Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention Qussai Yaseen and Brajendra Panda 1PASSAT 2010.

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Lecture 1: Overview modified from slides of Lawrie Brown.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Security and Integrity
Database Management System
 Introduction  Fundamentals  Capability Security  Challenges in Secure Capability Systems  Revoking Capabilities  Conclusion.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Assessing the Effect of Deceptive Data in the Web of Trust Yi Hu, Brajendra Panda, and Yanjun Zuo Computer Science and Computer Engineering Department.
Present by Napasakorn Sukjay Poom Samaharn
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
Database Systems Marcus Kaiser School of Computing Science Newcastle University.
What does “secure” mean? Protecting Valuables
1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
A Security-Aware Routing Protocol for Wireless Ad Hoc Networks
Information Security Databases and (Inter)Networks Prof. dr. P.M.E. De Bra Department of Computing Science Eindhoven University of Technology.
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
Privacy Preservation of Aggregates in Hidden Databases: Why and How? Arjun Dasgupta, Nan Zhang, Gautam Das, Surajit Chaudhuri Presented by PENG Yu.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Chap1: Is there a Security Problem in Computing?.
Security Vulnerabilities in A Virtual Environment
Academic Year 2014 Spring Academic Year 2014 Spring.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Chapter 9 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Refined Online Citation Matching and Adaptive Canonical Metadata Construction CSE 598B Course Project Report Huajing Li.
Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Database Security Advanced Database Dr. AlaaEddin Almabhouh.
INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.
Computer Security Introduction
Database and Cloud Security
Database System Implementation CSE 507
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Insiders are Today’s Biggest Security Threat
Outline Types of Databases and Database Applications Basic Definitions
Database Security and Authorization
Providing Access to Your Data: Handling sensitive data
Security.
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Introduction to Networking
Understand Core Security Principles
Security in Networking
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Module 5: Overview of Normalization
Index Use Cases.
Cryptography and Network Security
Cyber security Policy development and implementation
DATABASE SECURITY For CSCL (BIM).
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Security network management
Overview of Database Security
Security.
So What are Views and Triggers anyway?
Database Management system
Improving Data Security & Protection Using Data Provenance Figure 1
Chapter 7a: Overview of Database Design -- Normalization
Presentation transcript:

Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention Qussai Yaseen and Brajendra Panda 1PASSAT 2010

Outlines Introduction Types of Dependencies Constraints on Dependencies Insider Threat Preventing Insider Threat Conclusion 2PASSAT 2010

Introduction Insider threat is the threat that is caused by a malicious insider, where the insider is a person who has authorized access privileges, knowledge of the relational database system he/she uses, is familiar with the dependencies between data items as well as the constraints, and is motivated to violate the security policy of the system through authorized access. According to the FBI Computer Crime Survey, trusted insiders are responsible of 52% of all security breaches. Mechanisms that prevent outsiders threat are inappropriate to protect data from authorized users who may misuse their privileges to cause harm to systems. 3PASSAT 2010

Types of Dependencies Types of Dependencies Dependencies are classified into: ◦ Strong vs. weak dependencies [A  C]. ◦ Direct [A  C] vs. indirect [A  B  C] dependencies. ◦ One-way [A  B] vs. cyclic [A B] dependencies. 4PASSAT 2010

Constraints on Dependencies A dependency relationship involves a constraint. That is, a change on a dependent data item occurs only when a specified constraint is satisfied. For instance, the following shows the constraints on the dependency [Rank  Base_Salary]. Constraints are classified into two types: ◦ Changing the value of an attribute. ◦ Deleting or inserting records. The Constraint and Dependency Graph (CDG) shows the dependencies and constraints. RankBase_Salary Assistant Prof.60K Associate Prof.75K Prof.90K 5PASSAT 2010

A CDG Example + Figure 1. A Constraint and Dependency Graph CDG. 6 2 T 2.a 6 T 1.a 2 T 2.a 5 T 1.a 1 T 1.a 1 < c 1 T 1.a 1 ≥ c 1 c 4 c3 c3 T 1.a T 2.a 4 3 T 1.a 3  c 1 ≤ a 1  a 2 = c 3  c 1 > a 1  a 2 =c 4  a 4 =2*a 3 +3  a 6 =6*a 2 +2*a 5 6PASSAT 2010

Insider Threat Insiders may be able to modify unauthorized data items (on which they have no write access) to the values they want using his/her knowledge about dependencies and constraints. For instance, in Fig. 1, assume that an insider has write access on attribute a 1 and has no write access on attribute a 2. Also, assume that the insider is familiar with the dependencies and constraints. In this case, the insider can modify the value of a 2 to either c 3 or c 4, as he/she prefers, by changing the value of a 1 to a value greater than or equal to c 1, or less than c 1 respectively. 7PASSAT 2010

Modification Graphs MGs MGs determine which data items (authorized or unauthorized) insiders can modify. A modification graph of an insider is constructed based on the Knowledgebase of the insider, the CDG and the Dependency Matrix. For example, Consider the CDG as shown in Fig. 1 and assume that the insider has write access to T 1. Fig. 2 shows the modification graph of the insider. I Figure 2. A Modification Graph of an Insider a1a1 a1a1 a2a2 a2a2 a3a3 a3a3 a4a4 a4a4 a6a6 a6a6 T1T1 T1T1 T2T2 T2T2 8PASSAT 2010

Preventing Malicious Modifications Preventing Malicious Modifications Preventing malicious modifications can be handled in two ways: ◦ Hiding Dependencies. ◦ Denying Write Access Requests. 9PASSAT 2010

Hiding Dependencies Discovering dependencies may pose a threat; it allows insiders to make the changes they want in data items on which they have no write access. Thus, dependencies that help in launching such serious attacks should be hidden. Some data items are not important enough for insiders to be interested in changing them, whereas insiders are interested in changing other data items, which are called sensitive data item. Definition 1. A sensitive data item is the data item which insiders may be interested in changing due the importance and secrecy of the information that it represents. 10PASSAT 2010

Cont. To determine which dependencies should be hidden from the insider, we introduced the Sensitivity and Dependency Graph (SDG). It shows the dependencies between attributes, and contains the sensitivity values of different attributes. It is used to determine a cut, which represents the edges (dependencies) that have destined attributes with sensitivity values greater than a predefined threshold for the insider under consideration. Definition 2. Given a set of dependencies S in a relational database, a cut is a set of dependencies C ⊆ S that should be hidden from the insider under consideration. 11PASSAT 2010

Cont. To determine a cut: ◦ Threshold values and data items sensitivities should be known. ◦ Then, a Breadth First Search is used, which starts from the attribute on which the insider has write access to determine which edges belong to the cut. 12PASSAT 2010

Cont. Suppose that the following is a part of a Sensitivity and Dependency Graph (SDG) for a relational database. X X P P Q Q R R Y Y Z Z 9%9% 56% 75% 91% 10% Assume that an insider K has 50% threshold value, which means he/she is not allowed to change data items with sensitivity > 50%. Suppose that K requests a write access on Y. If the system decides to grant this request to K, it should hide the dependencies that is determined by the Cut shown in the figure. Figure 4. A Cut in a Sensitivity and Dependency Graph 13PASSAT 2010

Denying Write Access Requests Hiding dependencies may not be always achievable. The solution in this case is to not grant insiders write accesses on data items in which a change may cause a change in sensitive data items. Use the Modification Graph MG to determine whether an insider can change an unauthorized sensitive data item using some authorized ones. 14PASSAT 2010

An Example Scenario EMP_IDNameRankHI_Premium. Employee Table EMP_IDBase_SalaryExperience… Salary Table EMP_IDDependent_NameRelationalship… Dependent Table SalaryTax… <70K6% >=70K & < 90K8% >=90K10% Tax Table Figure 5. An Academic Staff Database Suppose that the following database has the dependencies: 1. Rank  Base_Salary 2. {Base_Salary, Experience}  Salary 3. Number of Dependents  HI_Premium 4.{HI_Premium, Tax, Salary}  Net_Salary Assume that the total salary and net salary is computed as following. - Salary = Base_Salary $* Experience. - Net_salary = Salary – Salary * Tax - HI_Premium. 15PASSAT 2010

Cont. Suppose that the sensitivity values of the data items according to the insider under consideration, say insider K, is as shown the Table 1. Suppose that the threshold value of the insider k is 50%. T ABLE 1. S ENSITIVITY V ALUES A CCORDING TO THE INSIDER K Data item Sensitivity Rank20% Base_Salary90% Experience10% Number of Dependents30% HI_Premium90% Salary100% Net_Salary100% Tax10% 16PASSAT 2010

Cont. The following graph represents the SDG of the given database. Figure 6. The SDG of the Academic Staff Database 100% 90% Rank Experience HI_Premium 90% Salary Base_Salary Tax # of Dependents Net_Salary 100% 17PASSAT 2010

Cont. Suppose that the insider K requests write access privileges on: o The Rank attribute. o The Experience attribute. o The Dependents table. In this case, if he/she is given write access to those data items, he/she can modify indirectly the sensitive data items: o Base_Salary. o Salary. o HI_Premium. o Net_Salary. 100% 90% Rank Experience HI_Premium 90% Salary Base_Salary Tax # of Dependents Net_Salary 100% Figure 7. The SDG of the Academic Staff Database 18PASSAT 2010

Cont. To solve this problem, ensure that the inside is not familiar with some dependencies. However, if hiding those dependencies is not achievable, the requests should be denied. 100% 90% Rank Experience HI_Premium 90% Salary Base_Salary Tax # of Dependents Net_Salary 100% Figure 8. A Cut in the SDG of the Academic Staff Database 19PASSAT 2010

Conclusions Insiders who have knowledge of dependencies and their constraints may modify data items, to which they do not have authorized write access, to the value they want. We presented an algorithm for constructing insiders’ Modification Graphs. We have defined the Sensitivity and Dependency graph (SDG), which shows the dependencies between data items and their sensitivity values. We provided two methods to prevent malicious modifications. o First, is to hide dependencies between data items using the cut algorithm. o Second, is to deny write access to some data items using Modification Graphs. 20PASSAT 2010

Future Work We plan to discuss HOW to hide risky dependencies. We plan to conduct experiments to establish the effectiveness of the proposed model. 21PASSAT 2010

Questions 22PASSAT 2010

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.