Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #11 Secure Heterogeneous and Federated Data Management February 15, 2005

Outline l Background on heterogeneous and federated data management l Secure heterogeneous data management l Secure federated data management l Emerging technologies - Secure client-server computing - Security for system migration

Interoperability of Heterogeneous Database Systems Database System A Database System B Network Database System C (Legacy) Transparent access to heterogeneous databases - both users and application programs; Query, Transaction processing (Relational) (Object- Oriented)

Technical Issues on the Interoperability of Heterogeneous Database Systems l Heterogeneity with respect to data models, schema, query processing, query languages, transaction management, semantics, integrity, and security policies l Federated database management - Collection of cooperating, autonomous, and possibly heterogeneous component database systems, each belonging to one or more federations l Interoperability based on client-server architectures

Federated Database Management Database System A Database System B Database System C Cooperating database systems yet maintaining some degree of autonomy Federation F1 Federation F2

Schema Integration and Transformation in a Federated Environment Adapted from Sheth and Larson, ACM Computing Surveys, September 1990 Component Schema for Component A Component Schema for Component B Component Schema for Component C Generic Schema for Component A Generic Schema for Component B Generic Schema for Component C Export Schema for Component A Export Schema I for Component B Export Schema for Component C Federated Schema for FDS - 1 Federated Schema for FDS - 2 External Schema 1.2Schema 2.1 External Schema 2.2 External Schema 1.1 Export Schema II for Component B External

Client-Server Architecture: Example Network Client from Vendor A Client from Vendor B Server from Vendor C Server from Vendor D Database

Security Issues l Transforming secure data models l Secure architectures l Security impact on schema integration l Secure policy integration l Incomparable/Overlapping security levels

Transforming Secure Data Models EMP: Level = Secret SS#EnameSalary D# 1John20K10 2Paul30K20 3Mary40K20 l Class EMP is Secret l It has 3 instances: l John, Paul and Mary DEPT D#DnameMgr 10 Math Smith U 20PhysicsJones C Level l Class DEPT is Unclassified l It has 2 instances Math and Physics l Math is Unclassified l Physics is Confidential

Architecture: Heterogeneous data management

Architecture: Federated data management

Secure Schema Integration

Security Policy Integration

Federated Data and Policy Management Export Data/Policy Component Data/Policy for Agency A Data/Policy for Federation Export Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Export Data/Policy

Incomparable Security Levels

Overlapping Security Levels

Secure Query Processing

Secure Transaction Processing

Constraint Processing

Inference Control

Secure Client-Server Computing

Security for System Migration

Challenges l Integrating security policies - Does Usage control model unify all the policies? l Handling different query and transaction algorithms and examining the security impact l Inference Control l Federated data sharing vs security/privacy l Impact of the web