CONTENTS

  Title Page

  Copyright Page

  Preface

  1      Security Overview

  1.1     Effect of VMS and CDD/Plus Security

  1.2     Security Schema Design
    1.2.1      Default Database Security
    1.2.2      Creating Security Schemas
    1.2.3      Incorporating Security Schemas in a Database

  1.3     Mapping Users to Security Schemas

  1.4     The User Execution List

  1.5     Securing Against Unwanted DBO Access

  1.6     The Command Authorization List

  1.7     Auditing Database Security

  2      Developing Security Schemas

  2.1     Use of Security Schemas

  2.2     Implementing Security Views

  2.3     Writing Security Schemas

  2.4     The Default Security Schema

  2.5     Writing a Baseline Security Schema

  2.6     Defining AREA Permission

  2.7     Defining RECORD Permission

  2.8     Defining SET Permission

  3      Activating Security Schemas

  3.1     Putting Security Schemas into a Database

  3.2     Assigning Security Schemas to Users
    3.2.1      Structure of the User Execution List
    3.2.2      Controlling the UEL
    3.2.3      User Participation in Distributed Transactions

  3.3     Listing UEL Entries

  3.4     Adding Entries to the UEL

  3.5     Deleting Entries from the UEL

  4      Securing DBO Commands

  4.1     Securable DBO Commands

  4.2     Structure of a Command Authorization List

  4.3     Controlling the CAL

  4.4     Listing CAL Entries

  4.5     Adding Entries to the CAL

  4.6     Deleting Entries from the CAL

  5      Security Auditing

  5.1     Overview of DEC DBMS Security Auditing
    5.1.1      Security Auditing Characteristics
    5.1.2      Generating Alarm Messages and Audit Records
    5.1.3      Monitoring Security Auditing Resources

  5.2     Security Event Types
    5.2.1      The AUDIT Event Type
    5.2.2      The DACCESS Event Type
    5.2.3      The PROTECTION Event Type
    5.2.4      The DBO Event Type

  5.3     Defining Security Events to Be Audited
    5.3.1      Setting Characteristics for Discretionary Access
    5.3.2      Enabling Event Types
    5.3.3      Starting and Stopping Security Auditing
    5.3.4      Listing Current Auditing Characteristics

  5.4     Reviewing Security Audit Information
    5.4.1      Alarm Messages Defined
      5.4.1.1      AUDIT Event Alarm Messages
      5.4.1.2      DACCESS Event Alarm Messages
      5.4.1.3      PROTECTION Event Alarm Messages
      5.4.1.4      DBO Event Alarm Messages
    5.4.2      Audit Records Defined
    5.4.3      Defining Normal Operations
    5.4.4      Reviewing Audit Records

  A   Sample Security Schemas

  A.1     Example of a Default Security Schema

  A.2     Example of a Working Security Schema

  B   Audit Record Formats

  B.1     Audit Header Packet

  B.2     Audit Data Packets

  C   Auditing Tutorial

  C.1     Setting Up Auditing Characteristics

  C.2     Listing Auditing Characteristics

  C.3     Analyzing Audit Records

  FIGURES

  1-1        Security Features

  1-2        Security Schema

  3-1        The User Execution List

  4-1        Command Authorization Lists

  B-1        Audit Header Packet Format

  B-2        Audit Data Packet Format

  TABLES

  B-1        DEC DBMS Audit Header Packet

  B-2        DEC DBMS Audit Data Packet Types