing Records
16.4. In Summary
17. Create Scope Promotions
17.1. Creating The View
17.2. In Summary
18. Secure Your Tables
18.1. Doing It
18.2. The Veil2 tables
18.3. In Summary
19. Secure Your Views
19.1. Doing It
19.2. In Summary
20. Assign Initial Roles
20.1. Roles
21. Setup Housekeeping Tasks
22. Contact Links
22.1. Reporting Bugs
22.2. Contributing
22.3. IRC
22.4. Email
22.5. Availability
23. Tips and Guidelines
23.1. Write Queries That Work Without Veil2
23.2. Consider Reporting Blocked Accesses
23.3. Consider Testing With and Without Security
23.4. Denormalize Around Your Scopes
23.5. Use Secured Views To Implement Complex Queries
A. Veil2 ERD and Database Objects
A.1. Veil2 Tables
A.2. Veil2 Views
A.3. Veil2 Functions and Triggers
B. Veil2 Authentication Protocols
B.1. Shared Session Authentication
B.2. Dedicated Database Sessions
C. Veil2 Changes History

1. Introduction

Veil2 is a Postgres add-on for implementing relational security systems.

A relational security system Is one in which access to data is determined, at least partly, by a user’s relationships to that data. Many access controls may therefore be implicit rather than explicit.

The primary aims of a relational security system are to make the management of access to data a seamless, and necessary, component of your application, and to make its implementation as simple as possible and as sophisticated as needed.

Veil2 is designed to make the implementation of relational security systems as easy as possible. It provides an extensible framework of permissions, permission checks, and user authentication so that you can start building a secure database in a matter of hours.

With Veil2 we secure the database itself and not just applications that use it. This means that even if your application server is compromised, an attacker's ability to access data will be limited to the data for which they can steal access credentials. This gives them little more access than the application itself would give them.

The security of database applications is more usually managed by building the access control rules into application servers, and typically these access control rules offer a fairly coarse level of granularity. This is often because reasoning about access controls at the level of functionality is difficult. With relational security modelling, it can be much easier to reason about what sort of user needs what sort of access, and using Veil2 the implementation of access control rules becomes trivial.