SQL Server 2005 Tool for Row and Cell Level Security

Mon, 13 Mar 2006 21:09:02 GMT

I often get asked about best practices for restricting data access at the Row and Cell level in SQL Server. Most often my answer is “I’m just a Developer Evangelist!” As of today, I have a new answer.

The Federal practice for Microsoft Consulting Services released a toolkit for implementing Row and Cell-level security in SQL Server 2005. The toolkit includes best practices, design guidance and a tool for implementing a framework based on what type of labeling scheme you want to use.

From the Federal Developer Weblog:

The toolkit comes from our Federal MCS practice. The centerpiece is a tool which allows you to logically define the security labeling scheme you wish to be used in your app's database. Based on this, at the click of a button the tool generates an implementation of the supporting framework described in the whitepaper. All you need to do is create a simple view over the table(s) you wish to protect. Support for insert/update/delete is added by writing simple instead-of triggers to capture these operations. The toolkit documentation includes extensive design guidance and examples of implementing different scenarios. Several working code samples are included as well.

Microsoft Threat Analysis & Modeling Tool

Mon, 13 Mar 2006 06:45:25 GMT

We held a great workshop in Columbus this past week on Security Development Lifecycle - IT. It went through Microsoft's methodology for writing secure code and preventing issues early on in the development lifecycle.

The ACE team also showed their Threat Analysis & Modeling tool which is now in its second version. It was very impressive and looks to be useful for not only building secure software but better understanding your application through out the development lifecycle.

I only wish it integrated with Visual Studio Team System a little more. I talked with Anil from the ACE team a bit about ideas to integrate and he shared that they are working with the VSTS team for a future more integrated version.

It looks like the tool is ready for customers, but I still don't see the link. In the meantime, you can check out a video over at the Threat Modeling blog.

Drewby: Security

SQL Server 2005 Tool for Row and Cell Level Security

Microsoft Threat Analysis & Modeling Tool