Presentation is loading. Please wait.

Presentation is loading. Please wait.

Inference Problem. Access Control Policies Direct access Information flow Not addressed: indirect data access CSCE 522 - Farkas 2 Lecture 19.

Published byAngelica Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "Inference Problem. Access Control Policies Direct access Information flow Not addressed: indirect data access CSCE 522 - Farkas 2 Lecture 19."— Presentation transcript:

1 Inference Problem

2 Access Control Policies Direct access Information flow Not addressed: indirect data access CSCE 522 - Farkas 2 Lecture 19

3 CSCE 522 - Farkas 3 Lecture 19 Indirect Information Flow Channels Covert channels Inference channels

4 CSCE 522 - Farkas 4 Lecture 19 Inference Channels + Meta-data Sensitive Information Non-sensitive information =

5 CSCE 522 - Farkas 5 Lecture 19 Inference Channels Statistical Database Inferences General Purpose Database Inferences

6 CSCE 522 - Farkas 6 Lecture 19 Statistical Databases Goal: provide aggregate information about groups of individuals  E.g., average grade point of students Security risk: specific information about a particular individual  E.g., grade point of student John Smith Meta-data:  Working knowledge about the attributes  Supplementary knowledge (not stored in database)

7 CSCE 522 - Farkas 7 Lecture 19 Types of Statistics Macro-statistics: collections of related statistics presented in 2- dimensional tables Micro-statistics: Individual data records used for statistics after identifying information is removed Sex\Year19971998Sum Female415 Male 6 1319 Sum101424 SexCourseGPAYear FCSCE 5903.52000 M CSCE 590 3.02000 FCSCE 7904.02001

8 CSCE 522 - Farkas 8 Lecture 19 Statistical Compromise Exact compromise: find exact value of an attribute of an individual (e.g., John Smith’s GPA is 3.8) Partial compromise: find an estimate of an attribute value corresponding to an individual (e.g., John Smith’s GPA is between 3.5 and 4.0)

9 CSCE 522 - Farkas 9 Lecture 19 Methods of Attacks and Protection Small/Large Query Set Attack  C: characteristic formula that identifies groups of individuals If C identifies a single individual I, e.g., count(C) = 1  Find out existence of property If count(C and D)=1 means I has property D If count(C and D)=0 means I does not have D OR  Find value of property Sum(C, D), gives value of D

10 CSCE 522 - Farkas 10 Lecture 19 Small/Large Query Set Attack cont. Protection from small/large query set attack: query-set-size control A query q(C) is permitted only if N-n  |C|  n, where n  0 is a parameter of the database and N is all the records in the database

11 CSCE 522 - Farkas 11 Lecture 19 Tracker attack TrackerC C1 C2 C=C1 and C2 T=C1 and ~C2 q(C)=q(C1) – q(T) q(C) is disallowed

12 CSCE 522 - Farkas 12 Lecture 19 Tracker attack Tracker C C1 C2 C=C1 and C2 T=C1 and ~C2 D C and D q(C and D)= q(T or C and D) – q(T) q(C and D) is disallowed

13 CSCE 522 - Farkas 13 Lecture 19 Query overlap attack C1 C2 John Kathy Max Fred Eve Paul Mitch Q(John)=q(C1)-q(C2) Protection: query-overlap control

14 CSCE 522 - Farkas 14 Lecture 19 Insertion/Deletion Attack Observing changes overtime  q 1 =q(C)  insert(i)  q 2 =q(C)  q(i)=q 2 -q 1 Protection: insertion/deletion performed as pairs

15 CSCE 522 - Farkas 15 Lecture 19 Statistical Inference Theory Give unlimited number of statistics and correct statistical answers, all statistical databases can be compromised (Ullman)

16 Privacy Preserving Data Mining Related to statistical DB privacy We will cover it later in the semester CSCE 522 - Farkas 16 Lecture 19

17 CSCE 522 - Farkas 17 Lecture 19 Inferences in General-Purpose Databases Queries based on sensitive data Inference via database constraints Inferences via updates

18 CSCE 522 - Farkas 18 Lecture 19 Queries based on sensitive data Sensitive information is used in selection condition but not returned to the user. Example: Salary: secret, Name: public  Name  Salary=$25,000 Protection: apply query of database views at different security levels

19 How to mitigate this problem? Time of evaluation Architecture CSCE 522 - Farkas 19 Lecture 19

20 CSCE 522 - Farkas 20 Lecture 19 Database Constraints Integrity constraints Database dependencies Key integrity

21 CSCE 522 - Farkas 21 Lecture 19 Integrity Constraints C=A+B A=public, C=public, and B=secret B can be calculated from A and C, i.e., secret information can be calculated from public data

22 CSCE 522 - Farkas 22 Lecture 19 Database Dependencies Metadata: Functional dependencies Multi-valued dependencies Join dependencies etc.

23 CSCE 522 - Farkas 23 Lecture 19 Functional Dependency FD: A  B, that is for any two tuples in the relation, if they have the same value for A, they must have the same value for B. Example: FD: Rank  Salary Secret information: Name and Salary together  Query1: Name and Rank  Query2: Rank and Salary  Combine answers for query1 and 2 to reveal Name and Salary together See slides in dissertation-farkas-rotated.pdf

24 CSCE 522 - Farkas 24 Lecture 19 Key integrity Every tuple in the relation have a unique key Users at different levels, see different versions of the database Users might attempt to update data that is not visible for them

25 CSCE 522 - Farkas 25 Lecture 19 Example Name (key)SalaryAddress Black P38,000 PColumbia S Red S42,000 SIrmo S Secret View Name (key)SalaryAddress Black P38,000 PNull P Public View

26 CSCE 522 - Farkas 26 Lecture 19 Updates Public User: Name (key)SalaryAddress Black P38,000 PNull P 1.Update Black’s address to Orlando 2.Add new tuple: (Red, 22,000, Manassas) If Refuse update: covert channel Allow update: Overwrite high data – may be incorrect Create new tuple – which data it correct (polyinstantiation) – violate key constraints

27 CSCE 522 - Farkas 27 Lecture 19 Updates Name (key)SalaryAddress Black P38,000 PColumbia S Red S42,000 SIrmo S Secret user: 1.Update Black’s salary to 45,000 If Refuse update: denial of service Allow update: Overwrite low data – covert channel Create new tuple – which data it correct (polyinstantiation) – violate key constraints

28 CSCE 522 - Farkas 28 Lecture 19 Inference Problem No general technique is available to solve the problem Need assurance of protection Hard to incorporate outside knowledge

Download ppt "Inference Problem. Access Control Policies Direct access Information flow Not addressed: indirect data access CSCE 522 - Farkas 2 Lecture 19."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Security CS461/ECE422 Spring 2012. Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Database Security CS461/ECE422 Spring Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.
Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.

Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.
Database Management System

Database Management System
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.

UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
Information Security Principles & Applications

Information Security Principles & Applications
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Chapter 3 The Relational Model Transparencies © Pearson Education Limited 1995, 2005.

Chapter 3 The Relational Model Transparencies © Pearson Education Limited 1995, 2005.
Chapter 3. 2 Chapter 3 - Objectives Terminology of relational model. Terminology of relational model. How tables are used to represent data. How tables.

Chapter 3. 2 Chapter 3 - Objectives Terminology of relational model. Terminology of relational model. How tables are used to represent data. How tables.
Dr. Leszek Lilien Department of Computer Science

Dr. Leszek Lilien Department of Computer Science
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Last time Finish OTR Database Security Introduction to Databases

Last time Finish OTR Database Security Introduction to Databases
Access 2007 ® Use Databases How can Access help you to find and use information?

Access 2007 ® Use Databases How can Access help you to find and use information?
IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.
CSC271 Database Systems Lecture # 6. Summary: Previous Lecture  Relational model terminology  Mathematical relations  Database relations  Properties.

CSC271 Database Systems Lecture # 6. Summary: Previous Lecture  Relational model terminology  Mathematical relations  Database relations  Properties.
Concepts of Database Management, Fifth Edition

Concepts of Database Management, Fifth Edition
Lecture 2 The Relational Model. Objectives Terminology of relational model. How tables are used to represent data. Connection between mathematical relations.

Lecture 2 The Relational Model. Objectives Terminology of relational model. How tables are used to represent data. Connection between mathematical relations.

Similar presentations

Ads by Google