Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security - Farkas 1 Database Security and Privacy.

Published byTobias Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Database Security - Farkas 1 Database Security and Privacy."— Presentation transcript:

1 Database Security - Farkas 1 Database Security and Privacy

2 2Database Security - Farkas Security Objectives Secrecy Prevent/detect/deter improper Disclosure of information Availability Prevent/detect/deter improper Denial of access to services Integrity Prevent/detect/deter Improper modification of information

3 3Database Security - Farkas Policy Organizational policy Information systems policy

4 Databases Collection of Collection of interrelated data and interrelated data and set of programs to access the data set of programs to access the data Convenient and efficient processing of data Convenient and efficient processing of data Database Application Software Database Application Software 4Database Security - Farkas

5 Database Security Protect Sensitive Data from Protect Sensitive Data from Unauthorized disclosure Unauthorized disclosure Unauthorized modification Unauthorized modification Denial of service attacks Denial of service attacks Security Controls Security Controls Security Policy Security Policy Access control models Access control models Integrity protection Integrity protection Privacy problems Privacy problems Fault tolerance and recovery Fault tolerance and recovery Auditing and intrusion detection Auditing and intrusion detection 5Database Security - Farkas

6 6 Protection of Data Confidentiality  Access control  Access control – which data users can access  Information flow control  Information flow control – what users can do with the accessed data  Data Mining

7 7Database Security - Farkas Access Control direct accesses  Ensures that all direct accesses to object are authorized read, write and execution  Protects against accidental and malicious threats by regulating the read, write and execution of data and programs

8 8Database Security - Farkas Access Control Requires: - Proper user identification - Information specifying the access rights is protected form modification

9 9Database Security - Farkas  Access control components: Access control policy - Access control policy: specifies the authorized accesses of a system Access control mechanism - Access control mechanism: implements and enforces the policy Access Control

10 HOW TO SPECIFY ACCESS CONTROL? 10Database Security - Farkas

11 11Database Security - Farkas Access Control  Subject: active entity that requests access to an object - e.g., user or program  Object: passive entity accessed by a subject - e.g., record, relation, file  Access right (privileges): how a subject is allowed to access an object - e.g., subject s can read object o

12 12Database Security - Farkas Protection Object Database Database Relation Relation Record Record Attribute Attribute Element Element Advantages vs. disadvantages of supporting different granularity levels

13 13Database Security - Farkas Relation-Level Granularity Person- name Company- name Salary SmithBB&C$43,982 DellBell$97,900 BlackBB&C$35,652 Confidential relation

14 14Database Security - Farkas Tuple-level Granularity Person-name Company- name Salary SmithBB&C $43,982 Public DellBell $97,900 Conf. BlackBB&C $35,652 Public Works

15 15Database Security - Farkas Attribute-Level Granularity Person- name Person- name Publ. Company- name Publ. Salary Conf. Conf. SmithBB&C$43,982 DellBell$97,900 BlackBB&C$35,652 Works

16 16Database Security - Farkas Cell-Level Granularity Person- name Company- name Salary Smith P BB&C P $43,982 C Dell C Bell C $97,900 C Black P BB&C C $35,652 C Works

17 17Database Security - Farkas Access Control Policies DAC  Discretionary Access Control (DAC) MAC  Mandatory Access Control (MAC) RBAC  Role-Based Access Control (RBAC)

18 18Database Security - Farkas Discretionary Access Control (DAC) each subject  For each subject access right to the objects are defined  (subject, object, +/- access mode)  (Black, Employee-relation, read)  User based  Grant and Revoke  Problems: - Propagation of access rights - Revocation of propagated access rights

19 19Database Security - Farkas DAC by Grant and Revoke Brown (owner) Black Red White GRANT SELECT ON Employee TO Red GRANT SELECT ON Employee TO Black WITH GRANT OPTION ? Brown revokes grant given to Black ? Brown does not want Red to access the Employee relation GRANT UPDATE(Salary) ON Employee TO White

20 20Database Security - Farkas Implementation Access Control List (column) File 1File 2Joe:Read Joe:WriteSam:Read Joe:OwnSam:Write Sam:Own Capability List (row) Joe: File 1/Read, File 1/Write, File 1/Own, File 2/Read Sam: File 2/Read, File 2/Write, File 2/Own Access Control Triples SubjectAccessObject JoeReadFile 1 JoeWriteFile 1 JoeOwnFile 1 JoeReadFile 2 SamReadFile 2 SamWrite File 2 SamOwnFile 2 (ACL)

21 21Database Security - Farkas Access Control Mechanisms Security through Views Security through Views Stored Procedures Stored Procedures Grant and Revoke Grant and Revoke Query modification Query modification

22 22Database Security - Farkas Security Through Views Assign rights to access predefined views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Problem: Difficult to maintain updates.

23 23Database Security - Farkas Stored Procedures Assign rights to execute compiled programs Assign rights to execute compiled programs GRANT RUN ON TO GRANT RUN ON TO Problem: Programs may access resources for which the user who runs the program does not have permission.

24 24Database Security - Farkas Grant and Revoke GRANT ON GRANT ON To To [WITH GRANT OPTION] ------------------------------------------------------------------------------------------------------------------------------------ GRANT SELECT * ON Student TO Matthews GRANT SELECT * ON Student TO Matthews GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS GRANT SELECT(NAME) ON Student TO Brown GRANT SELECT(NAME) ON Student TO Brown GRANT command applies to base relations as well as views

25 25Database Security - Farkas Grant and Revoke REVOKE [ON ] FROM FROM ------------------------------------------------------------------------------------------------------------------------- REVOKE SELECT* ON Student FROM Blue REVOKE SELECT* ON Student FROM Blue REVOKE UPDATE ON Student FROM Black REVOKE UPDATE ON Student FROM Black REVOKE SELECT(NAME) ON Student FROM Brown REVOKE SELECT(NAME) ON Student FROM Brown

26 26Database Security - Farkas Non-cascading Revoke A B C D E F A B C A revokes D’s privileges E F

27 27Database Security - Farkas Cascading Revoke A B C D E F A B C A revokes D’s privileges

28 28Database Security - Farkas Positive and Negative Authorization Problem: Contradictory authorizations GRANT ON X TO DENY ON X TO A B C E D + - + -

29 29Database Security - Farkas Negative Authorization A B C E D + - + - - F + What should happen with the privilege given by D To F?

30 30Database Security - Farkas Query Modification GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” Blue’s query: Blue’s query: SELECT * FROM Student Modified query: Modified query: SELECT NAME FROM Student WHERE COURSE=“CSCE 590”

31 31Database Security - Farkas DAC Overview Advantages: Advantages: Intuitive Intuitive Easy to implement Easy to implement Disadvantages: Disadvantages: Inherent vulnerability (look TH example) Inherent vulnerability (look TH example) Maintenance of ACL or Capability lists Maintenance of ACL or Capability lists Maintenance of Grant/Revoke Maintenance of Grant/Revoke Limited power of negative authorization Limited power of negative authorization

32 32Database Security - Farkas Mandatory Access Control (MAC)  Security label - Top-Secret, Secret, Public  Objects  Objects: security classification - File 1 is Secret, File 2 is Public  Subjects  Subjects: security clearances - Brown is cleared to Secret, Black is cleared to Public  Dominance  Dominance (  ) - Top-Secret  Secret  Public

33 33Database Security - Farkas MAC  Access rights  Access rights: defined by comparing the security classification of the requested objects with the security clearance of the subject access control rules  If access control rules are satisfied, access is permitted  Otherwise access is rejected  Granularity  Granularity of access rights!

34 34Database Security - Farkas MAC – Bell-LaPadula (BLP) Model  Single security property: a subject S is allowed a read access to an object O only if label(S) dominates label(O)  Star-property: a subject S is allowed a write access to an object O only if label(O) dominates label(S) No direct flow of information from high security objects to low security objects!

35 Multilevel Security Multilevel security  users at different security level, see different versions of the database Multilevel security  users at different security level, see different versions of the database Problem: different versions need to be kept consistent and coherent without downward signaling channel (covert channel) Problem: different versions need to be kept consistent and coherent without downward signaling channel (covert channel) 35Database Security - Farkas

36 Multilevel Relation Schema R(A 1,C 1,…,A n,C n,T c ) Schema R(A 1,C 1,…,A n,C n,T c ) R: relation name R: relation name A i : attribute name A i : attribute name C i : security classes C i : security classes T c : Tuple security classes T c : Tuple security classes Instantiation of relation: sets of tuples of the form Instantiation of relation: sets of tuples of the form a i : attribute value a i : attribute value c i : attribute classification label c i : attribute classification label t c : tuple classification label t c : tuple classification label 36Database Security - Farkas

37 37Database Security - Farkas CSCE 790 - Farkas 37 Multilevel Relation Example SSN (SSN) Course (Course) Grade (Grade) 111-22-3333SCSCE 786SATS 444-55-6666SCSCE 567SCTS Top-secret user sees all data Secret-View Secret user sees Secret-View: SSN (SSN) Course (Course) Grade (Grade) 111-22-3333SCSCE 786SnullS 444-55-6666SCSCE 567SnullS

38 38Database Security - Farkas Polyinstantiation Secret user sees Secret-View: SSN (SSN) Course (Course) Grade (Grade) 111-22-3333SCSCE 786SnullS 444-55-6666SCSCE 567SnullS SSN is primary key Secret user wants to update Grade for 111-22-3333 from null (i.e., missing value) to F Allow update: inconsistent database, at TS level two different tuples exist with the same primary key (see next slide) Not allow update: downward signaling channel, update is because of the existence of a TS value

39 39Database Security - Farkas Polyinstantiation SSN (SSN) Course (Course) Grade (Grade) 111-22-3333SCSCE 786SATS 111-22-3333SCSCE 786SFS 444-55-6666SCSCE 567SCTS Top-Secret View:

Download ppt "Database Security - Farkas 1 Database Security and Privacy."

Similar presentations

Operating System Security

Operating System Security
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Access Control Methodologies

Access Control Methodologies
Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.

Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Computer Science and Engineering 1 What these organizations have in common? American Education Services, PA United States Marine Corps / Penn State University.

Computer Science and Engineering 1 What these organizations have in common? American Education Services, PA United States Marine Corps / Penn State University.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Similar presentations

Ads by Google