Differences

This shows you the differences between two versions of the page.

dev:security [2007/03/07 04:54]
chamindra
dev:security [2009/07/06 20:36] (current)
Line 1: Line 1:
-====== Data Security and Privacy Design ======+===== Data Security and Privacy Design =====
-__For implementation in version 0.6__+===== Introduction =====
-In Sahana, we have decided to stick to KISS principles on security design as over complicated security frameworks also can yield numerous flaws due to the human factors. Thus the understandability of the security mechanism is also key to maintaining security.+In Sahana, we have decided to stick to KISS principles on security design as over complicated security frameworks also can yield numerous flaws due to the human error. Thus the understandability of the security mechanism is also key to maintaining security.
With regard to this we have come up with the following: With regard to this we have come up with the following:
- 
- 
- 
===== Authorization and Data Sensitivity ===== ===== Authorization and Data Sensitivity =====
Line 19: Line 16:
  * **National Security Sensitive** - Data that if in the wrong hands can be a threat to National Security   * **National Security Sensitive** - Data that if in the wrong hands can be a threat to National Security
  * **Socially Sensitive** - Data that is sensitive to the society affected in the disaster   * **Socially Sensitive** - Data that is sensitive to the society affected in the disaster
 +  * **Disaster Mitigation Sensitive** - Information that might cause problems in mitigation disasters especially when released to the public
  * **System Sensitive** - Data that can be used to crack or break into the system   * **System Sensitive** - Data that can be used to crack or break into the system
  * **Not Sensitive** - Data not known to be sensitive   * **Not Sensitive** - Data not known to be sensitive
Line 44: Line 42:
| Unclassified | MainOps, OrgHead, Trusted | | Unclassified | MainOps, OrgHead, Trusted |
 +
 +
 +===== Implementation =====
 +
 +__Implemented in version 0.6__
 +
 +Minimal requirement to implement ACL in a new module is to include a proper [[secpolicyxml|sec_policy.xml]].
 +If it also requires new tables, data classification levels or roles, then they need to add them to "mysql-config.sql". e.g.:
 +
 +  INSERT INTO sys_data_classifications VALUES ( 4, 'National Security Sensitive');
 +  INSERT INTO sys_user_groups VALUES ( 2, 'Registered User');
 +
 +The necessary headers (lib_acl.inc, lib_auth.inc) are already included via the front controller, so don't need including again.
 +
 +These functions used to check ACL should be left to the framework & not used directly by modules:
 +  shn_acl_get_state()
 +  shn_acl_check_perms_action()
 +
 +  * [[stream_security|Stream Security]]
 +  * [[http://www.cs.trincoll.edu/~gcapalbo/sahana_vm_acl/|VM ACL (proposed)]] which includes a useful description of the main Sahana ACL
 +
 +===== NGO Security References =====
 +
 +  * [[http://www.uia.org/surveys/ngohaz/ngosecbi.htm | Security of NGO]]
 +  * [[http://ngosecurity.googlepages.com/|The NGO security Page]]
 +  * [[http://ngosecurity.googlepages.com/safety%26securitymanuals|NGO Security Manuals]]
 +
 +===== Old, Deprecated Approach =====
 +Old, deprecated approach is based on PHPGACL:
 +  * [[authorization | Authorization]]
 +  * [[acldesign | ACL Design]]
 +  * [[acl | ACL Example]]
 +
 +
 +===== New action wise security draft =====
 +  * [[new_acl | New Architecture]]

Navigation
  • Navigate