Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Microsoft SQL Server wikipedia , lookup
Relational algebra wikipedia , lookup
Entity–attribute–value model wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Concurrency control wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
ContactPoint wikipedia , lookup
Clusterpoint wikipedia , lookup
Database Security Reading assignments Required: Pfleeger: Chapter 7 Recommended: Multilevel Secure Relational Data Model (S. Jajodia, R. S. Sandhu. Toward a Multilevel Secure Relational Data Model. Proc. 1991 ACM Int'l. Conf. on Management of Data (SIGMOD), 50-59. http://www.list.gmu.edu/articles/infosec_collection/20.pdf ) Polyinstantiation (Sushil Jajodia, Ravi S. Sandhu, and Barbara T. Blaustein, Solutions to the Polyinstantiation Problem,http://www.acsac.org/secshelf/book001/21.pdf) CSCE 522 - Farkas 2 Database Management System (DBMS) Collection of interrelated data and set of programs to access the data Convenient and efficient processing of data Database Application Software CSCE 522 - Farkas 3 Data Models A collection of tools for describing Data Relationships among data Semantics of stored data Database constraints CSCE 522 - Farkas items 4 Relational Data Model Works Personname Smith Companyname BB&C Salary Dell Bell $97,900 Black BB&C $35,652 CSCE 522 - Farkas $43,982 5 Relational Data Model Set of relation names: R Set of attribute names: A Relation schema: S=(r,{a1, …,an}) r relation name in R {a1, …,an} subset of A e.g., (Works,{person-name,companyname,salary}) CSCE 522 - Farkas 6 Tuple (Record) Tuple over a relation scheme S is a mapping t: {a1, …,an} dom(a1 … an) e.g., t(person-name)=Smith t(company-name)=BB&C t(salary)= $43,982 CSCE 522 - Farkas 7 Relation Relation over schema S is a set of tuples over the scheme e.g., t(person-name)=Smith, t(companyname)=BB&C, t(salary)=$43,982 t’(person-name)=Dell, t’(company-name)=Bell, t’(salary)= $97,900 t”(person-name)=Black, t”(companyname)=BB&C, t”(salary)= $35,652 CSCE 522 - Farkas 8 Database Database: set of relations e.g., EMPLOYEE database: Lives(person-name,street,city) Works(person-name,company-name,salary) Located-in(company-name,city) Manages(person-name,manager-name) CSCE 522 - Farkas 9 Query Languages Relational Algebra Set operations SQL Bag operations CSCE 522 - Farkas 10 Structured Query Language SQL Typical SQL query form: SELECT A1, A2, ..., An FROM r1, r2, ..., rm WHERE C Ais represent attributes to be returned ris represent relations C is a condition CSCE 522 - Farkas 11 Constraints Relationship among data elements DBMS should enforce the constraints Types Keys Foreign-key (referential integrity) Value-based constraints Integrity constraints Database dependencies (e.g., functional dependencies) CSCE 522 - Farkas 12 Database Security Requirements Physical database integrity Logical database integrity Element integrity Auditability Access control User authentication Availability CSCE 522 - Farkas 13 Sensitive data Inherently sensitive From a sensitive source Declared sensitive Part of a sensitive attribute or record In relation to previously disclosed information CSCE 522 - Farkas 14 Types of disclosures Exact data Range of data Negative results Existence Probable values CSCE 522 - Farkas 15 Access control Operating system Database Management System Granularity! CSCE 522 - Farkas 16 Granularity Database Relation Record Attribute Element Advantages vs. disadvantages of supporting different granularity levels CSCE 522 - Farkas 17 Relation-Level Granularity (Works)= Secret Personname Smith Companyname BB&C Salary Dell Bell $97,900 Black BB&C $35,652 CSCE 522 - Farkas $43,982 18 Tuple-level Granularity Works Personname Smith Companyname BB&C Salary $43,982 P Dell Bell $97,900 S Black BB&C $35,652 P CSCE 522 - Farkas 19 Attribute-Level Granularity Works PersonCompanySalary name =P name =P Smith BB&C $43,982 Dell Bell $97,900 Black BB&C $35,652 CSCE 522 - Farkas =S 20 Cell-Level Granularity Works Personname Smith Salary P Companyname BB&C P $43,982 S Dell S Bell $97,900 S Black P BB&C S $35,652 S CSCE 522 - Farkas S 21 Access Control Mechanisms Security through Views Stored Procedures Grant and Revoke Query modification CSCE 522 - Farkas 22 Security Through Views Assign rights to access predefined views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Problem: Difficult to maintain updates. CSCE 522 - Farkas 23 Security Through Views Student relation NAME White COURSE CSCE 122 GRADE C+ SEMESTER Fall 2000 Black Brown Green Blue CSCE 313 CSCE 580 CSCE 850 CSCE 122 A A B+ B Fall 2000 Spring 2000 Fall 2000 Fall 2000 CSCE 522 - Farkas 24 Security Through Views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Outstanding-Student NAME Black Brown COURSE CSCE 313 CSCE 580 GRADE A A Green CSCE 850 B+ CSCE 522 - Farkas 25 Security Through Views CREATE VIEW Fall-Student AS SELECT NAME, COURSE FROM Student WHERE SEMESTER=“Fall 2000” Fall-Student NAME COURSE White CSCE 122 Black CSCE 313 Green Blue CSCE 850 CSCE 122 CSCE 522 - Farkas 26 Stored Procedures Assign rights to execute compiled programs GRANT RUN ON <program> TO <user> Problem: Programs may access resources for which the user who runs the program does not have permission. CSCE 522 - Farkas 27 Grant and Revoke GRANT <privilege> ON <relation> To <user> [WITH GRANT OPTION] ------------------------------------------------------------------------------------------------------------------------------------ GRANT SELECT * ON Student TO Matthews GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS GRANT SELECT(NAME) ON Student TO Brown GRANT command applies to base relations as well as views CSCE 522 - Farkas 28 Grant and Revoke REVOKE <privileges> [ON <relation>] FROM <user> ------------------------------------------------------------------------------------------------------------------------- REVOKE SELECT* ON Student FROM Blue REVOKE UPDATE ON Student FROM Black REVOKE SELECT(NAME) ON Student FROM Brown CSCE 522 - Farkas 29 Non-cascading Revoke B E A D C F A revokes D’s privileges E B A F C Lecture 17 CSCE 522 - Farkas 30 Cascading Revoke B E A D C F A revokes D’s privileges B A C Lecture 17 CSCE 522 - Farkas 31 Positive and Negative Authorization - B E + + A C Lecture 17 D Problem: Contradictory authorizations • GRANT <privilege> ON X TO <user> • DENY <privilege> ON X TO <user> CSCE 522 - Farkas 32 Negative Authorization - B - + + A C Lecture 17 E D Positive authorization granted By A to D becomes blocked but NOT deleted. CSCE 522 - Farkas 33 Negative Authorization - B E - + + A D + F C What should happen with the privilege given by D To F? (Blocked but not deleted) Lecture 17 CSCE 522 - Farkas 34 Query Modification GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” Blue’s query: SELECT * FROM Student Modified query: SELECT NAME FROM Student WHERE COURSE=“CSCE 580” CSCE 522 - Farkas 35 Next Class: Inference Problem Lecture 17 CSCE 522 - Farkas 36