XML, distributed data, replicated data, and Security

Slides:



Advertisements
Similar presentations
Ch 10, Functional Dependencies and Normal forms
Advertisements

Database Security - Farkas 1 Database Security and Privacy.
Computer Science and Engineering 1 What these organizations have in common? American Education Services, PA United States Marine Corps / Penn State University.
1 Countermeasures against Consistency Anomalies in Databases with Relaxed ACID Properties. By Lars Frank Copenhagen Business School.
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Chapter 14 & 15 Conceptual & Logical Database Design Methodology
Distributed Databases Dr. Lee By Alex Genadinik. Distributed Databases? What is that!?? Distributed Database - a collection of multiple logically interrelated.
Functional Dependencies
Computer Science and Engineering 1 XML, RDF, Workflow Security.
CSCE 548 Secure Software Development Web Application Security.
Web-Enabled Decision Support Systems
Switch off your Mobiles Phones or Change Profile to Silent Mode.
Polyinstantiation Problem
1 Polyinstantiation. 2 Definition and need for polyinstantiation Sea View model Jajodia – Sandhu model.
10/9/20151 The Relational Data Model TCU Database Systems Last update: September 2004 Reference: Elmasri 4 th edition, chapter 5.
Normalization (Codd, 1972) Practical Information For Real World Database Design.
1 IRU Concurrency, Reliability and Integrity issues Geoff Leese October 2007 updated August 2008, October 2009.
Concurrency Control. Objectives Management of Databases Concurrency Control Database Recovery Database Security Database Administration.
Functional Dependencies. FarkasCSCE 5202 Reading and Exercises Database Systems- The Complete Book: Chapter 3.1, 3.2, 3.3., 3.4 Following lecture slides.
Inference Problem Privacy Preserving Data Mining.
1 CS 430 Database Theory Winter 2005 Lecture 4: Relational Model.
INTRODUCTION lecture1 1. Data base concept Data is a meaningless static value. What does 3421 means? Information is the data you process in a manner that.
Academic Year 2014 Spring Academic Year 2014 Spring.
Lecturer : Assoc. Prof. Dang Tran Khah Presenter: Tran Thach Lam 1.
Introduction to Distributed Databases Yiwei Wu. Introduction A distributed database is a database in which portions of the database are stored on multiple.
Csilla Farkas Department of Computer Science and Engineering University of South Carolina
Distributed Database Management Systems. Reading Textbook: Ch. 1, Ch. 3 Textbook: Ch. 1, Ch. 3 For next class: Ch. 4 For next class: Ch. 4 FarkasCSCE.
DATABASE CONTROLS Chapter 14. Access Controls Discretionary Access Controls Discretionary Access Controls Types of Restrictions : 1. Name-dependent restrictions.
Lecture 03 Constraints. Example Schema CONSTRAINTS.
1 CS 430 Database Theory Winter 2005 Lecture 7: Designing a Database Logical Level.
Logical Database Design and Relational Data Model Muhammad Nasir
Example COMPANY Database
April 20022/CS/3X1 Database Design Design method John Wordsworth Department of Computer Science The University of Reading Room.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Web Data and Application Security
Chapter 9 Part-1: Concepts & Foreign Keys
A brief summary of database normalization
Distributed Database Management Systems
Chapter 15 Basics of Functional Dependencies and Normalization for Relational Databases.
Chapter 19: Distributed Databases
Rules in active databases and integrity constraints
Translation of ER-diagram into Relational Schema
Problems in Designing Schema
Introduction lecture1.
Fourth normal form: 4NF.
Transformation of E/R Diagram to Relation
Relational Database.
Chapter 9 Part-1: Concepts & Foreign Keys
Chapter 4.1 V3.0 Napier University Dr Gordon Russell
Functional Dependencies and Relational Schema Design
Database Management Systems
Database solutions Chosen aspects of the relational model Marzena Nowakowska Faculty of Management and Computer Modelling Kielce University of Technology.
Lectures 12: Design Theory I
Functional Dependencies
Practical Issues of Data Placement
Database Architecture
Access Control.
Sampath Jayarathna Cal Poly Pomona
Distributed Database Management Systems
Introduction of Week 14 Return assignment 12-1
Relational Data Model - 2
Access Control What’s New?
Andrei G. Stoica and Csilla Farkas
XML and Security Csilla Farkas
Concurrency Control.
Review #1 Intro stuff What is a database, 4 parts, 3 users, etc.
Database.
Normalisation 1 Unit 3.1 Dr Gordon Russell, Napier University
Chapter 3 The Relational Model
Presentation transcript:

XML, distributed data, replicated data, and Security

Database (relational) concepts Database consistency Key constraints (referential integrity) Integrity constraints Data dependencies Normalization Multi-user environment Concurrency control Locking protocols Deadlock prevention/detection

Distributed Databases Database fragmentation Vertical Horizontal Commit protocols Database replication Mutual consistency Pessimistic replica control Optimistic replica control

Database Design Goal: Anomalies: Represent domain information Avoid anomalies Avoid redundancy Anomalies: Update: not all occurrences of a fact are changed Deletion: valid fact is lost when tuple is deleted

Functional Dependencies FD: X  A for relation R X functional determines A, i.e., if any two tuples in R agree on attributes X, they must also agree on attribute A. X: set of attributes A: single attribute If t1 and t2 are two tuples of r over R and t1[X]= t2[X] then t1[A]= t2[A] What is the relation between functional dependencies and primary keys?

Example - FD Functional Dependencies: Name,Breed  Age Weight Date Kennel Pepper G.S. 1 70 01/01/02 White Oak Buddy Mix 4 50 03/04/01 Little Creek 04/17/02 Panka Vizsla 12 40 02/14/02 Functional Dependencies: Name,Breed  Age Name,Breed  Weight

XML example Reference paper Figure 1 Figure 2 XML Keys XML FDs

Normalization Functional Dependencies: Name,Breed  Age Weight Date Kennel Pepper G.S. 1 70 01/01/02 White Oak Buddy Mix 4 50 03/04/01 Little Creek 04/17/02 Panka Vizsla 12 40 02/14/02 Functional Dependencies: Name,Breed  Age Name,Breed  Weight

Normalization Relation: primary keys FDs that violate BCNF Decompose relation

Security Objectives Confidentiality Integrity Availability Authenticity Non-repudiation Access Control Models

DB Access Control Protection objects: system resources for which protection is desirable Memory, file, directory, hardware resource, software resources, etc. Subjects: active entities requesting accesses to resources User, owner, program, etc. Access mode: type of access Read, write, execute

Relational

Secure XML Views - Example medicalFiles <medicalFiles> UC <countyRec> S <patient> S <name>John Smith </name> UC <phone>111-2222</phone> S </patient> <physician>Jim Dale </physician> UC </countyRec> <milBaseRec> TS <name>Harry Green</name> UC <phone>333-4444</phone> S <physician>Joe White </physician> UC <milTag>MT78</milTag> TS </milBaseRec> </medicalFiles> countyRec milBaseRec physician Jim Dale physician Joe White milTag MT78 patient patient name John Smith phone 111-2222 name Harry Green phone 333-4444 View over UC data

Delete

XML Delete Operations Delete entire sub-tree under a deleted node Most widely used approach Problem: blind write Delete only the viewable nodes Problem: fragmentation of XML tree Reject the delete Problem: covert channel

Different Solution – Deleted Label Basic Idea A unique domain “Del” for deleted nodes Change security classification of deleted node (o, {do  Del}) Perform after delete operation Change security clearance of users, where s = (s, {ds}) > (o, {do}) to ( (s, {ds}) , (o, {do  Del}) ) Can be preprocessed Use BLP axioms

Example - Top Secret View Report Title Data Date Temperature Images Concrete Location Defense Sector (S,{Del}) TS P Subject clearances: (TS, {})  { (TS, {}) , (S, {Del}), (P, {Del}) } (S, {})  { (S, {}), (P, {Del}) } (P, {})  { (P, {}) }

Attribute Association

Node Association - Example MedicalDb Patient * Patient Phone Name Patient Birthdate Race Date Diagnosis Comments Phone Birthdate Name SSN Race Allergies Allergen * Date Diagnosis Physician Prescription * Comments DTD of Patient Health Record

Layered Access Control Object - Association level classification + - Node level classification

Updates Primary key: Person-name What happens if the public user wants to insert a tuple <Dell, AT&T, $45,495>

Do we need anything else? Security Objectives Confidentiality Integrity Availability Authenticity Non-repudiation Do we need anything else?