Secure data management with SE-PostgreSQL

Andreas Cederholm & Mattias Lindström

Abstract

SE-PostgerSQL is an extension to the database management system PostgreSQL which used together with SELinux adds mandatory access control to databases. Unlike the regular access control in PostgreSQL, it is possible to apply the mandatory access control to low level objects like rows and columns.

This essay begins with describing how the systems SELinux, PostgreSQL and SE-PostgreSQL works together. The essay then proceeds with presenting a number of tests performed to determine how one can use Multi-Category Security in a database and whether the access control on rows and columns gives a satisfactory result.