Overview of Database Security - PowerPoint PPT Presentation

About This Presentation
Title:

Overview of Database Security

Description:

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security Outline Flow Control Inference Control Access Control To ... – PowerPoint PPT presentation

Number of Views:227
Avg rating:3.0/5.0
Slides: 10
Provided by: Morri155
Learn more at: http://sce.uhcl.edu
Category:

less

Transcript and Presenter's Notes

Title: Overview of Database Security


1
Overview of Database Security
  • Introduction
  • Security Problems
  • Security Controls
  • Designing Database Security

2
Outline
  • Flow Control
  • Inference Control
  • Access Control
  • To these controls, cryptographic techniques can
    be added

3
Flow Control
  • Regulates the flow of information among
    accessible objects
  • Checks that information contained in some objects
    does not flow explicitly or implicitly into less
    protected objects
  • Policies require admissible flows to be listed or
    regulated

4
Inference Control
  • Inference controls aim at protecting data from
    indirect detection. This occurs when a set of X
    of data items to be read by a user can be used to
    obtain the set Y of data as Yf(X), that is, by
    applying a function f to X.
  • An inference channel is a channel where users can
    find an item X and then use X to derive Y as
    Yf(X).
  • Statistical inference is a further aspect
    involving of deduction of statistical data via
    statistical functions.

5
Three Main Inference Channels
  • Indirect Access
  • Correlated Data
  • Missing Data

6
Two Types of Control for Statistical Attacks
  • Data perturbation
  • Query control

7
Access Control
  • Access controls are responsible for ensuring that
    all direct accesses to the database objects occur
    exclusively according to the modes and rules
    fixed by protection policies.

8
Two Components of an Access Control System
  • A set of security policies and access rules
    information stored in the system, stating the
    access modes to be followed by subjects upon
    access request
  • A set of control procedures (Security mechanisms)
    that check the queries against the stated rules
    queries may then be allowed, denied or modified,
    filtering out unauthorized data

9
Access Control System
Access Denied
Access Permitted
Control Procedures
Access Request
Request Modification
Security Policies
Access Rules
Write a Comment
User Comments (0)
About PowerShow.com