Chapter 6 - PowerPoint PPT Presentation

About This Presentation
Title:

Chapter 6

Description:

Chapter 6 Database Security Integrity for databases: record integrity, data correctness, update integrity Security for databases: access control, inference, and ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 31
Provided by: CSU155
Category:

less

Transcript and Presenter's Notes

Title: Chapter 6


1
Chapter 6 Database Security
  • Integrity for databases record integrity, data
    correctness, update integrity
  • Security for databases access control,
    inference, and aggregation
  • Multilevel secure databases partitioned,
    cryptographically sealed, filtered

2
Introduction to Databases
  • Database collection of data and set of rules
    that organize the data by specifying certain
    relationships among the data
  • Database administrator (DBA)
  • Database management system (DBMS) database
    manager, front-end

3
Introduction to Databases
  • Records contain related group of data
  • Fields (elements) elementary data items
  • Schema logical structure of database
  • Subschema view into database

4
Introduction to Databases
  • Relational
  • Rows (relation) columns (attributes)
  • DB2, Oracle, Access
  • Hierarchical
  • IMS
  • Object-oriented

5
Introduction to Databases
  • Queries
  • SELECT NAME ADAMS
  • SELECT (ZIP 43210) (NAME ADAMS)
  • Project
  • SHOW FIRST WHERE (ZIP 43210) (NAME
    ADAMS)
  • Join
  • SHOW NAME, AIRPORT WHERE
  • NAME.ZIP AIRPORT.ZIP

6
Advantages of Using Databases
  • Shared access
  • Minimal redundancy
  • Data consistency
  • Data integrity
  • Controlled access

7
Security Requirements
  • Physical database integrity
  • Logical database integrity
  • Element integrity
  • Auditability
  • Access control
  • User authentication
  • Availability

8
Integrity of the Database
  • Users must be able to trust the accuracy of the
    data values
  • Updates are performed by authorized individuals
  • Integrity is the responsibility of the DBMS, the
    OS, and the computing system manager
  • Must be able to reconstruct the database at the
    point of a failure

9
Element Integrity
  • Correctness or accuracy of elements
  • Field checks
  • Access control
  • Maintain a change log list every change made to
    the database

10
Auditability Access Control
  • Desirable to generate an audit record of all
    access to the database (reads/writes)
  • Pass-through problem accessing a record or
    element without transferring the data received to
    the user (no reads/writes)
  • Databases separated logically by user access
    privileges

11
Other Security Requirements
  • User Authentication
  • Confidentiality
  • Availability

12
Reliability and Integrity
  • Database integrity
  • Element integrity
  • Element accuracy
  • Some protection from OS
  • File access
  • Data integrity checks

13
Two-Phase Update
  • Failure of computing system in middle of
    modifying data
  • Intent Phase gather resources needed for
    update write commit flag to the database
  • Update Phase make permanent changes

14
Redundancy / Internal Consistency
  • Error detection / Correction codes (parity bits,
    Hamming codes, CRCs)
  • Shadow fields
  • Log of user accesses and changes

15
Concurrency/Consistency
  • Access by two users sharing the same database
    must be constrained (lock)
  • Monitors check entered values to ensure
    consistency with rest of DB
  • Range Comparisons
  • State Constraints describes condition of
    database (unique employee )
  • Transition Constraints conditions before
    changes are applied to DB

16
Sensitive Data
  • Data that should not be made public
  • What if some but not all of the elements of a DB
    are sensitive
  • Inherently sensitive
  • From a sensitive source
  • Declared sensitive
  • Part of a sensitive attribute or record
  • Sensitive in relation to previously disclosed
    information

17
Access Decisions
  • Need an access policy (programmed into DBMS)
  • Availability blocking permanent blocking
  • Acceptability of Access (sensitive data)
  • Assurance of Authenticity

18
Types of Disclosures
  • Exact Data
  • Bounds
  • Negative Results
  • Existence of Data
  • Probable Values

19
Security vs. Precision
  • Aim to protect all sensitive data while revealing
    as much nonsensitive data as possible
  • Want to maintain perfect confidentiality with
    maximum precision

20
Inference
  • Way to infer / derive sensitive data from
    nonsensitive data
  • Direct Attack
  • List NAME where SEXM DRUGS1
  • List NAME where (SEXM DRUGS1) v (SEXM
    SEXF) v (DORMAYRES)

21
Indirect Attack
  • Sum
  • Show STUDENT-AID WHERE SEXF DORMGrey
  • Count
  • Show Count, STUDENT-AID WHERE SEXM DORMHolmes
  • List NAME where (SEXM DORMHolmes)
  • Median
  • Tracker Attacks using additional queries that
    produce small results

22
Controls
  • Suppression dont provide sensitive data
  • Concealing dont provide actual values (close
    to)
  • Limited Response Suppression
  • n-item k-percent rule eliminates low frequency
    elements from being displayed (may need to
    suppress additional rows/columns)

23
Controls
  • Combined Results
  • Sums
  • Ranges
  • Rounding
  • Random Sample
  • Random Data Perturbation
  • Query Analysis should the result be provided

24
Conclusion on the Inference Problem
  • Suppress obviously sensitive information
  • Track what the user knows
  • Disguise the data

25
Aggregation
  • Building sensitive results from less sensitive
    inputs
  • Data mining process of sifting through multiple
    databases and correlating multiple data elements
    to find useful information

26
Multilevel Databases
  • Differentiated Security
  • Security of single element may be different from
    security of other elements
  • Two levels sensitive and nonsensitive are
    inadequate to represent some security situations
  • Security of an aggregate (sum, count,) may be
    different from security of the individual
    elements
  • Granularity

27
Security Issues
  • Integrity
  • -property for access control
  • Either process cleared at a high level cannot
    write to a lower level or process must be a
    trusted process
  • Confidentiality
  • Different users at different levels may get
    different query results
  • Polyinstantiation record can appear more than
    once with different levels of confidentiality

28
Proposals for Multilevel Security
  • Separation
  • Partitioning divide DB into separate DBs with
    own level of sensitivity
  • Encryption (time consuming)
  • Integrity Lock each data item contains a
    sensitivity label and a checksum
  • Sensitivity label must be unforgeable, unique,
    concealed
  • Checksum must be unique
  • Sensitivity lock

29
Design of Multilevel Secure Databases
  • Integrity Lock not efficient (space/time)
  • Trusted Front-end (Guard) does authentication
    and filtering
  • Commutative Filters
  • screen users requests, reformats, so that only
    appropriate data is returned

30
Design of Multilevel Secure Databases
  • Distributed (federated) database
  • Trusted front-end controls access to two DBMSs
    one for high-sensitivity data and one for
    low-sensitivity data
  • Very complex
  • Window/View
  • Subset of a database containing exactly the
    information that the user is entitled to access
Write a Comment
User Comments (0)
About PowerShow.com