Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,

Published byNelson Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,"— Presentation transcript:

1 Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control, inference, and aggregation  Multilevel secure databases: partitioned, cryptographically sealed, filtered

2 Introduction to Databases  Database – collection of data and set of rules that organize the data by specifying certain relationships among the data  Database administrator (DBA)  Database management system (DBMS) – database manager, front- end

3 Introduction to Databases  Records – contain related group of data  Fields (elements) – elementary data items  Schema – logical structure of database  Subschema – view into database

4 Introduction to Databases  Relational Rows (relation); columns (attributes)Rows (relation); columns (attributes) DB2, Oracle, AccessDB2, Oracle, Access  Hierarchical IMSIMS  Object-oriented

5 Introduction to Databases  Queries SELECT NAME = ‘ADAMS’SELECT NAME = ‘ADAMS’ SELECT (ZIP = ‘43210’) ^ (NAME = ‘ADAMS’)SELECT (ZIP = ‘43210’) ^ (NAME = ‘ADAMS’)  Project SHOW FIRST WHERE (ZIP = ‘43210’) ^ (NAME = ‘ADAMS’)SHOW FIRST WHERE (ZIP = ‘43210’) ^ (NAME = ‘ADAMS’)  Join SHOW NAME, AIRPORT WHERESHOW NAME, AIRPORT WHERE NAME.ZIP = AIRPORT.ZIP

6 Advantages of Using Databases  Shared access  Minimal redundancy  Data consistency  Data integrity  Controlled access

7 Security Requirements  Physical database integrity  Logical database integrity  Element integrity  Auditability  Access control  User authentication  Availability

8 Integrity of the Database  Users must be able to trust the accuracy of the data values  Updates are performed by authorized individuals  Integrity is the responsibility of the DBMS, the OS, and the computing system manager  Must be able to reconstruct the database at the point of a failure

9 Element Integrity  Correctness or accuracy of elements  Field checks  Access control  Maintain a change log – list every change made to the database

10 Auditability & Access Control  Desirable to generate an audit record of all access to the database (reads/writes)  Pass-through problem – accessing a record or element without transferring the data received to the user (no reads/writes)  Databases separated logically by user access privileges

11 Other Security Requirements  User Authentication  Confidentiality  Availability

12 Reliability and Integrity  Database integrity  Element integrity  Element accuracy  Some protection from OS File accessFile access Data integrity checksData integrity checks

13 Two-Phase Update  Failure of computing system in middle of modifying data  Intent Phase – gather resources needed for update; write commit flag to the database  Update Phase – make permanent changes

14 Redundancy / Internal Consistency  Error detection / Correction codes (parity bits, Hamming codes, CRCs)  Shadow fields  Log of user accesses and changes

15 Concurrency/Consistency  Access by two users sharing the same database must be constrained (lock)  Monitors –check entered values to ensure consistency with rest of DB  Range Comparisons  State Constraints – describes condition of database (unique employee #)  Transition Constraints – conditions before changes are applied to DB

16 Sensitive Data  Data that should not be made public  What if some but not all of the elements of a DB are sensitive Inherently sensitiveInherently sensitive From a sensitive sourceFrom a sensitive source Declared sensitiveDeclared sensitive Part of a sensitive attribute or recordPart of a sensitive attribute or record Sensitive in relation to previously disclosed informationSensitive in relation to previously disclosed information

17 Access Decisions  Need an access policy (programmed into DBMS)  Availability – blocking; permanent blocking  Acceptability of Access (sensitive data)  Assurance of Authenticity

18 Types of Disclosures  Exact Data  Bounds  Negative Results  Existence of Data  Probable Values

19 Security vs. Precision  Aim to protect all sensitive data while revealing as much nonsensitive data as possible  Want to maintain perfect confidentiality with maximum precision

20 Inference  Way to infer / derive sensitive data from nonsensitive data  Direct Attack List NAME where SEX=M ^ DRUGS=1List NAME where SEX=M ^ DRUGS=1 List NAME where (SEX=M ^ DRUGS=1) v (SEX#M ^ SEX#F) v (DORM=AYRES)List NAME where (SEX=M ^ DRUGS=1) v (SEX#M ^ SEX#F) v (DORM=AYRES)

21 Indirect Attack  Sum Show STUDENT-AID WHERE SEX=F ^ DORM=GreyShow STUDENT-AID WHERE SEX=F ^ DORM=Grey  Count Show Count, STUDENT-AID WHERE SEX=M ^ DORM=HolmesShow Count, STUDENT-AID WHERE SEX=M ^ DORM=Holmes List NAME where (SEX=M ^ DORM=Holmes)List NAME where (SEX=M ^ DORM=Holmes)  Median  Tracker Attacks – using additional queries that produce small results

22 Controls  Suppression – don’t provide sensitive data  Concealing – don’t provide actual values (“close to”)  Limited Response Suppression n-item k-percent rule eliminates low frequency elements from being displayed (may need to suppress additional rows/columns)n-item k-percent rule eliminates low frequency elements from being displayed (may need to suppress additional rows/columns)

23 Controls  Combined Results SumsSums RangesRanges RoundingRounding  Random Sample  Random Data Perturbation  Query Analysis – “should the result be provided”

24 Conclusion on the Inference Problem  Suppress obviously sensitive information  Track what the user knows  Disguise the data

25 Aggregation  Building sensitive results from less sensitive inputs  Data mining – process of sifting through multiple databases and correlating multiple data elements to find useful information

26 Multilevel Databases  Differentiated Security Security of single element may be different from security of other elementsSecurity of single element may be different from security of other elements Two levels – sensitive and nonsensitive are inadequate to represent some security situationsTwo levels – sensitive and nonsensitive are inadequate to represent some security situations Security of an aggregate (sum, count,…) may be different from security of the individual elementsSecurity of an aggregate (sum, count,…) may be different from security of the individual elements  Granularity

27 Security Issues  Integrity *-property for access control*-property for access control Either process cleared at a high level cannot write to a lower level or process must be a “trusted process”Either process cleared at a high level cannot write to a lower level or process must be a “trusted process”  Confidentiality Different users at different levels may get different query resultsDifferent users at different levels may get different query results Polyinstantiation – record can appear more than once with different levels of confidentialityPolyinstantiation – record can appear more than once with different levels of confidentiality

28 Proposals for Multilevel Security  Separation Partitioning – divide DB into separate DBs with own level of sensitivityPartitioning – divide DB into separate DBs with own level of sensitivity Encryption (time consuming)Encryption (time consuming) Integrity Lock – each data item contains a sensitivity label and a checksumIntegrity Lock – each data item contains a sensitivity label and a checksum  Sensitivity label must be unforgeable, unique, concealed  Checksum must be unique  Sensitivity lock

29 Design of Multilevel Secure Databases  Integrity Lock – not efficient (space/time)  Trusted Front-end (Guard) – does authentication and filtering  Commutative Filters – screen user’s requests, reformats, so that only appropriate data is returnedscreen user’s requests, reformats, so that only appropriate data is returned

30 Design of Multilevel Secure Databases  Distributed (federated) database Trusted front-end controls access to two DBMSs – one for high-sensitivity data and one for low-sensitivity dataTrusted front-end controls access to two DBMSs – one for high-sensitivity data and one for low-sensitivity data Very complexVery complex  Window/View Subset of a database containing exactly the information that the user is entitled to accessSubset of a database containing exactly the information that the user is entitled to access

Download ppt "Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,"

Similar presentations

Chapter 10: Designing Databases

Chapter 10: Designing Databases
C6 Databases.

C6 Databases.
Computer Science CSC 405 Introduction to Computer Security Topic 6.2 Multi-Level Databases.

Computer Science CSC 405 Introduction to Computer Security Topic 6.2 Multi-Level Databases.
Information Security Principles & Applications

Information Security Principles & Applications
Managing Data Resources

Managing Data Resources
Database Management: Getting Data Together Chapter 14.

Database Management: Getting Data Together Chapter 14.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
3-1 Chapter 3 Data and Knowledge Management www.prenhall.com/jessup.

3-1 Chapter 3 Data and Knowledge Management
Introduction to Databases Transparencies

Introduction to Databases Transparencies
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.

Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.
Mgt 20600: IT Management & Applications Databases Tuesday April 4, 2006.

Mgt 20600: IT Management & Applications Databases Tuesday April 4, 2006.
Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.

Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.
Last time Finish OTR Database Security Introduction to Databases

Last time Finish OTR Database Security Introduction to Databases
Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.

Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.
SE571 Security in Computing

SE571 Security in Computing
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Chapter 9 Database Management

Chapter 9 Database Management
IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.
5.1 © 2007 by Prentice Hall 5 Chapter Foundations of Business Intelligence: Databases and Information Management.

5.1 © 2007 by Prentice Hall 5 Chapter Foundations of Business Intelligence: Databases and Information Management.

Similar presentations

Ads by Google