1. Overview of Database Security
Introduction
Security Problems
Security Controls
Designing Database Security

2. Outline Flow Control Inference Control Access Control
To these controls, cryptographic techniques can be added
Security Controls

3. Flow Control
Regulates the flow of information among accessible objects
Checks that information contained in some objects does not flow explicitly or implicitly into less protected objects
Policies require admissible flows to be listed or regulated
Security Controls

4. Inference Control
Inference controls aim at protecting data from indirect detection. This occurs when a set of X of data items to be read by a user can be used to obtain the set Y of data as Y=f(X), that is, by applying a function f to X.
An inference channel is a channel where users can find an item X and then use X to derive Y as Y=f(X).
Statistical inference is a further aspect involving of deduction of statistical data via statistical functions.
Security Controls

5. Three Main Inference Channels
Indirect Access
Correlated Data
Missing Data
Security Controls

6. Two Types of Control for Statistical Attacks
Data perturbation
Query control
Security Controls

7. Access Control
Access controls are responsible for ensuring that all direct accesses to the database objects occur exclusively according to the modes and rules fixed by protection policies.
Security Controls

8. Two Components of an Access Control System
A set of security policies and access rules : information stored in the system, stating the access modes to be followed by subjects upon access request
A set of control procedures (Security mechanisms) that check the queries against the stated rules; queries may then be allowed, denied or modified, filtering out unauthorized data
Security Controls

9. Access Control System Control Procedures Security Policies Access
Denied
Access
Permitted
Access
Request
Control
Procedures
Request
Modification
Security
Policies
Access
Rules
Security Controls