Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sensitive Data  Data that should not be made public  What if some but not all of the elements of a DB are sensitive Inherently sensitiveInherently sensitive.

Published byPeter Powell Modified over 9 years ago

Similar presentations

Presentation on theme: "Sensitive Data  Data that should not be made public  What if some but not all of the elements of a DB are sensitive Inherently sensitiveInherently sensitive."— Presentation transcript:

1

2 Sensitive Data  Data that should not be made public  What if some but not all of the elements of a DB are sensitive Inherently sensitiveInherently sensitive From a sensitive sourceFrom a sensitive source Declared sensitiveDeclared sensitive Part of a sensitive attribute or recordPart of a sensitive attribute or record Sensitive in relation to previously disclosed informationSensitive in relation to previously disclosed information

3 Access Decisions  Need an access policy (programmed into DBMS)  Availability – blocking; permanent blocking  Acceptability of Access (sensitive data)  Assurance of Authenticity

4 Types of Disclosures  Exact Data  Bounds  Negative Results  Existence of Data  Probable Values

5 Security vs. Precision  Aim to protect all sensitive data while revealing as much nonsensitive data as possible  Want to maintain perfect confidentiality with maximum precision

6 Inference  Way to infer / derive sensitive data from nonsensitive data  Direct Attack List NAME where SEX=M ^ DRUGS=1List NAME where SEX=M ^ DRUGS=1 List NAME where (SEX=M ^ DRUGS=1) v (SEX#M ^ SEX#F) v (DORM=AYRES)List NAME where (SEX=M ^ DRUGS=1) v (SEX#M ^ SEX#F) v (DORM=AYRES)

7 Indirect Attack  Sum Show STUDENT-AID WHERE SEX=F ^ DORM=GreyShow STUDENT-AID WHERE SEX=F ^ DORM=Grey  Count Show Count, STUDENT-AID WHERE SEX=M ^ DORM=HolmesShow Count, STUDENT-AID WHERE SEX=M ^ DORM=Holmes List NAME where (SEX=M ^ DORM=Holmes)List NAME where (SEX=M ^ DORM=Holmes)  Median  Tracker Attacks – using additional queries that produce small results

8 Controls  Suppression – don’t provide sensitive data  Concealing – don’t provide actual values (“close to”)  Limited Response Suppression n-item k-percent rule eliminates low frequency elements from being displayed (may need to suppress additional rows/columns)n-item k-percent rule eliminates low frequency elements from being displayed (may need to suppress additional rows/columns)

9 Controls  Combined Results SumsSums RangesRanges RoundingRounding  Random Sample  Random Data Perturbation  Query Analysis – “should the result be provided”

10 Conclusion on the Inference Problem  Suppress obviously sensitive information  Track what the user knows  Disguise the data

11 Aggregation  Building sensitive results from less sensitive inputs  Data mining – process of sifting through multiple databases and correlating multiple data elements to find useful information

12 Multilevel Databases  Differentiated Security Security of single element may be different from security of other elementsSecurity of single element may be different from security of other elements Two levels – sensitive and nonsensitive are inadequate to represent some security situationsTwo levels – sensitive and nonsensitive are inadequate to represent some security situations Security of an aggregate (sum, count,…) may be different from security of the individual elementsSecurity of an aggregate (sum, count,…) may be different from security of the individual elements  Granularity

13 Security Issues  Integrity *-property for access control*-property for access control Either process cleared at a high level cannot write to a lower level or process must be a “trusted process”Either process cleared at a high level cannot write to a lower level or process must be a “trusted process”  Confidentiality Different users at different levels may get different query resultsDifferent users at different levels may get different query results Polyinstantiation – record can appear more than once with different levels of confidentialityPolyinstantiation – record can appear more than once with different levels of confidentiality

14 Proposals for Multilevel Security  Separation Partitioning – divide DB into separate DBs with own level of sensitivityPartitioning – divide DB into separate DBs with own level of sensitivity Encryption (time consuming)Encryption (time consuming) Integrity Lock – each data item contains a sensitivity label and a checksumIntegrity Lock – each data item contains a sensitivity label and a checksum  Sensitivity label must be unforgeable, unique, concealed  Checksum must be unique  Sensitivity lock

15 Design of Multilevel Secure Databases  Integrity Lock – not efficient (space/time)  Trusted Front-end (Guard) – does authentication and filtering  Commutative Filters – screen user’s requests, reformats, so that only appropriate data is returnedscreen user’s requests, reformats, so that only appropriate data is returned

16 Design of Multilevel Secure Databases  Distributed (federated) database Trusted front-end controls access to two DBMSs – one for high-sensitivity data and one for low-sensitivity dataTrusted front-end controls access to two DBMSs – one for high-sensitivity data and one for low-sensitivity data Very complexVery complex  Window/View Subset of a database containing exactly the information that the user is entitled to accessSubset of a database containing exactly the information that the user is entitled to access

Download ppt "Sensitive Data  Data that should not be made public  What if some but not all of the elements of a DB are sensitive Inherently sensitiveInherently sensitive."

Similar presentations

21-1 Last time Database Security  Data Inference  Statistical Inference  Controls against Inference Multilevel Security Databases  Separation  Integrity.

21-1 Last time Database Security  Data Inference  Statistical Inference  Controls against Inference Multilevel Security Databases  Separation  Integrity.
Database Security CS461/ECE422 Spring 2012. Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Database Security CS461/ECE422 Spring Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.
Computer Science CSC 405 Introduction to Computer Security Topic 6.2 Multi-Level Databases.

Computer Science CSC 405 Introduction to Computer Security Topic 6.2 Multi-Level Databases.
Information Security Principles & Applications

Information Security Principles & Applications
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Last time Finish OTR Database Security Introduction to Databases

Last time Finish OTR Database Security Introduction to Databases
SE571 Security in Computing

SE571 Security in Computing
Secure Data Architectures

Secure Data Architectures
IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.
1 Distributed and Parallel Databases. 2 Distributed Databases Distributed Systems goal: –to offer local DB autonomy at geographically distributed locations.

1 Distributed and Parallel Databases. 2 Distributed Databases Distributed Systems goal: –to offer local DB autonomy at geographically distributed locations.
Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,

Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,
Week 9 - Wednesday.  What did we talk about last time?  Government evaluation standards  Database basics.

Week 9 - Wednesday.  What did we talk about last time?  Government evaluation standards  Database basics.
Database Security And Audit. Databasics Data is stored in form of files Record : is a one related group of data (in a row) Schema : logical structure.

Database Security And Audit. Databasics Data is stored in form of files Record : is a one related group of data (in a row) Schema : logical structure.
Information flow-based Risk Assessment in Access Control Systems

Information flow-based Risk Assessment in Access Control Systems
Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,

Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,
Database Security DBMS Features Statistical Database Security.

Database Security DBMS Features Statistical Database Security.
Week 9 - Friday.  What did we talk about last time?  Database security requirements  Database reliability and integrity  Sensitive data.

Week 9 - Friday.  What did we talk about last time?  Database security requirements  Database reliability and integrity  Sensitive data.
Approximate Frequency Counts over Data Streams Gurmeet Singh Manku, Rajeev Motwani Standford University VLDB2002.

Approximate Frequency Counts over Data Streams Gurmeet Singh Manku, Rajeev Motwani Standford University VLDB2002.
SEC835 Practical aspects of security implementation Part 1.

SEC835 Practical aspects of security implementation Part 1.

Similar presentations

Ads by Google