Download Chapter 6 - Database Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
Document related concepts

Entity–attribute–value model wikipedia , lookup

Microsoft Access wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Concurrency control wikipedia , lookup

Relational model wikipedia , lookup

Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Functional Database Model wikipedia , lookup

ContactPoint wikipedia , lookup

Clusterpoint wikipedia , lookup

Healthcare Cost and Utilization Project wikipedia , lookup

Database model wikipedia , lookup

Transcript 
Chapter 6 – Database Security
Integrity for databases: record
integrity, data correctness, update
integrity
 Security for databases: access
control, inference, and aggregation
 Multilevel secure databases:
partitioned, cryptographically sealed,
filtered

Introduction to Databases
Database – collection of data and set
of rules that organize the data by
specifying certain relationships
among the data
 Database administrator (DBA)
 Database management system
(DBMS) – database manager, frontend

Introduction to Databases
Records – contain related group of
data
 Fields (elements) – elementary data
items
 Schema – logical structure of
database
 Subschema – view into database

Introduction to Databases

Relational
• Rows (relation); columns (attributes)
• DB2, Oracle, Access

Hierarchical
• IMS

Object-oriented
Introduction to Databases

Queries
• SELECT NAME = ‘ADAMS’
• SELECT (ZIP = ‘43210’) ^ (NAME = ‘ADAMS’)

Project
• SHOW FIRST WHERE (ZIP = ‘43210’) ^ (NAME
= ‘ADAMS’)

Join
• SHOW NAME, AIRPORT WHERE
NAME.ZIP = AIRPORT.ZIP
Advantages of Using Databases
Shared access
 Minimal redundancy
 Data consistency
 Data integrity
 Controlled access

Security Requirements
Physical database integrity
 Logical database integrity
 Element integrity
 Auditability
 Access control
 User authentication
 Availability

Integrity of the Database
Users must be able to trust the
accuracy of the data values
 Updates are performed by authorized
individuals
 Integrity is the responsibility of the
DBMS, the OS, and the computing
system manager
 Must be able to reconstruct the
database at the point of a failure

Element Integrity
Correctness or accuracy of elements
 Field checks
 Access control
 Maintain a change log – list every
change made to the database

Auditability & Access Control
Desirable to generate an audit record
of all access to the database
(reads/writes)
 Pass-through problem – accessing
a record or element without
transferring the data received to the
user (no reads/writes)
 Databases separated logically by
user access privileges

Other Security Requirements
User Authentication
 Confidentiality
 Availability

Reliability and Integrity
Database integrity
 Element integrity
 Element accuracy


Some protection from OS
• File access
• Data integrity checks
Two-Phase Update
Failure of computing system in
middle of modifying data
 Intent Phase – gather resources
needed for update; write commit
flag to the database
 Update Phase – make permanent
changes

Redundancy / Internal Consistency

Error detection / Correction codes
(parity bits, Hamming codes, CRCs)

Shadow fields

Log of user accesses and changes
Concurrency/Consistency





Access by two users sharing the same
database must be constrained (lock)
Monitors –check entered values to ensure
consistency with rest of DB
Range Comparisons
State Constraints – describes condition of
database (unique employee #)
Transition Constraints – conditions before
changes are applied to DB
Sensitive Data
Data that should not be made public
 What if some but not all of the
elements of a DB are sensitive

• Inherently sensitive
• From a sensitive source
• Declared sensitive
• Part of a sensitive attribute or record
• Sensitive in relation to previously
disclosed information
Access Decisions
Need an access policy (programmed
into DBMS)
 Availability – blocking; permanent
blocking
 Acceptability of Access (sensitive
data)
 Assurance of Authenticity

Types of Disclosures

Exact Data

Bounds

Negative Results

Existence of Data

Probable Values
Security vs. Precision
Aim to protect all sensitive data
while revealing as much nonsensitive
data as possible
 Want to maintain perfect
confidentiality with maximum
precision

Inference
Way to infer / derive sensitive data
from nonsensitive data
 Direct Attack

• List NAME where SEX=M ^ DRUGS=1
• List NAME where (SEX=M ^ DRUGS=1)
v (SEX#M ^ SEX#F) v (DORM=AYRES)
Indirect Attack

Sum
• Show STUDENT-AID WHERE SEX=F ^
DORM=Grey

Count
• Show Count, STUDENT-AID WHERE SEX=M ^
DORM=Holmes
• List NAME where (SEX=M ^ DORM=Holmes)


Median
Tracker Attacks – using additional queries
that produce small results
Controls
Suppression – don’t provide
sensitive data
 Concealing – don’t provide actual
values (“close to”)
 Limited Response Suppression

• n-item k-percent rule eliminates low
frequency elements from being
displayed (may need to suppress
additional rows/columns)
Controls

Combined Results
• Sums
• Ranges
• Rounding
Random Sample
 Random Data Perturbation
 Query Analysis – “should the result
be provided”

Conclusion on the Inference
Problem

Suppress obviously sensitive
information

Track what the user knows

Disguise the data
Aggregation
Building sensitive results from less
sensitive inputs
 Data mining – process of sifting
through multiple databases and
correlating multiple data elements to
find useful information

Multilevel Databases

Differentiated Security
• Security of single element may be
different from security of other elements
• Two levels – sensitive and nonsensitive
are inadequate to represent some
security situations
• Security of an aggregate (sum, count,…)
may be different from security of the
individual elements

Granularity
Security Issues

Integrity
• *-property for access control
• Either process cleared at a high level cannot
write to a lower level or process must be a
“trusted process”

Confidentiality
• Different users at different levels may get
different query results
• Polyinstantiation – record can appear more
than once with different levels of
confidentiality
Proposals for Multilevel Security

Separation
• Partitioning – divide DB into separate
DBs with own level of sensitivity
• Encryption (time consuming)
• Integrity Lock – each data item contains
a sensitivity label and a checksum
Sensitivity label must be unforgeable,
unique, concealed
 Checksum must be unique
 Sensitivity lock

Design of Multilevel Secure
Databases
Integrity Lock – not efficient
(space/time)
 Trusted Front-end (Guard) – does
authentication and filtering
 Commutative Filters –

• screen user’s requests, reformats, so
that only appropriate data is returned
Design of Multilevel Secure
Databases

Distributed (federated) database
• Trusted front-end controls access to two
DBMSs – one for high-sensitivity data
and one for low-sensitivity data
• Very complex

Window/View
• Subset of a database containing exactly
the information that the user is entitled
to access
Related documents
Sensitive Data and Multilevel Database Issues with narration
Sensitive Data and Multilevel Database Issues with narration
Database Design for the Web
Database Design for the Web
database management system
database management system
Direct Marketing
Direct Marketing
Database Management Systems - University of Hawaii at Hilo
Database Management Systems - University of Hawaii at Hilo
Introduction to Databases & Integrity Issues with narration
Introduction to Databases & Integrity Issues with narration
Diapositive 1
Diapositive 1
Database Security
Database Security
Slide 1
Slide 1
Chapter 14
Chapter 14
Job Description – System Support Analyst Description The
Job Description – System Support Analyst Description The
Reasons to Rely on Databases Instead of the Open Internet
Reasons to Rely on Databases Instead of the Open Internet