Download presentation
Presentation is loading. Please wait.
Published byΧαρικλώ Κανακάρης-Ρούφος Modified over 5 years ago
1
Data and Applications Security Developments and Directions
Dr. Bhavani Thuraisingham The University of Texas at Dallas Security for Distributed Data Management February 2012
2
Outline Distributed Database Systems
Architecture, Data Distribution, Functions Security Issues Discretionary Security, Multilevel Security Secure Heterogeneous and Federated Systems Single Sign-on and Identity Management Assumption: Network is secure; focusing on securing the data
3
Distributed Architecture
Communication Network Distributed Processor 1 DBMS 1 Data- base 1 base 3 base 2 DBMS 2 DBMS 3 Processor 2 Processor 3 Site 1 Site 2 Site 3
4
Data Distribution S I T E 1 E M P 1 D E P T 1 S S # N a m e S a l a r
y D # D # D n a m e M G R 1 J o h n 2 1 1 C . S c i . J a n e 2 P a u l 3 2 3 J a m e s 4 2 3 E n g l i s h D a v i d 4 J i l l 5 2 5 M a r y 6 1 4 F r e n c h P e t e r 6 J a n e 7 2 S I T E 2 E M P 2 D E P T 2 S S # N a m e S a l a r y D # D # D n a m e M G R 9 M a t h e w 7 5 5 M a t h J o h n 7 D a v i d 8 3 P h y s i c s P a u l 8 P e t e r 9 4 2
5
Distributed Database Functions
Distributed Query Processing Optimization techniques across the databases Distributed Transaction Management Techniques for distributed concurrency control and recovery Distributed Metadata Management Techniques for managing the distributed metadata Distributed Security/Integrity Maintenance Techniques for processing integrity constraints and enforcing access control rules across the databases
6
Secure Distributed Architecture
7
Discretionary Security Mechanism
8
Security Policy Integration
9
Views for Security
10
Secure Distributed Database Functions
11
Architecture for Multilevel Security
12
Multilevel Distributed Data Model
13
MLS/DDBMS Functions
14
Distributed Inference Controller
15
Interoperability of Heterogeneous Database Systems
Database System A Database System B (Relational) (Object- Oriented) Network Transparent access to heterogeneous databases - both users and application programs; Query, Transaction processing Database System C (Legacy)
16
Technical Issues on the Interoperability of Heterogeneous Database Systems
Heterogeneity with respect to data models, schema, query processing, query languages, transaction management, semantics, integrity, and security policies Federated database management Collection of cooperating, autonomous, and possibly heterogeneous component database systems, each belonging to one or more federations Interoperability based on client-server architectures
17
Federated Database Management
Database System A Database System B Federation F1 Cooperating database systems yet maintaining some degree of autonomy Federation F2 Database System C
18
Schema Integration and Transformation in a Federated Environment
Component Schema for Component A for Component B for Component C Generic Schema Export Schema Export Schema I Federated Schema for FDS - 1 for FDS - 2 External Schema 1.2 Schema 2.1 Schema 2.2 Schema 1.1 Export Schema II Adapted from Sheth and Larson, ACM Computing Surveys, September 1990
19
Client-Server Architecture: Example
from Vendor A Client from Vendor B Network Server from Vendor C Server from Vendor D Database Database
20
Security Issues Transforming secure data models
Secure architectures: Heterogeneous and federated data management Security impact on schema/data/policy integration Incomparable/Overlapping security levels Inference Control Secure client-server computing
21
Transforming Secure Data Models
EMP: Level = Secret SS# Ename Salary D# 1 John 20K 10 2 Paul 30K 20 3 Mary 40K Class EMP is Secret It has 3 instances: John, Paul and Mary DEPT Class DEPT is Unclassified It has 2 instances Math and Physics Math is Unclassified Physics is Confidential Level D# Dname Mgr 10 Math Smith U 20 Physics Jones C
22
Security Architecture: Heterogeneous data management
23
Security Architecture: Federated data management
24
Federated Data and Policy Management
Data/Policy for Federation Export Export Data/Policy Data/Policy Export Data/Policy Component Component Data/Policy for Data/Policy for Agency A Agency C Component Data/Policy for Agency B
25
Incomparable Security Levels
26
Overlapping Security Levels
27
Inference Control
28
Secure Client-Server Computing
29
Federated Identity Management
Federated identity, or the ‘federation’ of identity, describes the technologies, standards and use-cases which serve to enable the portability of identity information across otherwise autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration. Identity federation comes in many flavors, including ‘user-controlled’ or ‘user-centric’ scenarios, as well as enterprise controlled or B2B scenarios. Federation is enabled through the use of open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use cases. Typical use-cases involve things such as cross-domain, web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management and cross-domain user attribute exchange.
30
Comments Techniques for centralize data management have to be extended for a distributed/heterogeneous/federated environment Access control enforced across databases Inference control across databases Web will continue to impact the development of secure distributed data managers Network security is critical
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.