Database Security CS461/ECE422 Spring 2012. Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Slides:



Advertisements
Similar presentations
Views-basics 1. 2 Introduction a view is a perspective of the database different users may need to see the database differently; this is achieved through.
Advertisements

Access Control & Views Reading: C&B, Chap 7. Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the principles of object.
1 Lecture 5: SQL Schema & Views. 2 Data Definition in SQL So far we have see the Data Manipulation Language, DML Next: Data Definition Language (DDL)
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
COMP 3715 Spring 05. Working with data in a DBMS Any database system must allow user to  Define data Relations Attributes Constraints  Manipulate data.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.
Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.
Database Management System
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Chapter Information Systems Database Management.
Midterm Review Lecture 14b. 14 Lectures So Far 1.Introduction 2.The Relational Model 3.Disks and Files 4.Relational Algebra 5.File Org, Indexes 6.Relational.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Database Systems More SQL Database Design -- More SQL1.
Mid-term Class Review.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
Database Security Overview Blake Middleton CSE 7330 – Fall 2009.
Security and Integrity
Introduction To Databases IDIA 618 Fall 2014 Bridget M. Blodgett.
DAY 21: MICROSOFT ACCESS – CHAPTER 5 MICROSOFT ACCESS – CHAPTER 6 MICROSOFT ACCESS – CHAPTER 7 Akhila Kondai October 30, 2013.
CSE314 Database Systems More SQL: Complex Queries, Triggers, Views, and Schema Modification Doç. Dr. Mehmet Göktürk src: Elmasri & Navanthe 6E Pearson.
RDB/1 An introduction to RDBMS Objectives –To learn about the history and future direction of the SQL standard –To get an overall appreciation of a modern.
SEC835 Practical aspects of security implementation Part 1.
Introduction to SEQUEL. What is SEQUEL? Acronym for Structural English Query Language Acronym for Structural English Query Language Standard language.
University of Sunderland COM 220Lecture Two Slide 1 Database Theory.
Computer Security: Principles and Practice
Databases Collections of data. Set of rules to organize data. Types ◦ Relational: use (rows) & columns to organize. ◦ Object oriented: complex data (audio,
NMED 3850 A Advanced Online Design January 12, 2010 V. Mahadevan.
SQL Structured Query Language Programming Course.
5/24/01 Leveraging SQL Server 2000 in ColdFusion Applications December 9, 2003 Chris Lomvardias SRA International
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 5 – Database Security.
Structured Query Language Chris Nelson CS 157B Spring 2008.
FEN  Data Definition: CREATE TABLE, ALTER TABLE  Data Manipulation: INSERT, UPDATE, DELETE  Queries: SELECT SQL: Structured Query Language.
Database Management COP4540, SCS, FIU Constraints and security in SQL (Ch. 8.6, Ch22.2)
Lecture 8 Creating Stored Functions. Objectives  After completing this lesson, you should be able to do the following:  What is Function?  Types of.
Lecture2: Database Environment Prepared by L. Nouf Almujally 1 Ref. Chapter2 Lecture2.
Database Design Methodology. Lesson 1: Introduction to Databases.
6 1 Lecture 8: Introduction to Structured Query Language (SQL) J. S. Chou, P.E., Ph.D.
SQL Basics. What is SQL? SQL stands for Structured Query Language. SQL lets you access and manipulate databases.
IS 230Lecture 6Slide 1 Lecture 7 Advanced SQL Introduction to Database Systems IS 230 This is the instructor’s notes and student has to read the textbook.
What’s a database? Data stored in a structured format that lends itself to easy manipulation and recall.
Creating and Maintaining Geographic Databases. Outline Definitions Characteristics of DBMS Types of database Relational model SQL Spatial databases.
Advanced Accounting Information Systems Day 10 answers Organizing and Manipulating Data September 16, 2009.
Database Security.
AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 7 (Part II) INTRODUCTION TO STRUCTURED QUERY LANGUAGE (SQL) Instructor.
Database Security Lesson Introduction ●Understand the importance of securing data stored in databases ●Learn how the structured nature of data in databases.
Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 
Mining real world data RDBMS and SQL. Index RDBMS introduction SQL (Structured Query language)
Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 Database Management Systems Chapter 5 SQL.
April 2002 Information Systems Design John Ogden & John Wordsworth 1 Database Design SQL (1) John Wordsworth Department of Computer Science The University.
1 COMP 1100 Basic SQL David J. Stucki. Outline SQL Overview Retrievals Schema creation Table creation Constraints Inserts Updates 2.
Database Security and Authorization Introduction to DB Security Access Controls Database Security and the DBA Discretionary Access Control The privileges.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
Big Data Yuan Xue CS 292 Special topics on.
Database Security Advanced Database Dr. AlaaEddin Almabhouh.
More SQL: Complex Queries, Triggers, Views, and Schema Modification
Database System Implementation CSE 507
More SQL: Complex Queries,
Database Security and Authorization
Query-by-Example (QBE)
SQL: Advanced Options, Updates and Views Lecturer: Dr Pavle Mogin
Inference and Flow Control
More SQL: Complex Queries, Triggers, Views, and Schema Modification
Database systems Lecture 3 – SQL + CRUD
CMPT 354: Database System I
Syllabus Introduction Website Management Systems
Presentation transcript:

Database Security CS461/ECE422 Spring 2012

Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database encryption

Reading Material Chapter 5 of the text

4 Motivation Databases are a common element in today's system architecture Hold important information – Target of attacks

5 Database Advantages Years and years of technology improvements – Data integrity and consistency – ACID transactions – Decent performance in face of integrity and consistency requirements Common well understood model – Shared access – Controlled access

6 Relational Model Information stored in relations or tables – Each row is a tuple of attributes – Manipulated by standard SQL language

7 Making Queries Can select rows to create subtables –Select Name, UID, Financial Aid from Students where College = 'Eng'

8 Combining tables Can use Join to create single set of tuples from multiple tables. select A.name, B.Dorm, A.Major from A, B where A.UID = B.UID; AB

Database Access Control In most OS access control, subjects are users, and objects are files (and file-like objects) In databases, what should the objects be?

10 SQL grant Syntax grant privilege_list on resource to user_list; Privileges include select, insert, etc. Resource may be a table, a database, a function, etc. User list may be individual users, or may be a user group Griffiths Wade 76

11 Example Application Alice owns a database table of company employees: name varchar(50), ssn int, salary int, varchar(50) Some information (ssn, salary) should be confidential, others can be viewed by any employee.

12 Simple Access Control Rules Suppose Bob needs access to the whole table (but doesn’t need to make changes): grant select on employee to bob; Suppose Carol is another employee, who should only access public information: grant select(name, ) on employee to carol; – not implemented in PostgreSQL (see next two slides for how to work around this) – not implemented for select in Oracle – implemented in MySQL

13 Creating Views Careful with definitions! – A subset of the database to which a user has access, or: – A virtual table created as a “shortcut” query of other tables View syntax: create view view_name as query_definition; Querying views is nearly identical to querying regular tables

14 View-Based Access Control Alternative method to grant Carol access to name and columns: create view employee_public as select name, from employee; grant select on employee_public to carol;

15 Row-Level Access Control Suppose we also allow employees to view their own ssn, salary: create view employee_Carol as select * from employee where name='Carol'; grant select on employee_Carol to carol; And we allow them to update their addresses: grant update( ) on employee_Carol to carol; – (Or create yet another new view…)

16 Delegating Policy Authority grant privilege_list on resource to user_list with grant option; Allows other users to grant privileges, including “with grant option” privileges Like “Copy right” from Access Control lecture Can grant subset privileges too – Alice: grant select on table1 to bob with grant option; – Bob: grant select(column1) on table1 to carol with grant option;

17 SQL revoke Syntax revoke privilege_list on resource from user_list; What happens when a user is granted access from two different sources, and one is revoked? What happens when a “with grant option” privilege is revoked?

18 Revoke Example 1 Alice gives Read, Update, Insert privileges to Bob for table X Carol gives Read, Update privileges to Bob for table X Alice revokes Read, Update, Insert privileges from Bob for table X What privileges should Bob now have on table X?

19 Revoke Example 2 Alice gives Read, Update, Insert privileges to Bob for table X with Grant option Bob gives Read, Update privileges to Carol for table X Alice revokes all privileges from Bob for table X What privileges should Bob have on table X? What privileges should Carol have on table X?

20 Revoke Example 3 Alice gives Read, Update, Insert privileges to Bob for table X with Grant option Bob gives Read, Update privileges to Carol for table X with Grant option Carol gives Read, Update privileges to Bob for table X Alice revokes all privileges from Bob for table X What privileges do Bob and Carol have now?

21 Disadvantages to SQL Model Too many views to create – Tedious for many users, each with their own view – View redefinitions that change the view schema require dropping the view, redefining, then reissuing privileges – Fine-grained policies each require their own view— and no obvious way to see that the views come from the same table Applications often use one user and implement own access control Other techniques being developed but not yet widely deployed

Statistical Access Access given to aggregate functions only – count, sum, min, max, avg, … – select avg(gpa) from students where student.department = “ECE”; – select count(*) from students where gpa > 3.5; Inference – Use aggregate values to deduce sensitive information

Exercise 1 How can we use statistical functions to infer sensitive (user-specific values)?

Examples Too-specific query – select avg(gpa) from students where student.name = “Carol”; Negative result – select count(*) from students where college = ‘Edu’ and gpa > 3.0 => 0;

Constraint Refuse to return results from queries that include too few (<k) rows Exercise: find out Bob’s GPA if k = 3 Select avg(financialaid) from students where college = “Eng” or college = “Edu” and (name != “Bob” OR gpa > 2.0);

Other possible controls Return imprecise results – Perturb individual data – Perturb results – Return result on random sample Hard to get right, see work on Differential Privacy for state of the art

Key Points Database has good integrity features Fine grained access control implemented in most DB systems – Not always taken advantage of It is difficult to block inferences