Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security: Concepts, Approaches and Challenges

Similar presentations


Presentation on theme: "Database Security: Concepts, Approaches and Challenges"— Presentation transcript:

1 Database Security: Concepts, Approaches and Challenges
ĐẠI HỌC BÁCH KHOA TP. HỒ CHÍ MINH Khoa khoa học máy tính Database Security: Concepts, Approaches and Challenges Group 20: Võ Văn Vinh : Nguyễn Hoàng Tín : Vũ Hoàng Việt : Phạm Văn Vinh :

2 Contents Part I : DB Security Concepts Part II : DB Security Approaches Part III: DB Security Challenges Part IV: Summary

3 DB Security Concepts Authentication:
Authentication is the process or act of confirming that a user who is Attempting to log in to a database, Authorized to log in to a database Examples: A mobile phone performs authentication by asking for a PIN. A computer authenticates a username by asking for the corresponding password

4 DB Security Concepts Authorization
Authorization is a process of defining : which users are allowed to access to database what privileges(access to which views, tables, attributes, how long…) of use in the database. Examples: The students are not allowed to modify their Academic Records in the University webpage. The students are allowed to view their Academic Records in a University webpage.

5 DB Security Concepts DB Security Requirements- CIA Triad

6 Database Security Concepts
Confidentiality(Secrecy) Data Confidentiality : Data is not made available or disclosed to unauthorized individuals Examples: DB stores Payroll Information =>Not release/modify the individual salaries to/by unauthorized users.

7 DB Security Concepts Integrity Availability:
Data Integrity : Data is changed only in a specified and authorized manner Examples: A web site of airline Company =>customer’s reservations are not modified arbitrarily. Availability: Data Availability: Data is available when needing to access. Prevention and recovery from making data be unavailable(Ex … DDoS attacks) Examples: A web site of airline Company =>The information on flight and reservations are always available.

8 DB Security Concepts Introducing DB Security Approaches
Authentication mechanism Cryptographic techniques Designed Features to detect, prevent, or recover from a security attacks Recovery Subsystem & Concurrence Control Access Control Privacy-Preserving Techniques for Database(New) Privacy-Preserving Data mining(New) Privacy-Preserving Information Retrieval(New)

9 DB Security Concepts What is Access Control ?
 A process by which users are granted access and certain privileges to systems, resources or information. Why using Access Control ? Whenever a user tries to access to a data object, Access Control checks the rights of the user against the set of authorization which states whether the subject can perform a particular action on the data object=>Access Control ensures Data Confidentiality. Whenever a user tries to modify some data, Access Control verifies the user have the right to modify the data=>Access Control assures the Data Integrity

10 DB Security Approaches
Part II: DB Security Approaches -Access Control Part : Discretionary Access Control(DAC) Part : Mandatory Access Control (MAC) -Privacy-Preserving Data Techniques Part : Privacy-Preserving Data Techniques

11 DB Security Concepts What is Access Control ?
Control of rules determined by security policies for all direct accesses to the system Why using Access Control ? Whenever a subject tries to access to a data object, Access Control checks the rights of the user against the set of authorization which states whether the subject can perform a particular action on the data object=>Access Control ensures the Data Confidentiality. Whenever a subject tries to modify some data, Access Control verifies the user have the right to modify the data=>Access Control assures the Data Integrity

12 DB Security Approaches
There are two Access Control Models: Discretionary Access Control(DAC) Mandatory Access Control(MAC)

13 Part II : DB Security Approaches
PART Discretionary Access Control(DAC)

14 Introduction to DAC defined Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard - that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system Chuẩn đánh giá hệ thống máy tính tin cậy – 1 chuẩn bộ quốc phòng chính phủ mỹ - 1 bộ yêu cầu cơ bản để đánh giá tính hiệu quả của kiểm soát bảo mật trong hệ thống máy tính A means of restricting access to objects based on the identity of subjects and/or groups to which they belong => Discretionary access control (DAC) is a type of access control

15 Discretionary Access Control (DAC)
owner object Discretionary Access Control (DAC): User can protect what they own. The owner is given all privileges on their own data. The owner can define the type of access (read/write/execute/…) and grant access to others. The typical method of enforcing DAC in a database system is based on the granting and revoking privileges Discretionary Access Control (DAC): thực hiện dựa trên việc cấp phát và thu hồi quyền truy xuất CSDL Sử dụng các câu lệnh trong ngôn ngữ truy vấn cho phép DBA và người dùng có quyền hạn được cấp phát quyền cho các người dùng khác Specifies Users/ groups who can access

16 Cấp tài khoản (account level):
There are two levels for assigning privileges to use the database system The account/system level: The administrator / DBA specifies the particular privileges that each account holds independently of the objects in the database system. The object level / relation (or table) level: The administrator can control the privilege to access each individual object in the database system Cấp tài khoản (account level): DBA cụ thể quyền của mỗi tài khoản một cách độc lập với các bảng trong CSDL Cấp bảng (table or relation level): DBA điều khiển quyền truy xuất cho từng bảng hoặc từng hướng nhìn (view) trong CSDL

17 Introduction to DAC The account/system level privileges (example)
CREATE SCHEMA CREATE TABLE CREATE VIEW ALTER DROP MODIFY SELECT Alter: apply schema changes such as adding or removing attributes from relations Drop: to delete relations or views Modify: to insert, delete, or update tuples Select: to retrieve information from the database by using a SELECT query

18 Introduction to DAC The relation/object level privileges
Data objects: relation or view Includes: INSERT UPDATE DELETE REFERENCE

19 SQL for Data Control Commands: Based on three central objects: GRANT
REVOKE Based on three central objects: Users Database objects Privileges: select, modify (insert, update, delete), reference

20 SQL for Data Control GRANT: pass privileges on their own database objects to other users GRANT <privilege list> ON <database objects> TO <user list> REVOKE: take back (cancel) privileges on their own database objects from other users REVOKE <privilege list> FROM <user list>

21 An Example Suppose that the DBA creates four accounts A1, A2, A3, A4 and wants only A1 to be able to create base relations. Then the DBA must issue the following GRANT command in SQL GRANT CREATETAB TO A1; In SQL2 the same effect can be accomplished by having the DBA issue a CREATE SCHEMA command, as follows: CREATE SCHEMAEXAMPLE AUTHORIZATIONA1;

22 An Example(2) User account A1 can create tables under the schema called EXAMPLE. Suppose that A1 creates the two base relations EMPLOYEE and DEPARTMENT A1 is then owner of these two relations and hence all the relation privileges on each of them.

23 An Example(2) Suppose that A1 wants to grant A2 the privilege to insert and delete tuples in both of these relations, but A1 does not want A2 to be able to propagate these privileges to additional accounts: GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2;

24 An Example(2) - Notice Owner account A1 automatically has the GRANT OPTION, allowing it to grant privileges on the relation to other accounts However, account A2 cannot grant INSERT and DELETE privileges on the EMPLOYEE and DEPARTMENT tables because A2 was not given the GRANT OPTION in the preceding command. Suppose that A1 wants to allow account A3 to retrieve information from either of the two tables and also to be able to propagate the SELECT privilege to other accounts. A1 can issue the following command: GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRANT OPTION;

25 An Example(2) Now, A3 can grant the SELECT privilege on the EMPLOYEE relation to A4 by issuing the following command: GRANT SELECT ON EMPLOYEE TO A4; Notice that A4 cannot propagate the SELECT privilege to other accounts because the GRANT OPTION was not given to A4.

26 An Example(2) Now suppose that A1 decides to revoke the SELECT privilege on the EMPLOYEE relation from A3; A1 then can issue this command: REVOKE SELECT ON EMPLOYEE FROM A3; The DBMS must now revoke the SELECT privilege on EMPLOYEE from A3, and it must also automatically revoke the SELECT privilege on EMPLOYEE from A4. This is because A3 granted that privilege to A4, but A3 does not have the privilege anymore.

27 An Example(3) Next, suppose that A1 wants to give back to A3 a limited capability to SELECT from the EMPLOYEE relation and wants to allow A3 to be able to propagate the privilege. The limitation is to retrieve only the Name, Bdate, and Address attributes and only for the tuples with Dno = 5. A1 then can create the following view: CREATE VIEW A3EMPLOYEE AS SELECT Name, Bdate, Address FROM EMPLOYEE WHERE Dno = 5; GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT OPTION

28 Role Based Access Control (RBAC)

29 Hierarchies RBAC

30 Constrained RBAC Add a requirement for enforcing separation of duty (SOD) Static SOD – SSD (based on user-role assignment) Impose restriction on role intersections: 2 roles can not have common users Dynamic SOD – DSD (based on role activation) Restrict the activation of roles at run time

31 RBAC in commercial DBMS
INFORMIX Online Dynamic Server Version 7.2 Sybase Adaptive Server release 11.5 Oracle Enterprise Server Version 8.0

32 Mandatory Access Control (MAC)
Based on multilevel security (MLS) Top Secret > Secret > Confidential > Unclassified Subject has security clearance of a given level Object has security classification of a given level Two required properties for confidentiality (Bell-LaPadula) No read up (simple security property) Class(S) >= Class(0) No write down (star property) Class(S) <= Class(0)

33 Part II: Database Security
PART Mandatory Access Control(MAC)

34 Mandatory Access Control (MAC)
Polyinstantiation

35 Mandatory Access Control (MAC)
Pros Ensure a high degree of protection, prevent any illegal flow of information. Suitable for military and high security types of applications. Cons: Require strict classification of subjects and objects Applicable to few environments.

36 Part II : Database Security Approaches
PART Privacy-Preserving Data Techniques Ky thuat giu gin thong du lieu ca nhan

37 Privacy-Preserving Data Techniques
Why needing Privacy-Preserving Data Techniques ? Importance of data representation Increasing number of data set including Individual Data Data availability causes the serious threats for the privacy of Individuals and Organizations

38 Privacy-Preserving Data Techniques
Modifying the released data by removing items related to Individuals(data anonymity). Problems : The remaining data can be linked with others infos, so people can recover the privacy data Solutions : Generalizations Techniques (Relations to Fuzzy Concepts)

39 Privacy-Preserving Data Techniques
Privacy-Preservation Data in Data Mining Context Causes: Data mining techniques may recover the removed information All approaches are based on modifying or perturbing data Developments are based Commutative Encrypted Techniques Data mining is a new effective tool to mine data

40 Privacy-Preserving Data Techniques
Hippocratic Databases Incorporating privacy protection in relational database system. Privacy policies stored in privacy-policy tables Privacy authorization stored in privacy-authorization tables Privacy authorization defines authorized users Data mining is a new effective tool to mine data

41 PART III Database Security CHALLENGES

42 Database Security Challenges
Data quality & Completeness Data quality : A perception or an assessment of data's fitness to serve its purpose in a given context.  Data Completeness : Data is not modified comparing with the original Data quality : la su hieu biet va danh gia su phu hop cua du lieu cho muc dich cua no tron 1 ngu canh nao do Data Completeness : Du lieu khong dc sua so voi ban goc cua no. Perception : Hieu biet Assessment : Danh gia fitness : Khop voi

43 Database Security Challenges
Data quality & Completeness Is data complete and of acceptable quality ? Is data from Web is relyable ? How to assess and attest the quality of data ? Techniques and organizational solutions Quality stamps Providing more effective integrity verification Tools for assessment of data quality Application-level recovery Assess : Danh gia Attest : Chung nhan

44 Database Security Challenges
Intellectual Property Rights(IPR) Who create data Can be illegal if using this data Techniques Watermaking techniques for relational data are used to detect IPR violations

45 Database Security Challenges
Database Survivability Confinement : Actions to eliminate the attacker’s access Damage assessment: Determine the problem including failed function and corrupted data Reconfiguration : Run in safe-mode while recovery Repair:Recover data, reinstall failed system Fault treatment:Identify the weakness and prevent the recurrence of the faults Confinement: chong lai va cach li nhung su tan cong Damage assessment: danh gia muc do hu hai

46 Database Security Challenges
Access control and privacy for mobile users Mobile is popular and larger variety device available Computing power and sensor in environment User with continuous online activities Personal information and become impotant key Need efficient storage, potable access rights

47 Database Security Challenges
Techniques for mobile users Access control mechanisms + standar for id manage Trust negotiation Processing techniques for continuous queries

48 PART III Summary

49 Summary DB Security Concepts
Confidentialilty, Integrity and Avalaiblity Database Sercurity Approaches Access Control Privacy-Preserving Data Techniques Database Security Challenges Data quality and Completeness Access Control and Pravicy for Mobile users Intellectual Property Right Database survivability Co so du lieu an toan phai bao dam 3 tinh chat: Bao mat, Toan Ven va san sang

50 References [1] Database security-concepts, approaches, and challenges(2005) [2] Ramez Elmasri and Shamkant B. Navathe Fundamentals of Database Systems”, 6th Edition (2010)

51 THANK YOU !

52 Questions 1. Why is the access control of information systems necessary? A For the preservation of their authenticity, confidentiality, integrity and availability. B For the preservation of their integrity and availability. C For the preservation of their confidentiality and integrity. D For the preservation of their authenticity, confidentiality and availability. 2. Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization? A MAC (Mandatory Access Control) B RBAC (Role Based Access Control) C DAC (Discretionary Access Control) D None of the above.

53 Answers 1. Why is the access control of information systems necessary?
A For the preservation of their authenticity, confidentiality, integrity and availability. B For the preservation of their integrity and availability. C For the preservation of their confidentiality, integrity. D For the preservation of their authenticity, confidentiality and availability. 2. Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization? A MAC (Mandatory Access Control) B RBAC (Role Based Access Control) C DAC (Discretionary Access Control) D None of the above.


Download ppt "Database Security: Concepts, Approaches and Challenges"

Similar presentations


Ads by Google