Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 13: Midterm Review and Security

Published byAleesha Evans Modified over 6 years ago

Similar presentations

Presentation on theme: "Lecture 13: Midterm Review and Security"— Presentation transcript:

1 Lecture 13: Midterm Review and Security
Monday, April 23, 2007

2 Midterm ! Wednesday, 12:30-1:20, in class. Problem 1: SQL
Problem 2: E/R diagrams Problem 3: Conceptual design, BCNF Open book exam

3 Problem 1: SQL Basic SELECT-FROM-WHERE Aggregates and GROUP BY
Subqueries and non-monotone queries NOT EXISTS ALL INSERT/DELETE/UPDATE

4 Problem 2: E/R Diagrams E/R diagram basics Conversion to relations
entity sets, relationships, IS-A, weak entity sets Read all slides - including weak entity sets (for midterm and/or final) Conversion to relations What are the keys ? The foreign keys ? Subtleties Many-one or one-one relationships IS-A Weak entity sets

5 Problem 3: FDs and BCNF Anomalies Basic definition Inference BCNF
What does X --> Y mean, how do we check if it holds Inference Armstrong’s rules, X+ BCNF Use the algorithm on the slides

6 Final Advice Open book Some questions are easy, others are harder
But don’t plan on reading during the midterm ! Some questions are easy, others are harder Do the easier ones first Have fun !

7 Outline SQL Security – 8.7 Two famous attacks Two new trends
Optional material; May not have time to cover in class

8 Discretionary Access Control in SQL
GRANT privileges ON object TO users [WITH GRANT OPTIONS] privileges = SELECT | INSERT(column-name) | UPDATE(column-name) | DELETE | REFERENCES(column-name) object = table | attribute

9 Examples GRANT INSERT, DELETE ON Customers TO Yuppy WITH GRANT OPTIONS
Queries allowed to Yuppy: INSERT INTO Customers(cid, name, address) VALUES(32940, ‘Joe Blow’, ‘Seattle’) DELETE Customers WHERE LastPurchaseDate < 1995 SELECT Customer.address FROM Customer WHERE name = ‘Joe Blow’ Queries denied to Yuppy:

10 Examples GRANT SELECT ON Customers TO Michael
Now Michael can SELECT, but not INSERT or DELETE

11 Examples GRANT SELECT ON Customers TO Michael WITH GRANT OPTIONS
Michael can say this: GRANT SELECT ON Customers TO Yuppi Now Yuppi can SELECT on Customers

12 Examples GRANT UPDATE (price) ON Product TO Leah
Leah can update, but only Product.price, but not Product.name

13 Examples Customer(cid, name, address, balance) Orders(oid, cid, amount) cid= foreign key Bill has INSERT/UPDATE rights to Orders. BUT HE CAN’T INSERT ! (why ?) GRANT REFERENCES (cid) ON Customer TO Bill Now Bill can INSERT tuples into Orders

14 Fred is not allowed to see this
Views and Security David owns Fred is not allowed to see this Customers: Name Address Balance Mary Huston 450.99 Sue Seattle -240 Joan 333.25 Ann Portland -520 CREATE VIEW PublicCustomers SELECT Name, Address FROM Customers GRANT SELECT ON PublicCustomers TO Fred David says

15 John is allowed to see only <0 balances
David owns Views and Security John is allowed to see only <0 balances Customers: Name Address Balance Mary Huston 450.99 Sue Seattle -240 Joan 333.25 Ann Portland -520 CREATE VIEW BadCreditCustomers SELECT * FROM Customers WHERE Balance < 0 GRANT SELECT ON BadCreditCustomers TO John David says

16 Views and Security . . . Each customer should see only her/his record
David says Views and Security Each customer should see only her/his record CREATE VIEW CustomerMary SELECT * FROM Customers WHERE name = ‘Mary’ GRANT SELECT ON CustomerMary TO Mary Name Address Balance Mary Huston 450.99 Sue Seattle -240 Joan 333.25 Ann Portland -520 CREATE VIEW CustomerSue SELECT * FROM Customers WHERE name = ‘Sue’ GRANT SELECT ON CustomerSue TO Sue Doesn’t scale. Need row-level access control !

17 Revocation REVOKE [GRANT OPTION FOR] privileges ON object FROM users { RESTRICT | CASCADE } Administrator says: REVOKE SELECT ON Customers FROM David CASCADE John loses SELECT privileges on BadCreditCustomers

18 Same privilege, same object, GRANT OPTION
Revocation Same privilege, same object, GRANT OPTION Joe: GRANT [….] TO Art … Art: GRANT [….] TO Bob … Bob: GRANT [….] TO Art … Joe: GRANT [….] TO Cal … Cal: GRANT [….] TO Bob … Joe: REVOKE [….] FROM Art CASCADE What happens ??

19 Revocation Admin Revoke 1 Joe Art 4 2 3 Cal Bob 5
1 Joe Art 4 2 3 Cal Bob 5 According to SQL everyone keeps the privilege

20 Summary of SQL Security
Limitations: No row level access control Table creator owns the data: that’s unfair ! Access control = great success story of the DB community... … or spectacular failure: Only 30% assign privileges to users/roles And then to protect entire tables, not columns

21 Summary (cont) Most policies in middleware: slow, error prone:
SAP has 10**4 tables GTE over 10**5 attributes A brokerage house has 80,000 applications A US government entity thinks that it has 350K Today the database is not at the center of the policy administration universe [Rosenthal&Winslett’2004]

22 Two Famous Attacks SQL injection Sweeney’s example

23 [Chris Anley, Advanced SQL Injection In SQL]
Your health insurance company lets you see the claims online: User: Password: fred ******** First login: Now search through the claims : Search claims by: Dr. Lee SELECT…FROM…WHERE doctor=‘Dr. Lee’ and patientID=‘fred’

24 SQL Injection Now try this: Search claims by:
Dr. Lee’ OR patientID = ‘suciu’; -- …..WHERE doctor=‘Dr. Lee’ OR patientID=‘suciu’; ’ and patientID=‘fred’ Better: Search claims by: Dr. Lee’ OR 1 = 1; --

25 SQL Injection When you’re done, do this: Search claims by:
Dr. Lee’; DROP TABLE Patients; --

26 SQL Injection The DBMS works perfectly. So why is SQL injection possible so often ? Quick answer: Poor programming: use stored procedures ! Deeper answer: Move policy implementation from apps to DB

27 Latanya Sweeney’s Finding
In Massachusetts, the Group Insurance Commission (GIC) is responsible for purchasing health insurance for state employees GIC has to publish the data: GIC(zip, dob, sex, diagnosis, procedure, ...)

28 Latanya Sweeney’s Finding
Sweeney paid $20 and bought the voter registration list for Cambridge Massachusetts: GIC(zip, dob, sex, diagnosis, procedure, ...) VOTER(name, party, ..., zip, dob, sex)

29 Latanya Sweeney’s Finding
zip, dob, sex William Weld (former governor) lives in Cambridge, hence is in VOTER 6 people in VOTER share his dob only 3 of them were man (same sex) Weld was the only one in that zip Sweeney learned Weld’s medical records !

30 Latanya Sweeney’s Finding
All systems worked as specified, yet an important data has leaked How do we protect against that ? Some of today’s research in data security address breaches that happen even if all systems work correctly

31 Summary on Attacks SQL injection: A correctness problem:
Security policy implemented poorly in the application Sweeney’s finding: Beyond correctness: Leakage occurred when all systems work as specified

32 Two Novel Techniques K-anonymity, information leakage
Row-level access control

33 Information Leakage: k-Anonymity
[Samarati&Sweeney’98, Meyerson&Williams’04] Information Leakage: k-Anonymity Definition: each tuple is equal to at least k-1 others Anonymizing: through suppression and generalization First Last Age Race * Stone 30-50 Afr-Am John R* 20-40 Afr-am First Last Age Race Harry Stone 34 Afr-Am John Reyser 36 Cauc Beatrice 47 Afr-am Ramos 22 Hisp Disease Flue Measels Pain Fever Hard: NP-complete for suppression only Approximations exists; but work poorly in practice

34 Information Leakage: Query-view Security
[Miklau&S’04, Miklau&Dalvi&S’05,Yang&Li’04] Information Leakage: Query-view Security Have data: TABLE Employee(name, dept, phone) Secret Query View(s) Disclosure ? S(name) V(name,phone) total S(name,phone) V1(name,dept) V2(dept,phone) big S(name) V(dept) tiny S(name) where dept=‘HR’ V(name) where dept=‘RD’ none

35 Fine-grained Access Control
Control access at the tuple level. Policy specification languages Implementation

36 Policy Specification Language
No standard, but usually based on parameterized views. CREATE AUTHORIZATION VIEW PatientsForDoctors AS SELECT Patient.* FROM Patient, Doctor WHERE Patient.doctorID = Doctor.ID and Doctor.login = %currentUser Context parameters

37 Implementation SELECT Patient.name, Patient.age FROM Patient
WHERE Patient.disease = ‘flu’ SELECT Patient.name, Patient.age FROM Patient, Doctor WHERE Patient.disease = ‘flu’ and Patient.doctorID = Doctor.ID and Patient.login = %currentUser e.g. Oracle

38 Two Semantics SELECT count(*) FROM Patients WHERE disease=‘flu’
The Truman Model = filter semantics transform reality ACCEPT all queries REWRITE queries Sometimes misleading results The non-Truman model = deny semantics reject queries ACCEPT or REJECT queries Execute query UNCHANGED May define multiple security views for a user SELECT count(*) FROM Patients WHERE disease=‘flu’ Suppose we allow SELECT count(*) FROM Patients WHERE Patient.disease = %d, but only when the count is > 10. Suppose that there are > 10 patients with flue, and the user knows that. Adopting an instance-independent definition, this query is invalid; but with an instance-dependent definition the query is valid. [Rizvi’04]

39 Summary on Information Disclosure
The theoretical research: Exciting new connections between databases and information theory, probability theory, cryptography The applications: many years away [Abadi&Warinschi’05]

40 Summary of Fine Grained Access Control
Trend in industry: label-based security Killer app: application hosting Independent franchises share a single table at headquarters (e.g., Holiday Inn) Application runs under requester’s label, cannot see other labels Headquarters runs Read queries over them Oracle’s Virtual Private Database [Rosenthal&Winslett’2004]

Download ppt "Lecture 13: Midterm Review and Security"

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Security CS461/ECE422 Spring 2012. Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Database Security CS461/ECE422 Spring Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Database Management System

Database Management System
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
1 Current Trends in Data Security Dan Suciu Joint work with Gerome Miklau.

1 Current Trends in Data Security Dan Suciu Joint work with Gerome Miklau.
1 Lecture 13: Security Wednesday, October 26, 2006.

1 Lecture 13: Security Wednesday, October 26, 2006.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
1 Lecture 15-16: Security Wednesday, May 17, 2006.

1 Lecture 15-16: Security Wednesday, May 17, 2006.
1 Lecture 14: Midterm Review Security Friday, February 4, 2005.

1 Lecture 14: Midterm Review Security Friday, February 4, 2005.
Database Systems Marcus Kaiser School of Computing Science Newcastle University.

Database Systems Marcus Kaiser School of Computing Science Newcastle University.
1 Database Security Floris Geerts. Course organization One introductory lecture (this one) Then, a range of db security topics presented by you You will.

1 Database Security Floris Geerts. Course organization One introductory lecture (this one) Then, a range of db security topics presented by you You will.
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.
ABC Insurance Co. Paul Barry Steve Randolph Jing Zhou CSC8490 Database Systems & File Management Dr. Goelman Villanova University August 2, 2004.

ABC Insurance Co. Paul Barry Steve Randolph Jing Zhou CSC8490 Database Systems & File Management Dr. Goelman Villanova University August 2, 2004.
SEC835 Practical aspects of security implementation Part 1.

SEC835 Practical aspects of security implementation Part 1.
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google