Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention Qussai Yaseen and Brajendra Panda 1PASSAT 2010.

Published byOsborn Thornton Modified over 8 years ago

Similar presentations

Presentation on theme: "Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention Qussai Yaseen and Brajendra Panda 1PASSAT 2010."— Presentation transcript:

1 Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention Qussai Yaseen and Brajendra Panda 1PASSAT 2010

2 Outlines Introduction Types of Dependencies Constraints on Dependencies Insider Threat Preventing Insider Threat Conclusion 2PASSAT 2010

3 Introduction Insider threat is the threat that is caused by a malicious insider, where the insider is a person who has authorized access privileges, knowledge of the relational database system he/she uses, is familiar with the dependencies between data items as well as the constraints, and is motivated to violate the security policy of the system through authorized access. According to the FBI Computer Crime Survey, trusted insiders are responsible of 52% of all security breaches. Mechanisms that prevent outsiders threat are inappropriate to protect data from authorized users who may misuse their privileges to cause harm to systems. 3PASSAT 2010

4 Types of Dependencies Types of Dependencies Dependencies are classified into: ◦ Strong vs. weak dependencies [A  C]. ◦ Direct [A  C] vs. indirect [A  B  C] dependencies. ◦ One-way [A  B] vs. cyclic [A B] dependencies. 4PASSAT 2010

5 Constraints on Dependencies A dependency relationship involves a constraint. That is, a change on a dependent data item occurs only when a specified constraint is satisfied. For instance, the following shows the constraints on the dependency [Rank  Base_Salary]. Constraints are classified into two types: ◦ Changing the value of an attribute. ◦ Deleting or inserting records. The Constraint and Dependency Graph (CDG) shows the dependencies and constraints. RankBase_Salary Assistant Prof.60K Associate Prof.75K Prof.90K 5PASSAT 2010

6 A CDG Example + Figure 1. A Constraint and Dependency Graph CDG. 6 2 T 2.a 6 T 1.a 2 T 2.a 5 T 1.a 1 T 1.a 1 < c 1 T 1.a 1 ≥ c 1 c 4 c3 c3 T 1.a 2 + 2 T 2.a 4 3 T 1.a 3  c 1 ≤ a 1  a 2 = c 3  c 1 > a 1  a 2 =c 4  a 4 =2*a 3 +3  a 6 =6*a 2 +2*a 5 6PASSAT 2010

7 Insider Threat Insiders may be able to modify unauthorized data items (on which they have no write access) to the values they want using his/her knowledge about dependencies and constraints. For instance, in Fig. 1, assume that an insider has write access on attribute a 1 and has no write access on attribute a 2. Also, assume that the insider is familiar with the dependencies and constraints. In this case, the insider can modify the value of a 2 to either c 3 or c 4, as he/she prefers, by changing the value of a 1 to a value greater than or equal to c 1, or less than c 1 respectively. 7PASSAT 2010

8 Modification Graphs MGs MGs determine which data items (authorized or unauthorized) insiders can modify. A modification graph of an insider is constructed based on the Knowledgebase of the insider, the CDG and the Dependency Matrix. For example, Consider the CDG as shown in Fig. 1 and assume that the insider has write access to T 1. Fig. 2 shows the modification graph of the insider. I Figure 2. A Modification Graph of an Insider a1a1 a1a1 a2a2 a2a2 a3a3 a3a3 a4a4 a4a4 a6a6 a6a6 T1T1 T1T1 T2T2 T2T2 8PASSAT 2010

9 Preventing Malicious Modifications Preventing Malicious Modifications Preventing malicious modifications can be handled in two ways: ◦ Hiding Dependencies. ◦ Denying Write Access Requests. 9PASSAT 2010

10 Hiding Dependencies Discovering dependencies may pose a threat; it allows insiders to make the changes they want in data items on which they have no write access. Thus, dependencies that help in launching such serious attacks should be hidden. Some data items are not important enough for insiders to be interested in changing them, whereas insiders are interested in changing other data items, which are called sensitive data item. Definition 1. A sensitive data item is the data item which insiders may be interested in changing due the importance and secrecy of the information that it represents. 10PASSAT 2010

11 Cont. To determine which dependencies should be hidden from the insider, we introduced the Sensitivity and Dependency Graph (SDG). It shows the dependencies between attributes, and contains the sensitivity values of different attributes. It is used to determine a cut, which represents the edges (dependencies) that have destined attributes with sensitivity values greater than a predefined threshold for the insider under consideration. Definition 2. Given a set of dependencies S in a relational database, a cut is a set of dependencies C ⊆ S that should be hidden from the insider under consideration. 11PASSAT 2010

12 Cont. To determine a cut: ◦ Threshold values and data items sensitivities should be known. ◦ Then, a Breadth First Search is used, which starts from the attribute on which the insider has write access to determine which edges belong to the cut. 12PASSAT 2010

13 Cont. Suppose that the following is a part of a Sensitivity and Dependency Graph (SDG) for a relational database. X X P P Q Q R R Y Y Z Z 9%9% 56% 75% 91% 10% Assume that an insider K has 50% threshold value, which means he/she is not allowed to change data items with sensitivity > 50%. Suppose that K requests a write access on Y. If the system decides to grant this request to K, it should hide the dependencies that is determined by the Cut shown in the figure. Figure 4. A Cut in a Sensitivity and Dependency Graph 13PASSAT 2010

14 Denying Write Access Requests Hiding dependencies may not be always achievable. The solution in this case is to not grant insiders write accesses on data items in which a change may cause a change in sensitive data items. Use the Modification Graph MG to determine whether an insider can change an unauthorized sensitive data item using some authorized ones. 14PASSAT 2010

15 An Example Scenario EMP_IDNameRankHI_Premium. Employee Table EMP_IDBase_SalaryExperience… Salary Table EMP_IDDependent_NameRelationalship… Dependent Table SalaryTax… <70K6% >=70K & < 90K8% >=90K10% Tax Table Figure 5. An Academic Staff Database Suppose that the following database has the dependencies: 1. Rank  Base_Salary 2. {Base_Salary, Experience}  Salary 3. Number of Dependents  HI_Premium 4.{HI_Premium, Tax, Salary}  Net_Salary Assume that the total salary and net salary is computed as following. - Salary = Base_Salary + 1000$* Experience. - Net_salary = Salary – Salary * Tax - HI_Premium. 15PASSAT 2010

16 Cont. Suppose that the sensitivity values of the data items according to the insider under consideration, say insider K, is as shown the Table 1. Suppose that the threshold value of the insider k is 50%. T ABLE 1. S ENSITIVITY V ALUES A CCORDING TO THE INSIDER K Data item Sensitivity Rank20% Base_Salary90% Experience10% Number of Dependents30% HI_Premium90% Salary100% Net_Salary100% Tax10% 16PASSAT 2010

17 Cont. The following graph represents the SDG of the given database. Figure 6. The SDG of the Academic Staff Database 100% 90% Rank Experience HI_Premium 90% Salary Base_Salary Tax # of Dependents Net_Salary 100% 17PASSAT 2010

18 Cont. Suppose that the insider K requests write access privileges on: o The Rank attribute. o The Experience attribute. o The Dependents table. In this case, if he/she is given write access to those data items, he/she can modify indirectly the sensitive data items: o Base_Salary. o Salary. o HI_Premium. o Net_Salary. 100% 90% Rank Experience HI_Premium 90% Salary Base_Salary Tax # of Dependents Net_Salary 100% Figure 7. The SDG of the Academic Staff Database 18PASSAT 2010

19 Cont. To solve this problem, ensure that the inside is not familiar with some dependencies. However, if hiding those dependencies is not achievable, the requests should be denied. 100% 90% Rank Experience HI_Premium 90% Salary Base_Salary Tax # of Dependents Net_Salary 100% Figure 8. A Cut in the SDG of the Academic Staff Database 19PASSAT 2010

20 Conclusions Insiders who have knowledge of dependencies and their constraints may modify data items, to which they do not have authorized write access, to the value they want. We presented an algorithm for constructing insiders’ Modification Graphs. We have defined the Sensitivity and Dependency graph (SDG), which shows the dependencies between data items and their sensitivity values. We provided two methods to prevent malicious modifications. o First, is to hide dependencies between data items using the cut algorithm. o Second, is to deny write access to some data items using Modification Graphs. 20PASSAT 2010

21 Future Work We plan to discuss HOW to hide risky dependencies. We plan to conduct experiments to establish the effectiveness of the proposed model. 21PASSAT 2010

22 Questions 22PASSAT 2010

Download ppt "Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention Qussai Yaseen and Brajendra Panda 1PASSAT 2010."

Similar presentations

Operating System Security

Operating System Security
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
 Introduction  Fundamentals  Capability Security  Challenges in Secure Capability Systems  Revoking Capabilities  Conclusion.

 Introduction  Fundamentals  Capability Security  Challenges in Secure Capability Systems  Revoking Capabilities  Conclusion.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Assessing the Effect of Deceptive Data in the Web of Trust Yi Hu, Brajendra Panda, and Yanjun Zuo Computer Science and Computer Engineering Department.

Assessing the Effect of Deceptive Data in the Web of Trust Yi Hu, Brajendra Panda, and Yanjun Zuo Computer Science and Computer Engineering Department.
Present by Napasakorn Sukjay Poom Samaharn

Present by Napasakorn Sukjay Poom Samaharn
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
Database Systems Marcus Kaiser School of Computing Science Newcastle University.

Database Systems Marcus Kaiser School of Computing Science Newcastle University.
What does “secure” mean? Protecting Valuables

What does “secure” mean? Protecting Valuables
1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

Similar presentations

Ads by Google