Overview of Database Security

1
Overview of Database Security

• Introduction
• Security Problems
• Security Controls
• Designing Database Security

2
Outline

• Flow Control
• Inference Control
• Access Control
• To these controls, cryptographic techniques can
  be added

3
Flow Control

• Regulates the flow of information among
  accessible objects
• Checks that information contained in some objects
  does not flow explicitly or implicitly into less
  protected objects
• Policies require admissible flows to be listed or
  regulated

4
Inference Control

• Inference controls aim at protecting data from
  indirect detection. This occurs when a set of X
  of data items to be read by a user can be used to
  obtain the set Y of data as Yf(X), that is, by
  applying a function f to X.
• An inference channel is a channel where users can
  find an item X and then use X to derive Y as
  Yf(X).
• Statistical inference is a further aspect
  involving of deduction of statistical data via
  statistical functions.

5
Three Main Inference Channels

• Indirect Access
• Correlated Data
• Missing Data

6
Two Types of Control for Statistical Attacks

• Data perturbation
• Query control

7
Access Control

• Access controls are responsible for ensuring that
  all direct accesses to the database objects occur
  exclusively according to the modes and rules
  fixed by protection policies.

8
Two Components of an Access Control System

• A set of security policies and access rules
  information stored in the system, stating the
  access modes to be followed by subjects upon
  access request
• A set of control procedures (Security mechanisms)
  that check the queries against the stated rules
  queries may then be allowed, denied or modified,
  filtering out unauthorized data

9
Access Control System
Access Denied
Access Permitted
Control Procedures
Access Request
Request Modification
Security Policies
Access Rules