Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja."— Presentation transcript:

1 Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja

2 Main Types of Security:  Enforce security of portions of a database against unauthorized access  - Database Security and Authorization Subsystem  Prevent unauthorized persons from accessing the system itself  - Access Control  Control the access to statistical databases  - Statistical Database Security  Protect sensitive data that is being transmitted via some type of communications  - Data Encryption

3 Database Security and Authorization Subsystem  Discretionary Security Mechanisms - concerned with defining, modeling, and enforcing access to information  Mandatory Security Mechanisms for Multilevel Security - requires that data items and users are assigned to certain security labels

4 Mandatory Access Control Elements: OBJECTS CLASSIFICATIONS -- class(o)-- SUBJECTS CLEARANCE --clear(s)-- Levels : Top Secret, Secret, Confidential, Unclassified

5 Mandatory Access Control Rules:  Simple Property: subject s is allowed to read data item d if clear(s) ≥ class(d)  *-property: subject s is allowed to write data item d if clear(s) ≤ class(d)  Simple Property protects information from unauthorized access  *-property protects data from contamination or unauthorized modification

6 Multilevel Security Databases- example Set up: we have: - subject x with clear(x) = TS - subject y with clear(y) = S - subject z with clear(z) = U Project NameTopicLocationTC Black, TSDatabases, TSLos Angeles, TSTS Silver, SSupply Chain, SNew York, SS Gold, UInventories, SAtlanta, SS Indigo, UTelecommunication, UAustin, UU

7 Multilevel Security Databases- example Project NameTopicLocationTC Black, TSDatabases, TSLos Angeles, TSTS Silver, SSupply Chain, SNew York, SS Gold, UInventories, SAtlanta, SS Indigo, UTelecommunication, UAustin, UU Project NameTopicLocationTC Silver, SSupply Chain, SNew York, SS Gold, UInventories, SAtlanta, SS Indigo, UTelecommunication, UAustin, UU

8 Multilevel Security Databases- example Project NameTopicLocationTC Black, TSDatabases, TSLos Angeles, TSTS Silver, SSupply Chain, SNew York, SS Gold, UInventories, SAtlanta, SS Indigo, UTelecommunication, UAustin, UU Project NameTopicLocationTC Gold, U-, U U Indigo, UTelecommunication, UAustin, UU

9 Multilevel Security Databases- example  subject z wants to insert the next tuple Project NameTopicLocationTC Black, TSDatabases, TSLos Angeles, TSTS Silver, SSupply Chain, SNew York, SS Gold, UInventories, SAtlanta, SS Indigo, UTelecommunication, UAustin, UU Silver, ULinear Programming, UOmaha, UU Polyinstantiation : the existence of multiple data objects with the same key

10 Multilevel Security Databases- example Project NameTopicLocationTC Gold, U-, U U Indigo, UTelecommunication, UAustin, UU  subject z wants to replace the null values with certain data items Project NameTopicLocationTC Black, TSDatabases, TSLos Angeles, TSTS Silver, SSupply Chain, SNew York, SS Gold, UInventories, SAtlanta, SS Indigo, UTelecommunication, UAustin, UU Gold, UMarkov Chain, UNew Jersey, UU

11 Security Relevant Knowledge Entity Relationship -- describes the structural part of the database Data Flow Diagram -- represents the functions the system should perform Classification Constraints To assign to security classifications concepts of schemas: - ones that classify items - ones that classify query results

12 System Object What is it? Entity type Specialization type Relationship type In security it is the target of protection Notation O(A 1..,A n ) - A i (i=1..N) is an attribute and is defined over domain D i Has an identity property (key attributes) A ⊆ (A 1,..,A n )

13 Multilevel Secure Application MAJOR QUESTION: Which way should the attributes and occurrences of O be assigned to proper security classifications? CLASSIFICATION RESULT: Security object O  multilevel security object O m Performed by means of security constraints

14 Graphical Extensions to the ER N X P (U)(Co)(S) [U..S][Co..TS] (TS) Secrecy Levels Ranges of Secrecy Levels Aggregation leading to TS (N..constant) Inference leading to Co Evaluation of predicate P Security dependency

15 SSN Name Dep Salary Title Function SSN Date Client Subject EmployeeProject Is Assigned to (0,N)(0,M) ER Diagram

16 Object Classification Constraints – Simple Constraints Let X be a set of attributes of security object O (X ⊆ {A 1,…,A n }) SiC (O(X))=C, (C ∈ SL) Results in a multilevel object O m (A 1, C 1,…, A n, C n,TC) where C i =C ∀ A i ∈ X, C i left unchanged for A i ∉ X Application to ER: - SiC(Is Assigned to,{Function},S) - assigns property Function of relationship “Is Assigned to” to a classification of secret.

17 SSN Name Dep Salary Title Function SSN Date Client Subject EmployeeProject Is Assigned to (0,N)(0,M) ER Diagram – classifying properties of security objects

18 Object Classification Constraints – Content-based Constraints Let A i be an attribute of security object O with domain D i, let P be a predicate defined on A i and let X ⊆ {A i,…,A n } CbC (O(X), P: A i θ a) = C or CbC (O(X), P: A i θ A j ) = C (θ ∈ {=,≠,,≤,≥}, a ∈ D i, i ≠ j, C ∈ SL) For any instance o of security object O(A 1,…,A n ) for which a predicate evaluates into true the transformation into o(a 1,c 1,…,a n,c n,tc) is performed Classifications are assigned in a way that c i = C in the case A i ∈ X, c i left unchanged otherwise Application to ER: - CbC (Employee, {SSN, Name}, Salary, ‘≥’, ‘100’, Co)) - represents the semantic that properties SSN and Name of employees with a salary ≥ 100 are treated as confidential information

19 SSN Name Dep Salary Title Function SSN Date Client Subject EmployeeProject Is Assigned to P (0,N)(0,M) ER Diagram – classifying properties of security objects

20 Object Classification Constraints – Complex Constraints Let O, O ’ be two security objects and the existence of an instance o of O is dependent on the existence of a corresponding occurrence o ’ of O ’ where the k values of the identifying property K’ of o’ are identical to k values of attributes of o (foreign key) Let P(O ’ ) be a valid predicate defined on o’ and let X ⊆ {A 1,…,A n } be an attribute set of O CoC (O(X), P(O ’ )) = C (C ∈ SL) For every instance o of security object O(A 1,…,A n ) for which a predicate evaluates into true in the related object o’ of O ’ the transformation into o(a 1,c 1,…,a n,c n,tc) is performed Classifications are assigned in a way that c i = C in the case A i ∈ X, c i left unchanged otherwise

21 Object Classification Constraints – Complex Constraints (con’t) Application to ER: - CoC (Is Assigned to, {SSN}, Project, Subject, ‘=‘, ‘Research’, S) - individual assignment data (SSN) is regarded as secret information in the case the assignment refers to a project with Subject = ‘Research’

22 SSN Name Dep Salary Title Function SSN Date Client Subject EmployeeProject Is Assigned to P P (0,N)(0,M) ER Diagram – classifying properties of security objects

23 Object Classification Constraints – Level-based Constraints Let level (A i ) be a function that returns the classification c i of the value of attribute Ai in object o(a 1,c 1,…,a n,c n,tc) of a multilevel security object O m Let X be a set of attributes of O m such that X ⊆ {A 1,…,A n } LbC (O(X)) = level (A i ) Result for every object o(a 1,c 1,…,a n,c n,tc) to the assignment c j = c i in the case A j ∈ X Application to ER: - LbC (Project, {Client}, Subject) - states that property Client of security object Project must always have the same classification as the property Subject of the Project

24 SSN Name Dep Salary Title Function SSN Date Client Subject EmployeeProject Is Assigned to P P (0,N)(0,M) ER Diagram – classifying properties of security objects

25 Query Result Classification Constraints – Association-based Constraints Let O (A 1,…A n ) be a security object with identifying property K Let X (X ⊆ {A 1,…,A n } (K ⋂ X = {}) be a set of attributes of O AbC (O (K,X)) = C (C ∈ SL) Results in the assignment of security level C to the retrieval result of each query that takes X together with identifying property K Application to ER: - AbC (Employee, {Salary}, Co) - the salary of an individual person is confidential - the value of salaries without the information which employee gets what salary is unclassified

26 SSN Name Dep Salary Title Function SSN Date Client Subject EmployeeProject Is Assigned to (0,N)(0,M) ER Diagram – classifying query results [Co]

27 Query Result Classification Constraints – Aggregation Constraints Let count(O) be a function that returns the number of instances referenced by a particular query and belonging to security object O (A 1,…,A n ) Let X (X ⊆ {A 1,…,A n }) be sensitive attributes of O AgC (O, (X, count(O) > n = C (C ∈ SL, n ∈ N) Result into the classification C for the retrieval result of a query in the case count(O) > n, i.e. the number of instances of O referenced by a query accessing properties X exceeds the value n

28 Query Result Classification Constraints – Aggregation Constraints (con’t) Application to ER: - AgC (Is Assigned to, {Title}, ‘3’, S) - the information which employee is assigned to what projects is regarded as unclassified - aggregating all assignments for a certain project and thereby inferring which team is responsible for what project is considered secret

29 SSN Name Dep Salary Title Function SSN Date Client Subject EmployeeProject Is Assigned to (0,N)(0,M) ER Diagram – classifying query results [Co] 3

30 Query Result Classification Constraints – Inference Constraints Let PO be the set of multilevel objects involved in a potential logical inference Let O, O ’ be two particular objects from PO with corresponding multilevel representation O (A 1,C 1,…,A n,C n,TC) and O ’ (A ’ 1,C ’ 1,…,A ’ n,C ’ n,TC ’ ) Let X ⊆ {A 1,…,A n } and Y ⊆ {A ’ 1,…,A ’ n }) IfC (O(X), O ’ (Y)) = C Results into the assignment of security level C to the retrieval result of each query that takes Y together with the properties in X

31 Query Result Classification Constraints – Inference Constraints (con’t) Application to ER: - IfC (Employee, {Dep}, Project, {Subject}, Co) - consider the situation where the information which employee is assigned to what projects is considered as confidential - from having access to the department an employee works for and to the subject of a project, users may infer which department may be responsible for the project and thus may conclude which employee are involved

32 SSN Name Dep Salary Title Function SSN Date Client Subject EmployeeProject Is Assigned to (0,N)(0,M) ER Diagram – classifying query results X [Co] 3

33 QUESTION?

Download ppt "Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja."

Similar presentations

Transform an ER Model into a Relational Database Schema

Transform an ER Model into a Relational Database Schema
Entity-Relationship (ER) Modeling

Entity-Relationship (ER) Modeling
Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.

Rasool Jalili; 2 nd semester ; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Database Management System

Database Management System
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 7 Data Modeling Using the Entity- Relationship (ER) Model.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 7 Data Modeling Using the Entity- Relationship (ER) Model.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Sicurezza Informatica Prof. Stefano Bistarelli

Sicurezza Informatica Prof. Stefano Bistarelli
8/28/97Information Organization and Retrieval Files and Databases University of California, Berkeley School of Information Management and Systems SIMS.

8/28/97Information Organization and Retrieval Files and Databases University of California, Berkeley School of Information Management and Systems SIMS.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
LOGICAL DATABASE DESIGN

LOGICAL DATABASE DESIGN
Data Modeling Using the Entity-Relationship Model

Data Modeling Using the Entity-Relationship Model
DeSiamorewww.desiamore.com/ifm1 Database Management Systems (DBMS)  www.desiamore.com/ifm B. Computer Science and BSc IT Year 1.

DeSiamorewww.desiamore.com/ifm1 Database Management Systems (DBMS)  B. Computer Science and BSc IT Year 1.
CSE314 Database Systems Data Modeling Using the Entity- Relationship (ER) Model Doç. Dr. Mehmet Göktürk src: Elmasri & Navanthe 6E Pearson Ed Slide Set.

CSE314 Database Systems Data Modeling Using the Entity- Relationship (ER) Model Doç. Dr. Mehmet Göktürk src: Elmasri & Navanthe 6E Pearson Ed Slide Set.
CSC271 Database Systems Lecture # 6. Summary: Previous Lecture  Relational model terminology  Mathematical relations  Database relations  Properties.

CSC271 Database Systems Lecture # 6. Summary: Previous Lecture  Relational model terminology  Mathematical relations  Database relations  Properties.
Information storage: Introduction of database 10/7/2004 Xiangming Mu.

Information storage: Introduction of database 10/7/2004 Xiangming Mu.

Similar presentations

Ads by Google