Security in Computing, Fifth Edition

Slides:



Advertisements
Similar presentations
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Advertisements

©Silberschatz, Korth and Sudarshan1.1Database System Concepts Chapter 1: Introduction Purpose of Database Systems View of Data Data Models Data Definition.
Information Security Principles & Applications
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Database Management: Getting Data Together Chapter 14.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
©Silberschatz, Korth and Sudarshan1.1Database System Concepts Chapter 1: Introduction Purpose of Database Systems View of Data Data Models Data Definition.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.
Functions of a Database Management System. Functions of a DBMS C.J. Date n Indexing n Views n Security n Integrity n Concurrency n Backup/Recovery n Design.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.
SE571 Security in Computing
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.
© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.
Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,
The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.
Concepts of Database Management, Fifth Edition
Chapter 1 Overview of Database Concepts Oracle 10g: SQL
Database Security And Audit. Databasics Data is stored in form of files Record : is a one related group of data (in a row) Schema : logical structure.
Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,
Sensitive Data  Data that should not be made public  What if some but not all of the elements of a DB are sensitive Inherently sensitiveInherently sensitive.
1 Welcome: To the second learning sequence “ Data Base (DB) and Data Base Management System (DBMS) “ Recap : In the previous learning sequence, we discussed.
Lecture 2 An Overview of Relational Database IST 318 – DB Admin.
Computer Security: Principles and Practice
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.
Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  
CHAPTER 5 Database Security 1. Objectives  Explain briefly the concept of databases  Identify the security requirement of the databases  List and explain.
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
Database Environment Chapter 2. Data Independence Sometimes the way data are physically organized depends on the requirements of the application. Result:
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 21 November 2, 2004.
Programming Logic and Design Fourth Edition, Comprehensive Chapter 16 Using Relational Databases.
MBA 664 Database Management Dave Salisbury ( )
Mr.Prasad Sawant, MIT Pune India Introduction to DBMS.
1 Chapter 2 Database Environment Pearson Education © 2009.
Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 7 Module 7 Data Base Security  MModified by :Ahmad Al Ghoul  PPhiladelphia.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
Copyright © 2016 Pearson Education, Inc. CHAPTER 12: DATA AND DATABASE ADMINISTRATION Modern Database Management 12 th Edition Jeff Hoffer, Ramesh Venkataraman,
Database Principles: Fundamentals of Design, Implementation, and Management Chapter 1 The Database Approach.
Database System Implementation CSE 507
Introduction to DBMS Purpose of Database Systems View of Data
Introduction To DBMS.
Database Management.
ITEC 3220A Using and Designing Database Systems
Chapter 1: Introduction
Database Security and Authorization
Transaction Management and Concurrency Control
Chapter 1: Introduction
Functions of a Database Management System
Pertemuan Ke 7 Agung BP.
Chapter 4 Relational Databases
Chapter 3: Data Management Systems
Introduction to Database Systems
Chapter 2 Database Environment Pearson Education © 2009.
Chapter 2 Database Environment.
Ch 21: Transaction Processing
Chapter 8 Data Base Security
Database Processing: David M. Kroenke’s Chapter Nine: Part One
Database Security Jagdish S. Gangolly School of Business
Introduction to DBMS Purpose of Database Systems View of Data
Introduction of Week 13 Return assignment 11-1 and 3-1-5
Chapter 1: Introduction
Chapter 1: Introduction
Chapter 1: Introduction
Terms: Data: Database: Database Management System: INTRODUCTION
Chapter 2 Database Environment Pearson Education © 2009.
Chapter 1: Introduction
Presentation transcript:

Security in Computing, Fifth Edition Chapter 7: Databases From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Objectives for Chapter 7 Basic database terminology and concepts Security requirements for databases Implementing access controls in databases Protecting sensitive data Data mining and big data From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Database Terms Database administrator Database management system (DBMS) Record Field/element Schema Subschema Attribute Relation Database: A collection of data and a set of rules that organize the data by specifying certain relationships among the data Database administrator: Person who defines the rules that organize the data and controls who should have access to what parts of the data Database management system: The system through which users interact with the database Record: One related group of data Field/element: Elementary data items that make up a record (e.g., name, address, city) Schema: Logical structure of a database Subschema: The portion of a database a given user has access to Attribute: A column in a database Relation: A set of database columns From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Database Example A database with three tables From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Schema Example The schema of the database from the previous slide From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Queries A query is a command that tells the database to retrieve, modify, add, or delete a field or record The most common database query language is SQL From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Example SQL Query SELECT ZIP=‘43210’ From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Database Security Requirements Physical integrity Logical integrity Element integrity Auditability Access control User authentication Availability This is a good time to encourage students to think about places databases are commonly used and all the purposes they may be used for. Examples such as banks, large retailers, and law enforcement quickly make clear why all of these requirements are critically important. We’ve already discussed many of the ways these requirements are achieved in previous chapters, but the remainder of this chapter covers special considerations for databases. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Reliability and Integrity Reliability: in the context of databases, reliability is the ability to run for long periods without failing Database integrity: concern that the database as a whole is protected against damage Element integrity: concern that the value of a specific data element is written or changed only by authorized users Element accuracy: concern that only correct values are written into the elements of a database From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Two-Phase Update Phase 1: Intent Phase 2: Write DBMS does everything it can, other than making changes to the database, to prepare for the update Collects records, opens files, locks out users, makes calculations DBMS commits by writing a commit flag to the database Phase 2: Write DBMS completes all write operations DBMS removes the commit flag If the DBMS fails during either phase 1 or phase 2, it can be restarted and repeat that phase without causing harm Solution to the concern that the database system would fail in the middle of an update, leaving the database in a partially updated and inconsistent state. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Other Database Security Concerns Error detection and correction codes to protect data integrity For recovery purposes, a database can maintain a change log, allowing it to repeat changes as necessary when recovering from failure Databases use locks and atomic operations to maintain consistency Writes are treated as atomic operations Records are locked during write so they cannot be read in a partially updated state From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Sensitive Data Inherently sensitive From a sensitive source Passwords, locations of weapons From a sensitive source Confidential informant Declared sensitive Classified document, name of an anonymous donor Part of a sensitive attribute or record Salary attribute in an employment database Sensitive in relation to previously disclosed information An encrypted file combined with the password to open it From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Types of Disclosures Exact data Bounds Negative result Existence Probable value Direct inference Inference by arithmetic Aggregation Hidden data attributes File tags Geotags Keeping records from being dumped out of the database is not sufficient to actually prevent disclosure. There are many ways to deduce the content of a database listed on this slide, and all of them must be considered when protecting sensitive database information. It is important to understand both the range of possible contents of each attribute and the data available to potential attackers in order to apply the appropriate protection mechanisms. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Preventing Disclosure Suppress obviously sensitive information Keep track of what each user knows based on past queries Disguise the data From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Security vs. Precision Precise, complete, and consistent responses to queries against sensitive information make it more likely that the sensitive information will be disclosed. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Suppression Techniques Limited response suppression Eliminates certain low-frequency elements from being displayed Combined results Ranges, rounding, sums, averages Random sample Blocking small sample sizes Random data perturbation Randomly add or subtract a small error value to/from actual values Swapping Randomly swapping values for individual records while keeping statistical results the same Less complex data makes for simpler inference and therefore is more likely to require suppression. The disclosure prevention must be balanced against the database requirements, as the loss of precision and completeness may make the database unusable. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Data Mining Data mining uses statistics, machine learning, mathematical models, pattern recognition, and other techniques to discover patterns and relations on large datasets The size and value of the datasets present an important security and privacy challenge, as the consequences of disclosure are naturally high From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Data Mining Challenges Correcting mistakes in data Preserving privacy Granular access control Secure data storage Transaction logs Real-time security monitoring These remain open challenges, though some are partially solved or are solved in certain data mining packages. Access control, for instance, can often be performed in a coarse way. Correcting mistakes is a problem because data is often moved to more databases before the original database can be corrected—if the need for correction is ever discovered. Data storage is an issue because data may be collected globally and through cloud providers, where security details are largely unknown to users. As data mining platforms evolve, these features will mature. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Summary Database security requirements include: Physical integrity Logical integrity Element integrity Auditability Access control User authentication Availability There are many subtle ways for sensitive data to be inadvertently disclosed, and there is no single answer for prevention Data mining and big data have numerous open security and privacy challenges From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.