1. Computer Science and Engineering Computer System Security CSE 5339/7339 Session 21 November 2, 2004

2. Computer Science and Engineering Contents  Introduction to Database  Database Security  Group Work  Kay’s presentation

3. Computer Science and Engineering Introduction to Database  Consider an enterprise, airline, for example  Large amount of data kept for long period of time  Information about: passengers, flights, aircraft, and personnel  Queries  Operations

4. Computer Science and Engineering Four major Components  Data  Hardware  Software  Users – end user + application programmer + administrator

5. Computer Science and Engineering Levels of Abstraction in a DBMS Physical Database View 1 View 2 View n Conceptual Database

6. Computer Science and Engineering Important Concepts in Database  Data independence -- storage media; application  Schema -- record definition  Relation – table  Indexing – B trees  Entity/ Relationship model – entity, entity set, attributes, key, relationship  Relational Database – information for an enterprise  entities and relationships  relational database  SQL – Query language, programming language, embedded vs. interactive

7. Computer Science and Engineering Recover and Concurrency  Transaction  Transaction – single execution of a program – logical unit of work  Concurrency Problems  Lost update problem  Uncommitted dependency problem  Inconsistent analysis problem Solving the problem Solving the problem – the use of locks

8. Computer Science and Engineering Locks  Problems – live lock, deadlock  Serial schedule, serializable schedule  Transactions must have the ACID properties  Atomicity – all or nothing  Consistency – only correct results are committed  Isolation – events within a transaction are hidden  Durability – committed results must be guaranteed

9. Computer Science and Engineering Transaction execution ***Failure*** Begin Commit Begin ***Abort*** Begin ** System Abort ** Begin Okay System Crash By the user Time out or deadlock

10. Computer Science and Engineering Four Recovery Actions  Transaction UNDO  Global UNDO – all incomplete transactions must be rolled back  Partial REDO – results of complete transactions that may have not been reflected in the DB  Global REDO – Archive recovery – old copy + archive log

11. Computer Science and Engineering Famous Diagram Time T1 T2 T3 T4 T5 CheckpointFailure

12. Computer Science and Engineering Group Work  Discuss the two-phase update technique. Why is it needed? Work a simple example with your group.

13. Computer Science and Engineering Sensitive Data  Data that should not be made public  Nothing sensitive and everything sensitive – can be handled by access control to the database itself  Some but not all are sensitive -- not only data elements but context and meaning  Factors that make data sensitive  Inherently sensitive  From a sensitive source  Declared sensitive  Part of a sensitive attribute or a sensitive record  Sensitive in relation to previously disclosed information

14. Computer Science and Engineering Types of Disclosures  Exact data -- most serious disclosure  Bounds – sensitive data is between L and H  Negative result -- a value that is not a zero  Existence  Probable value -- probability that a certain element has a certain value A successful security strategy must protect against both direct and indirect disclosures

15. Computer Science and Engineering Inference Problem A way to infer or derive sensitive data from non-sensitive data Consider the following database: NameSexRaceAidFinesDrugsDorm

16. Computer Science and Engineering Direct Attack  Obvious Select Name where Sex = M and Drug = 1  Less Obvious Select Name where (Sex = M and Drug = 1) or (Sex  M and Sex  F) or (Dorm = Caruth)

17. Computer Science and Engineering Indirect Attack To infer a final result based on one or more intermediate statistical results.  SUM Example: it might seem safe to report student aid total by sex and dorm HolmesEastWestTotal M50003000400012000 F70000400011000 Total120003000800023000 We can infer that any female living in East such as Mary is not receiving AID

18. Computer Science and Engineering Indirect Attack To infer a final result based on one or more intermediate statistical results.  Count Example: report the count of records for students by dorm and sex HolmesEastWestTotal M1315 F2136 34411 Combined with the sum report, one can infer that the two males in Holmes and West are receiving $5000 and $4000. Names can be found easily.

19. Computer Science and Engineering Indirect Attack  Tracker attacks Count (( Sex = F) and (RACE = White) and (DORM = Holmes))  If the result is one, the system may conceal it count(a and b and c) = count (a) – count(a and not(b and c) Count ( Sex = F) Count (( Sex = F) and (RACE  White) or (DORM  Holmes))

20. Computer Science and Engineering Control for Statistical Inference attacks  Suppress obviously sensitive information  Track what the user knows – very costly, how about two people or user with multiple IDS  Disguise the data – statistical results are close but not exact

21. Computer Science and Engineering Group Work  Discuss a situation in which the sensitivity of an aggregate is greater than that of its constituent values. Discuss a situation in which the sensitivity of an aggregate is less than that of its constituent values