Presentation is loading. Please wait.

Presentation is loading. Please wait.

Current Trends in Data Security

Published byมโน สโตเกอร์ Modified over 6 years ago

Similar presentations

Presentation on theme: "Current Trends in Data Security"— Presentation transcript:

1 Current Trends in Data Security

2 Data Security Dorothy Denning, 1982:
Data Security is the science and study of methods of protecting data (...) from unauthorized disclosure and modification Data Security = Confidentiality + Integrity

3 Data Security Distinct from systems and network security Tools:
Assumes these are already secure Tools: Cryptography, information theory, statistics, … Applications: An enabling technology

4 Outline Traditional data security Two attacks
Data security research today Conclusions

5 Traditional Data Security
Security in SQL = Access control + Views Security in statistical databases = Theory

6 [Griffith&Wade'76, Fagin'78]
Access Control in SQL GRANT privileges ON object TO users [WITH GRANT OPTIONS] privileges = SELECT | INSERT | DELETE | object = table | attribute REVOKE privileges ON object FROM users [CASCADE ]

7 Views in SQL A SQL View = (almost) any SQL query Typically used as:
CREATE VIEW pmpStudents AS SELECT * FROM Students WHERE… Views hide sensitive data by omitting rows, columns, braking associations, or computing aggregates GRANT SELECT ON pmpStudents TO DavidRispoli

8 Summary of SQL Security
Limitations: No row level access control Table creator owns the data: that’s unfair ! Access control = great success story of the DB community... … or spectacular failure: Only 30% assign privileges to users/roles And then to protect entire tables, not columns

9 Summary (cont) Most policies in middleware: slow, error prone:
SAP has 10**4 tables GTE over 10**5 attributes A brokerage house has 80,000 applications A US government entity thinks that it has 350K Today the database is not at the center of the policy administration universe [Rosenthal&Winslett’2004]

10 Security in Statistical DBs
[Adam&Wortmann’89] Security in Statistical DBs Goal: Allow arbitrary aggregate SQL queries Hide confidential data SELECT name FROM Patient WHERE age=42 and sex=‘M’ and diagnostic=‘schizophrenia’ Not OK SELECT count(*) FROM Patients WHERE age=42 and sex=‘M’ and diagnostic=‘schizophrenia’ OK

11 Security in Statistical DBs
[Adam&Wortmann’89] Security in Statistical DBs What has been tried: Query restriction Query-size control, query-set overlap control, query monitoring None is practical Data perturbation Most popular: cell combination, cell suppression Other methods, for continuous attributes: may introduce bias Output perturbation For continuous attributes only

12 Summary on Security in Statistical DB
Original goal seems impossible to achieve Cell combination/suppression are popular, but do not allow arbitrary queries

13 Outline Traditional data security Two attacks
Data security research today Conclusions

14 [Chris Anley, Advanced SQL Injection In SQL]
Your health insurance company lets you see the claims online: User: Password: fred ******** First login: Now search through the claims : Search claims by: Dr. Lee SELECT…FROM…WHERE doctor=‘Dr. Lee’ and patientID=‘fred’

15 SQL Injection Now try this: Search claims by:
Dr. Lee’ OR patientID = ‘suciu’; -- …..WHERE doctor=‘Dr. Lee’ OR patientID=‘suciu’; ’ and patientID=‘fred’ Better: Search claims by: Dr. Lee’ OR 1 = 1; --

16 SQL Injection When you’re done, do this: Search claims by:
Dr. Lee’; DROP TABLE Patients; --

17 SQL Injection The DBMS works perfectly. So why is SQL injection possible so often ? Quick answer: Poor programming: use stored procedures ! Deeper answer: Move policy implementation from apps to DB

18 Latanya Sweeney’s Finding
In Massachusetts, the Group Insurance Commission (GIC) is responsible for purchasing health insurance for state employees GIC has to publish the data: GIC(zip, dob, sex, diagnosis, procedure, ...)

19 Latanya Sweeney’s Finding
Sweeney paid $20 and bought the voter registration list for Cambridge Massachusetts: GIC(zip, dob, sex, diagnosis, procedure, ...) VOTER(name, party, ..., zip, dob, sex)

20 Latanya Sweeney’s Finding
zip, dob, sex William Weld (former governor) lives in Cambridge, hence is in VOTER 6 people in VOTER share his dob only 3 of them were man (same sex) Weld was the only one in that zip Sweeney learned Weld’s medical records !

21 Latanya Sweeney’s Finding
All systems worked as specified, yet an important data has leaked How do we protect against that ? Some of today’s research in data security address breaches that happen even if all systems work correctly

22 Summary on Attacks SQL injection: A correctness problem:
Security policy implemented poorly in the application Sweeney’s finding: Beyond correctness: Leakage occurred when all systems work as specified

23 Outline Traditional data security Two attacks
Data security research today Conclusions

24 Research Topics in Data Security
Rest of the talk: Information Leakage Privacy Fine-grained access control Data encryption Secure shared computation

25 Information Leakage: k-Anonymity
[Samarati&Sweeney’98, Meyerson&Williams’04] Information Leakage: k-Anonymity Definition: each tuple is equal to at least k-1 others Anonymizing: through suppression and generalization First Last Age Race Harry Stone 34 Afr-Am John Reyser 36 Cauc Beatrice 47 Afr-am Ramos 22 Hisp First Last Age Race * Stone 30-50 Afr-Am John R* 20-40 Afr-am Hard: NP-complete for supression only Approximations exists

26 Information Leakage: Query-view Security
[Miklau&S’04, Miklau&Dalvi&S’05,Yang&Li’04] Information Leakage: Query-view Security Have data: TABLE Employee(name, dept, phone) Secret Query View(s) Disclosure ? S(name) V(name,phone) total S(name,phone) V1(name,dept) V2(dept,phone) big S(name) V(dept) tiny S(name) where dept=‘HR’ V(name) where dept=‘RD’ none

27 Summary on Information Disclosure
The theoretical research: Exciting new connections between databases and information theory, probability theory, cryptography The applications: many years away [Abadi&Warinschi’05]

28 Privacy “Is the right of individuals to determine for themselves when, how and to what extent information about them is communicated to others” More complex than confidentiality [Agrawal’03]

29 Privacy Involves: Data Owner Requester Purpose Consent
Example: Alice gives her to a web service Involves: Data Owner Requester Purpose Consent Privacy policy: P3P

30 Hippocratic Databases
DB support for implementing privacy policies. Purpose specification Consent Limited use Limited retention Hippocratic DB Privacy policy: P3P Example: [LeFevrey et al. Limiting Disclosure in Hippocratic Databases, VLDB’04] adds the following Policy definitions Much like in fine-grained access control Privacy metadata What data owners opt Purpose From P3P and EPAL Summary: a refinement and extension of fine-grained access control Protection against: Sloppy organizations Malicious organizations [Agrawal’03, LeFevrey’04]

31 Privacy for Paranoids Idea: rely on trusted agents Agent
Agent foreign keys ? Protection against: Sloppy organizations Malicious attackers [Aggarwal’04]

32 Summary on Privacy Major concern in industry Challenge: Legislation
Consumer demand Challenge: How to enforce an organization’s stated policies

33 Fine-grained Access Control
Control access at the tuple level. Policy specification languages Implementation

34 Policy Specification Language
No standard, but usually based on parameterized views. CREATE AUTHORIZATION VIEW PatientsForDoctors AS SELECT Patient.* FROM Patient, Doctor WHERE Patient.doctorID = Doctor.ID and Doctor.login = %currentUser Context parameters

35 Implementation e.g. Oracle SELECT Patient.name, Patient.age
FROM Patient WHERE Patient.disease = ‘flu’ SELECT Patient.name, Patient.age FROM Patient, Doctor WHERE Patient.disease = ‘flu’ and Patient.doctorID = Doctor.ID and Patient.login = %currentUser e.g. Oracle

36 Two Semantics The Truman Model = filter semantics
transform reality ACCEPT all queries REWRITE queries Sometimes misleading results The non-Truman model = deny semantics reject queries ACCEPT or REJECT queries Execute query UNCHANGED May define multiple security views for a user SELECT count(*) FROM Patients WHERE disease=‘flu’ Suppose we allow SELECT count(*) FROM Patients WHERE Patient.disease = %d, but only when the count is > 10. Suppose that there are > 10 patients with flue, and the user knows that. Adopting an instance-independent definition, this query is invalid; but with an instance-dependent definition the query is valid. [Rizvi’04]

37 Summary of Fine Grained Access Control
Trend in industry: label-based security Killer app: application hosting Independent franchises share a single table at headquarters (e.g., Holiday Inn) Application runs under requester’s label, cannot see other labels Headquarters runs Read queries over them Oracle’s Virtual Private Database [Rosenthal&Winslett’2004]

38 Data Encryption for Publishing
Scientist wants to publish medical research data on the Web Users and their keys: Complex Policies: All authorized users: Kuser Patient: Kpat Doctor: Kdr Nurse: Knu Administrator : Kadmin Doctor researchers may access trials Nurses may access diagnostic Etc… What is the encryption granularity ?

39 Data Encryption for Publishing
[Miklau&S.’03] Data Encryption for Publishing Doctor: Kuser, Kdr An XML tree protection: Nurse: Kuser, Knu Nurse+admin: Kuser, Knu, Kadm Kuser Kpat (KnuKadm) Knu  Kdr Kdr Kpat Kmaster <patient> <privateData> <diagnostic> <trial> flu <name> <age> <address> <drug> <placebo> 28 Seattle Tylenol Candy JoeDoe

40 Summary on Data Encryption
Industry: Supported by all vendors: Oracle, DB2, SQL-Server Efficiency issues still largely unresolved Research: Hard theoretical security analysis [Abadi&Warinschi’05]

41 Secure Shared Processing
Alice has a database DBA Bob has a database DBB How can they compute Q(DBA, DBB), without revealing their data ? Long history in cryptography Some database queries are easier than general case

42 Secure Shared Processing
[Agrawal’03] Secure Shared Processing Alice Bob Task: find intersection without revealing the rest a b c d c d e h(a) h(b) h(c) h(d) h(c) h(d) h(e) Compute one-way hash Exchange h(c) h(d) h(e) h(a) h(b) h(c) h(d) What’s wrong ?

43 Secure Shared Processing
[Agrawal’03] Secure Shared Processing Alice commutative encryption: h(x) = EA(EB(x)) = EB(EA(x)) Bob c d e a b c d EA(a) EA(b) EA(c) EA(d) EB(c) EB(d) EB(e) EA EB EB(c) EB(d) EB(e) EA(a) EA(b) EA(c) EA(d) h(c) h(d) h(e) h(a) h(b) h(c) h(d) EA EB h(a) h(b) h(c) h(d) h(c) h(d) h(e)

44 Summary on Secure Shared Processing
Secure intersection, joins, data mining But are there other examples ?

45 Outline Traditional data security Two attacks
Data security research today Conclusions

46 Conclusions Traditional data security confined to one server
Security in SQL Security in statistical databases Attacks possible due to: Poor implementation of security policies: SQL injection Unintended information leakage in published data

47 Conclusions State of the industry:
Data security policies: scattered throughout applications Database no longer center of the security universe Needed: automatic means to translate complex policies into physical implementations State of research: data security in global data sharing Information leakage, privacy, secure computations, etc. Database research community has an increased appetite for cryptographic techniques

48 Questions ?

Download ppt "Current Trends in Data Security"

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
21-1 Last time Database Security  Data Inference  Statistical Inference  Controls against Inference Multilevel Security Databases  Separation  Integrity.

21-1 Last time Database Security  Data Inference  Statistical Inference  Controls against Inference Multilevel Security Databases  Separation  Integrity.
Database Security CS461/ECE422 Spring 2012. Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Database Security CS461/ECE422 Spring Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Database Management System

Database Management System
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
1 Current Trends in Data Security Dan Suciu Joint work with Gerome Miklau.

1 Current Trends in Data Security Dan Suciu Joint work with Gerome Miklau.
1 Lecture 13: Security Wednesday, October 26, 2006.

1 Lecture 13: Security Wednesday, October 26, 2006.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.

Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
1 Lecture 15-16: Security Wednesday, May 17, 2006.

1 Lecture 15-16: Security Wednesday, May 17, 2006.
1 Lecture 14: Midterm Review Security Friday, February 4, 2005.

1 Lecture 14: Midterm Review Security Friday, February 4, 2005.
1 Database Security Floris Geerts. Course organization One introductory lecture (this one) Then, a range of db security topics presented by you You will.

1 Database Security Floris Geerts. Course organization One introductory lecture (this one) Then, a range of db security topics presented by you You will.
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.
SEC835 Practical aspects of security implementation Part 1.

SEC835 Practical aspects of security implementation Part 1.
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google