Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Slides:

Advertisements

Similar presentations

©Silberschatz, Korth and Sudarshan4.1Database System Concepts Lecture-1 Database system,CSE-313, P.B. Dr. M. A. Kashem Associate. Professor. CSE, DUET,

Advertisements

Auditing Computer-Based Information Systems

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.

Information Security Principles & Applications

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Management: Getting Data Together Chapter 14.

Transaction Processing IS698 Min Song. 2 What is a Transaction?  When an event in the real world changes the state of the enterprise, a transaction is.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Database Features Lecture 2. Desirable features in an information system Integrity Referential integrity Data independence Controlled redundancy Security.

Functions of a Database Management System. Functions of a DBMS C.J. Date n Indexing n Views n Security n Integrity n Concurrency n Backup/Recovery n Design.

Last time Finish OTR Database Security Introduction to Databases

Dr. Kalpakis CMSC 461, Database Management Systems Introduction.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

SE571 Security in Computing

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Database Systems: Design, Implementation, and Management Ninth Edition

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,

DBSQL 7-1 Copyright © Genetic Computer School 2009 Chapter 7 Transaction Management, Database Security and Recovery.

Objectives Overview Define the term, database, and explain how a database interacts with data and information Define the term, data integrity, and describe.

Concepts of Database Management, Fifth Edition

Week 9 - Wednesday.  What did we talk about last time?  Government evaluation standards  Database basics.

Database Technical Session By: Prof. Adarsh Patel.

Database Security And Audit. Databasics Data is stored in form of files Record : is a one related group of data (in a row) Schema : logical structure.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,

Database Security DBMS Features Statistical Database Security.

Sensitive Data  Data that should not be made public  What if some but not all of the elements of a DB are sensitive Inherently sensitiveInherently sensitive.

Security Architecture

1 Welcome: To the second learning sequence “ Data Base (DB) and Data Base Management System (DBMS) “ Recap : In the previous learning sequence, we discussed.

File Processing - Database Overview MVNC1 DATABASE SYSTEMS Overview.

SEC835 Practical aspects of security implementation Part 1.

Computer Security: Principles and Practice

Databases Collections of data. Set of rules to organize data. Types ◦ Relational: use (rows) & columns to organize. ◦ Object oriented: complex data (audio,

Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.

Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 5 – Database Security.

MIS 327 Database Management system 1 MIS 327: DBMS Dr. Monther Tarawneh Dr. Monther Tarawneh Week 2: Basic Concepts.

Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  

Chapter No 4 Query optimization and Data Integrity & Security.

6 1 Lecture 8: Introduction to Structured Query Language (SQL) J. S. Chou, P.E., Ph.D.

Databases Shortfalls of file management systems Structure of a database Database administration Database Management system Hierarchical Databases Network.

Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security.

CHAPTER 5 Database Security 1. Objectives  Explain briefly the concept of databases  Identify the security requirement of the databases  List and explain.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.

Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.

Concurrency Control. Objectives Management of Databases Concurrency Control Database Recovery Database Security Database Administration.

INFO1408 Database Design Concepts Week 16: Introduction to Database Management Systems Continued.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 21 November 2, 2004.

Programming Logic and Design Fourth Edition, Comprehensive Chapter 16 Using Relational Databases.

MBA 664 Database Management Dave Salisbury ( )

Academic Year 2014 Spring Academic Year 2014 Spring.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Control of data redundancy Data consistency More information from the same amount of data Sharing of data Improved data integrity Improved security Enforcement.

ASET 1 Amity School of Engineering & Technology B. Tech. (CSE/IT), III Semester Database Management Systems Jitendra Rajpurohit.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 7 Module 7 Data Base Security  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 1 Database Systems.

SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.

Chapter 7 Database Security. SCSR 3413 Computer Security Protecting data is a primary concern to secure systems, user count on the DataBase Management.

Functions of a Database Management System

Introduction to Database Management System

Chapter 8 Data Base Security

Database Security (Chapter 8, Sections 4-7)

Database Security Jagdish S. Gangolly School of Business

Database Security &Threats

Introduction of Week 13 Return assignment 11-1 and 3-1-5

Security in Computing, Fifth Edition

Presentation transcript:

Security in Databases

2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security CSE2500 System Security & Privacy

3 Srini & Nandita (CSE2500)DB Security Database DBMS DB Administrator users

4 Srini & Nandita (CSE2500)DB Security Database concepts database –data + rules components of data –records: composed of fields / elements logical structure  schema attribute  name of a column relation  a set of columns

5 Srini & Nandita (CSE2500)DB Security A sample database

6 Srini & Nandita (CSE2500)DB Security DB should deliver (advantages) shared access minimal redundancy data consistency data integrity controlled access

7 Srini & Nandita (CSE2500)DB Security Security requirements physical DB integrity logical DB integrity element (field) integrity auditability access control user authentication availability –(integrity, confidentiality & availability)

8 Srini & Nandita (CSE2500)DB Security Reliability & integrity three dimensions: –database integrity –element integrity –element accuracy various techniques –2-phase update –introducing redundancy –recovery –concurrency/consistency control –using monitors

9 Srini & Nandita (CSE2500)DB Security 2-phase update phase-1: Intent –gathering info & resources –no harm in the case of failure –writing of a commit flag to data base phase-2: Commit –set commit flag in the database –causing permanent changes –may be repairable in the case of failure

10 Srini & Nandita (CSE2500)DB Security 2-Phase Update (Example) Suppose DB query asks to add 1 to fields X and Y. Phase 1 (Intent): –Compute updated values in temporary “Shadow” variables Xnew and Ynew: >Xnew := X + 1, Ynew := Y + 1 Phase 2 (Commit): –Set “Commit” flag (i.e. DB changes started, do not repeat Intent phase!) –Copy shadow values into DB: >X := Xnew, Y := Ynew –Write “Update Complete”, Clear Commit flag.

11 Srini & Nandita (CSE2500)DB Security Redundancy/internal consistency using error detection / correction codes –entire database –records –fields / elements shadow fields –duplication of attributes / records

12 Srini & Nandita (CSE2500)DB Security Recovery one way to achieve this is to have a log file for all recent changes (since last backup)

13 Srini & Nandita (CSE2500)DB Security Concurrency/Consistency In a multi-user/process/client environment, concurrency and consistency control is vitally important. Basic techniques –using “atomic operation” >Read-then-(if OK)Write: A Write query to a field is conditioned on its current contents being as specified (in case it was modified recently by someone else) –using “locking” mechanisms >Read queries to a record are blocked while a write is performed to the record by someone else

14 Srini & Nandita (CSE2500)DB Security Monitors checking the structural consistency of data entered or modified –range comparison -- field specific –state constraints >describe of the condition of entire DB >(Properties which should be satisfied by DB contents at all times) –transition constraints >describe the conditions necessary before a change can be made (Properties which should be satisfied by DB contents so that a change to DB is valid) Collectively called Integrity Constraints

15 Srini & Nandita (CSE2500)DB Security On sensitive data factors that make data sensitive –inherently sensitive –from a sensitive source –declared sensitive –of a sensitive attribute or a sensitive record –sensitive in relation to previously disclosed information sensitivity of data in a DB may vary !

16 Srini & Nandita (CSE2500)DB Security A sample database

17 Srini & Nandita (CSE2500)DB Security Access decisions on sensitive data factors to be considered when permitting “user x to access data y” –availability of data >Record is blocked from read while it is modified –acceptability of access >No disclosure (even ‘partial’) of sensitive values to unauthorized users –assurance of authenticity of user >Limit access based on other considerations (time of access, previous accesses,…)

18 Srini & Nandita (CSE2500)DB Security Types of disclosure of sensitive data exact data (field = x) Bounds – x < field < y negative result –field is not equal to x Existence –an Attribute of a field exists in DB probable value –reducing the number of possible values for a field, Improving knowledge of their relative likelihoods.

19 Srini & Nandita (CSE2500)DB Security Inference Problem definition: –infer or derive sensitive data from non- sensitive or (seemingly) un-related data “inference” is a subtle vulnerability in database security

20 Srini & Nandita (CSE2500)DB Security A sample database

21 Srini & Nandita (CSE2500)DB Security Direct attack list NAME where SEX = M & DRUGS = 1 list NAME where (SEX = M & DRUGS = 1) | (SEX != M & SEX != F) | (DORM != East)

22 Srini & Nandita (CSE2500)DB Security Indirect attack (statistical inference) Sum sum of financial aid by dorm & sex Holmes Grey West Total M F Total

23 Srini & Nandita (CSE2500)DB Security Indirect attack (cont.) Count –count of students by dorm & sex Holmes Grey West Total M F Total –can be used in combination with “sum”

24 Srini & Nandita (CSE2500)DB Security Indirect attack (cont.) Median highest value for attribute 1 lowest value for attribute 1 lowest value for attribute 2 highest value for attribute 2 median for attribute 1 & median for attribute 2

25 Srini & Nandita (CSE2500)DB Security revealing Earhart’s drug Earhart is the only person who has the median of AID and DRUGS, so if data on AID is known, the following query reveals Earhart’s DRUGS: p = median (DRUGS where AID=2000)

26 Srini & Nandita (CSE2500)DB Security Indirect attack (cont.) Linear system attack –by solving a set of equations e.g. q1 = c1 + c2 + c3 q2 = c2 + c3 q3 = c1 + c3

27 Srini & Nandita (CSE2500)DB Security Controls for statistical inference 2 types of control –applied to queries --- very hard ! –applied to data items --- relatively easy >suppression --- sensitive data are not provided >concealing --- precise data are not provided

28 Srini & Nandita (CSE2500)DB Security Summary of inference no perfect solution to inference problem 3 common approaches –suppress obviously sensitive data  fairly easy –track what the user knows  costly –disguise data  may result in incorrect or wrong responses to legitimate queries

29 Srini & Nandita (CSE2500)DB Security Multi-level security The 2 level security model, sensitive or non- sensitive, is inadequate in many practical applications: –The security of a data element may be different from that of other elements in the same row or column. –In practice many grades of security may be needed. –The security of an aggregate may be different from that of the individual elements

30 Srini & Nandita (CSE2500)DB Security Realising Multi-level Security Partitioning –each sub-database corresponds to a security level Encryption –each record (or field) can be encrypted using a different key Integrity lock Trusted Front End Commutative Filter Window/View