Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #10 Security for Distributed Data Management February 10, 2005
Outline Distributed Database Systems Architecture, Data Distribution, Functions Security Issues Discretionary Security, Multilevel Security Comments Assumption: Network is secure; focusing on securing the data
A Definition of a Distributed Database System A collection of database systems connected via a network The software that is responsible for interconnection is a Distributed Database Management System (DDBMS) Each DBMS executes local applications and should be involved in at least one global application (Ceri and Pelagetti) Homogeneous environment
Communication Network Architecture Communication Network Distributed Processor 1 DBMS 1 Data- base 1 base 3 base 2 DBMS 2 DBMS 3 Processor 2 Processor 3 Site 1 Site 2 Site 3
Distributed Processor Network Interface Distributed Query/Update Processor Distributed Transaction Manager Distributed Metadata Management Integrity/ Security Manager Local DBMS Interface
Data Distribution S I T E 1 E M P 1 D E P T 1 S S # N a m e S a l a r y D # D # D n a m e M G R 1 J o h n 2 1 1 C . S c i . J a n e 2 P a u l 3 2 3 J a m e s 4 2 3 E n g l i s h D a v i d 4 J i l l 5 2 5 M a r y 6 1 4 F r e n c h P e t e r 6 J a n e 7 2 S I T E 2 E M P 2 D E P T 2 S S # N a m e S a l a r y D # D # D n a m e M G R 9 M a t h e w 7 5 5 M a t h J o h n 7 D a v i d 8 3 P h y s i c s P a u l 8 P e t e r 9 4 2
Distributed Database Functions Distributed Query Processing Optimization techniques across the databases Distributed Transaction Management Techniques for distributed concurrency control and recovery Distributed Metadata Management Techniques for managing the distributed metadata Distributed Security/Integrity Maintenance Techniques for processing integrity constraints and enforcing access control rules across the databases
Discretionary Security Architecture Discretionary Security Mechanisms Access Control Security Policy Integration Views for Security Secure Distributed Database Functions
Secure Distributed Database System A collection of secure database systems (SDBMS) connected via a secure network The software that is responsible for interconnection is a Secure Distributed Database Management System (SDDBMS) Each SDBMS executes local applications and should be involved in at least one global application (Ceri and Pelagetti) Homogeneous environment
Architecture
Discretionary Security Mechanism
Access Control Policies
Security Policy Integration
Views for Security
Secure Distributed Database Functions
Multilevel Security Aspects of MLS/DDBMS Architectures Data Model Functions Inference Control
Aspects of MLS/DDBMS
Architecture - I
Architecture - II
Architecture III
Modules if SDP (Secure Distributed Processor) SDQP SDTM SDMM SDSM SDIM DQP: Distributed Query Processor DTM: Distributed Transaction Mangier DMM: Distributed Metadata Manager DSML Distributed Security Manager DIM: Distributed Integrity Manager
Multilevel Distributed Data Model
MLS/DDBMS Functions
Distributed Inference Controller
Discretionary Security Mechanism
Comments Techniques for centralize data management have to be extended for a distributed environment Access control enforced across databases Inference control across databases Web will continue to impact the development of secure distributed data managers Network security is critical