Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security DBMS Features Statistical Database Security.

Published byBeverly Brown Modified over 9 years ago

Similar presentations

Presentation on theme: "Database Security DBMS Features Statistical Database Security."— Presentation transcript:

1 Database Security DBMS Features Statistical Database Security

2 Database security CSCE 522 - Eastman/Farkas - Fall 20052 Security Concerns Data Integrity Data Confidentiality Access control Inference control Data Availability

3 Database security CSCE 522 - Eastman/Farkas - Fall 20053 Topics in Text What is a database? Basic definitions for relational DBs DBMS security functionality Inference attacks Multilevel secure databases

4 Database security CSCE 522 - Eastman/Farkas - Fall 20054 Security Concerns Data Integrity Information assurance Data Confidentiality Access control Inference control Data Availability

5 Database security CSCE 522 - Eastman/Farkas - Fall 20055 Security Requirements Physical database integrity Logical database integrity Element integrity Auditability Access control User authentication Availability

6 Database security CSCE 522 - Eastman/Farkas - Fall 20056 Some Techniques and Tools Two-phase commit Intent phase/commit phase Shadow values Backups Audit trails Concurrency management

7 Database security CSCE 522 - Eastman/Farkas - Fall 20057 Checking Data Element level Range checks Tuple/record level State constraints Transition constraints Relation/file level Duplicate key checks Database level

8 Database security CSCE 522 - Eastman/Farkas - Fall 20058 Indirect Information Flow Covert channels Inference channels

9 Database security CSCE 522 - Eastman/Farkas - Fall 20059 Communication Channels Overt Channel: designed into a system and documented in the user's manual Covert Channel: not documented. Covert channels may be deliberately inserted into a system, but most such channels are accidents of the system design.

10 Database security CSCE 522 - Eastman/Farkas - Fall 200510 Covert Channel Need: Two active participants Encoding schema Example: sender modulates the CPU utilization level with the data stream to be transmitted Sender: repeat get a bit to send if the bit is 1 wait one second (don't use CPU time) else busy wait one second (use CPU time) endif until done

11 Database security CSCE 522 - Eastman/Farkas - Fall 200511 Covert Channel Types Timing Channel: based on system times Storage channels: not time related communication Can be turned into each other

12 Database security CSCE 522 - Eastman/Farkas - Fall 200512 Covert Channel Protection Noise Synchronization Protection (user state, system state) Removal Slow down Audit

13 Database security CSCE 522 - Eastman/Farkas - Fall 200513 Inference Channels + Meta-data Sensitive Information Non-sensitive information =

14 Database security CSCE 522 - Eastman/Farkas - Fall 200514 Inference Channels Statistical Database Inferences General Purpose Database Inferences

15 Database security CSCE 522 - Eastman/Farkas - Fall 200515 Statistical Databases Goal: provide aggregate information about groups of individuals E.g., average GPA of students Security risk: specific information about a particular individual E.g., GPA of student John Smith Meta-data Working knowledge about the attributes Supplementary knowledge (not stored in database)

16 Database security CSCE 522 - Eastman/Farkas - Fall 200516 Types of Statistics Macro-statistics: collections of related statistics presented in 2- dimensional tables Micro-statistics: Individual data records used for statistics after identifying information is removed

17 Database security CSCE 522 - Eastman/Farkas - Fall 200517 Macro-statistics Sex\Year19971998Sum Female415 Male 6 1319 Sum101424

18 Database security CSCE 522 - Eastman/Farkas - Fall 200518 Micro-statistics SexCourseGPAYear FCSCE 5903.52000 M CSCE 590 3.02000 FCSCE 7904.02001

19 Database security CSCE 522 - Eastman/Farkas - Fall 200519 Statistical Compromise Exact compromise Find exact value of an attribute of an individual (e.g., John Smith’s GPA is 3.8) Partial compromise Find an estimate of an attribute value corresponding to an individual (e.g., John Smith’s GPA is between 3.5 and 4.0)

20 Database security CSCE 522 - Eastman/Farkas - Fall 200520 Small/Large Query Set Attack C: characteristic formula that identifies groups of individuals If C identifies a single individual I [ count(C) = 1] Find out existence of property If count(C and D)=1 means I has property D If count(C and D)=0 means I does not have D OR Find value of property Sum(C, D), gives value of D

21 Database security CSCE 522 - Eastman/Farkas - Fall 200521 Protection Protection from small/large query set attack: query-set-size control A query q(C) is permitted only if N-n  |C|  n, where n  0 is a parameter of the database and N is all the records in the database

22 Database security CSCE 522 - Eastman/Farkas - Fall 200522 Tracker Attack Tracker C C1 C2 C=C1 and C2 T=C1 and ~C2 q(C)=q(C1) – q(T) q(C) is disallowed

23 Database security CSCE 522 - Eastman/Farkas - Fall 200523 Tracker Attack Tracker C C1 C2 C=C1 and C2 T=C1 and ~C2 D C and D q(C and D)= q(T or C and D) – q(T) q(C and D) is disallowed

24 Database security CSCE 522 - Eastman/Farkas - Fall 200524 Query Overlap Attack C1 C2 John Kathy Max Fred Eve Paul Mitch Q(John)=q(C1)-q(C2) Protection: query-overlap control

25 Database security CSCE 522 - Eastman/Farkas - Fall 200525 Insertion/Deletion Attack Observing changes overtime q 1 =q(C) insert(i) q 2 =q(C) q(i)=q 2 -q 1 Protection: insertion/deletion performed as pairs

26 Database security CSCE 522 - Eastman/Farkas - Fall 200526 Summary of Controls Limited response suppression Combined results, including ranges Random sample Random data perturbation Query analysis

27 Database security CSCE 522 - Eastman/Farkas - Fall 200527 Statistical Inference Theory  Given an unlimited number of statistics and correct statistical answers, all statistical databases can be compromised (Ullman)

28 Database security CSCE 522 - Eastman/Farkas - Fall 200528 The Inference Problem General purpose DBs Usually transaction oriented Retrieve nonsensitive data and infer sensitive data Inference via database constraints Inference via updates

29 Database security CSCE 522 - Eastman/Farkas - Fall 200529 Database Constraints Integrity constraints Database dependencies Key integrity

30 Database security CSCE 522 - Eastman/Farkas - Fall 200530 Integrity Constraints C=A+B A=public, C=public, and B=secret B can be calculated from A and C, i.e., secret information can be calculated from public data

31 Database security CSCE 522 - Eastman/Farkas - Fall 200531 Database Dependencies Functional dependencies Multi-valued dependencies Join dependencies

32 Database security CSCE 522 - Eastman/Farkas - Fall 200532 Functional Dependency FD: A  B For any two tuples in the relation, if they have the same value for A, they must have the same value for B.

33 Database security CSCE 522 - Eastman/Farkas - Fall 200533 Example FD: Rank  Salary Secret information: Name and Salary together Query1: Name and Rank Query2: Rank and Salary Combine answers for Queries 1 and 2 to reveal Name and Salary together

34 Database security CSCE 522 - Eastman/Farkas - Fall 200534 Key Integrity Every tuple in the relation has a unique key Users at different levels see different versions of the database Users might attempt to update data that is not visible for them

35 Database security CSCE 522 - Eastman/Farkas - Fall 200535 Example Name (key)SalaryAddress Black P38,000 PColumbia S Red S42,000 SIrmo S Secret View Name (key)SalaryAddress Black P38,000 PNull P Public View

36 Database security CSCE 522 - Eastman/Farkas - Fall 200536 An Update Public User 1.Update Black’s address to Orlando 2.Add new tuple: (Red, 22,000, Manassas)

37 Database security CSCE 522 - Eastman/Farkas - Fall 200537 Update Results If Refuse update: covert channel Allow update: Overwrite high data – may be incorrect Create new tuple – which data is correct? (polyinstantiation) – violate key constraints

38 Database security CSCE 522 - Eastman/Farkas - Fall 200538 Another Update Name (key)SalaryAddress Black P38,000 PColumbia S Red S42,000 SIrmo S Secret user Update Black’s salary to 45,000

39 Database security CSCE 522 - Eastman/Farkas - Fall 200539 Update Results If Refuse update: covert channel Allow update: Overwrite low data – covert channel Create new tuple – which data is correct? (polyinstantiation) – violate key constraints

40 Database security CSCE 522 - Eastman/Farkas - Fall 200540 Inference Problem No general technique is available to solve the problem Need assurance of protection Hard to incorporate outside knowledge

41 Database security CSCE 522 - Eastman/Farkas - Fall 200541 Some Recent Work C. Farkas (and others) – keep history file for user to prevent access to data items that would allow inference – limited to static databases T. Toland (and others) – extend this work to handle dynamic databases with updates

Download ppt "Database Security DBMS Features Statistical Database Security."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.

Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.
Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.

Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.
Database Management System

Database Management System
Information Security Principles & Applications

Information Security Principles & Applications
Topic Denormalisation S McKeever Advanced Databases 1.

Topic Denormalisation S McKeever Advanced Databases 1.
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Oct 31, 2000Database Management -- Fall 2000 -- R. Larson Database Management: Introduction to Terms and Concepts University of California, Berkeley School.

Oct 31, 2000Database Management -- Fall R. Larson Database Management: Introduction to Terms and Concepts University of California, Berkeley School.
Database management concepts Database Management Systems (DBMS) An example of a database (relational) Database schema (e.g. relational) Data independence.

Database management concepts Database Management Systems (DBMS) An example of a database (relational) Database schema (e.g. relational) Data independence.
Dr. Leszek Lilien Department of Computer Science

Dr. Leszek Lilien Department of Computer Science
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Chapter 11 Data Management Layer Design

Chapter 11 Data Management Layer Design
Chapter 12 Information Systems Nell Dale John Lewis.

Chapter 12 Information Systems Nell Dale John Lewis.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Functions of a Database Management System. Functions of a DBMS C.J. Date n Indexing n Views n Security n Integrity n Concurrency n Backup/Recovery n Design.

Functions of a Database Management System. Functions of a DBMS C.J. Date n Indexing n Views n Security n Integrity n Concurrency n Backup/Recovery n Design.
Last time Finish OTR Database Security Introduction to Databases

Last time Finish OTR Database Security Introduction to Databases
Information systems and databases Database information systems Read the textbook: Chapter 2: Information systems and databases FOR MORE INFO...

Information systems and databases Database information systems Read the textbook: Chapter 2: Information systems and databases FOR MORE INFO...
Access 2007 ® Use Databases How can Access help you to find and use information?

Access 2007 ® Use Databases How can Access help you to find and use information?
IST 210 1 Databases and DBMSs Todd S. Bacastow January 2005.

IST Databases and DBMSs Todd S. Bacastow January 2005.
IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

Similar presentations

Ads by Google