Overview. Database Security. Relational Database Basics. Semantic Integrity Controls. Access Control Rules- Name dependent access



Similar documents
Fuzzy Sets in HR Management

A framework for performance monitoring, load balancing, adaptive timeouts and quality of service in digital libraries

Design of Model Reference Self Tuning Mechanism for PID like Fuzzy Controller

A quantum secret ballot. Abstract

Searching strategy for multi-target discovery in wireless networks

RECURSIVE DYNAMIC PROGRAMMING: HEURISTIC RULES, BOUNDING AND STATE SPACE REDUCTION. Henrik Kure

Generating Certification Authority Authenticated Public Keys in Ad Hoc Networks

CRM FACTORS ASSESSMENT USING ANALYTIC HIERARCHY PROCESS

Implementation of Active Queue Management in a Combined Input and Output Queued Switch

2. FINDING A SOLUTION

Performance Evaluation of Machine Learning Techniques using Software Cost Drivers

Data Set Generation for Rectangular Placement Problems

To identify entities and their relationships. To describe entities using attributes, multivalued attributes, derived attributes, and key attributes.

INTEGRATED ENVIRONMENT FOR STORING AND HANDLING INFORMATION IN TASKS OF INDUCTIVE MODELLING FOR BUSINESS INTELLIGENCE SYSTEMS

Calculation Method for evaluating Solar Assisted Heat Pump Systems in SAP July 2013

Research Article Performance Evaluation of Human Resource Outsourcing in Food Processing Enterprises

Audio Engineering Society. Convention Paper. Presented at the 119th Convention 2005 October 7 10 New York, New York USA

An Improved Decision-making Model of Human Resource Outsourcing Based on Internet Collaboration

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University

Presentation Safety Legislation and Standards

Protecting Small Keys in Authentication Protocols for Wireless Sensor Networks

An Innovate Dynamic Load Balancing Algorithm Based on Task

Important Compliance Information. How to obtain and use the new documents (if fillable PDF s are mentioned above)

Extended-Horizon Analysis of Pressure Sensitivities for Leak Detection in Water Distribution Networks: Application to the Barcelona Network

Partitioned Elias-Fano Indexes

Evaluating Inventory Management Performance: a Preliminary Desk-Simulation Study Based on IOC Model

The Virtual Spring Mass System

Online Appendix I: A Model of Household Bargaining with Violence. In this appendix I develop a simple model of household bargaining that

Halloween Costume Ideas for the Wii Game

Standards and Protocols for the Collection and Dissemination of Graduating Student Initial Career Outcomes Information For Undergraduates

SAMPLING METHODS LEARNING OBJECTIVES

Amplifiers and Superlatives

Access Control Models Part I. Murat Kantarcioglu UT Dallas

Physics 211: Lab Oscillations. Simple Harmonic Motion.

Managing Complex Network Operation with Predictive Analytics

COMBINING CRASH RECORDER AND PAIRED COMPARISON TECHNIQUE: INJURY RISK FUNCTIONS IN FRONTAL AND REAR IMPACTS WITH SPECIAL REFERENCE TO NECK INJURIES

CLOSED-LOOP SUPPLY CHAIN NETWORK OPTIMIZATION FOR HONG KONG CARTRIDGE RECYCLING INDUSTRY

Claim form for a motor vehicle/motorcycle accident

Chapter 14 Oscillations

The Application of Bandwidth Optimization Technique in SLA Negotiation Process

PERFORMANCE METRICS FOR THE IT SERVICES PORTFOLIO

Method of supply chain optimization in E-commerce

EUROMAP Extrusion Blow Moulding Machines Determination of Machine Related Energy Efficiency Class. Version 1.0, January pages

Exploiting Hardware Heterogeneity within the Same Instance Type of Amazon EC2

Lecture L9 - Linear Impulse and Momentum. Collisions

PREDICTION OF POSSIBLE CONGESTIONS IN SLA CREATION PROCESS

Analyzing Methods Study of Outer Loop Current Sharing Control for Paralleled DC/DC Converters

Online Bagging and Boosting

A Fast Algorithm for Online Placement and Reorganization of Replicated Data

ADJUSTING FOR QUALITY CHANGE

The Research of Measuring Approach and Energy Efficiency for Hadoop Periodic Jobs

HW 2. Q v. kt Step 1: Calculate N using one of two equivalent methods. Problem 4.2. a. To Find:

Machine Learning Applications in Grid Computing

Meadowlark Optics LCPM-3000 Liquid Crystal Polarimeter Application Note: Determination of Retardance by Polarimetry Tommy Drouillard

Modified Latin Hypercube Sampling Monte Carlo (MLHSMC) Estimation for Average Quality Index

Energy Proportionality for Disk Storage Using Replication

Preference-based Search and Multi-criteria Optimization

Polyinstantiation in Relational Databases with Multilevel Security

Information Processing Letters

Uses Crows feet notation for ER Diagrams in ERwin

Quality evaluation of the model-based forecasts of implied volatility index

arxiv: v1 [math.pr] 9 May 2008

Reliability Constrained Packet-sizing for Linear Multi-hop Wireless Networks

This paper studies a rental firm that offers reusable products to price- and quality-of-service sensitive

Markovian inventory policy with application to the paper industry

Local Area Network Management

Database Security Part 7

REQUIREMENTS FOR A COMPUTER SCIENCE CURRICULUM EMPHASIZING INFORMATION TECHNOLOGY SUBJECT AREA: CURRICULUM ISSUES

Role-based access control. RBAC: Motivations

Media Adaptation Framework in Biofeedback System for Stroke Patient Rehabilitation

The Fundamentals of Modal Testing

Real Time Target Tracking with Binary Sensor Networks and Parallel Computing

Investing in corporate bonds?

On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes

The Mathematics of Pumping Water

5.7 Chebyshev Multi-section Matching Transformer

Impact of Processing Costs on Service Chain Placement in Network Functions Virtualization

How To Get A Loan From A Bank For Free

The Velocities of Gas Molecules

Transcription:

Database ecurity ione FischerHübner Applied ecurity, DAVC7 Overview eantic Integrity Controls Access Control Rules Multilevel ecure Databases RBAC in Coercial DBM tatistical Database ecurity Relational Database Basics A Relational Database is perceived as a collection o tables/relations John ith Prograer IT ecurity specialist ecretary A priary key is a unique and inial identiier or the tuples within a relation (e.g., eployee nae) eantic Integrity Controls Monitor: nit o DBM that checks value being entered to ensure consistency with rest o the database characteristics o the particular ield Entity Integrity Rule: No coponent o the priary key ay accept a null value (no entry). eantic Integrity Controls (II) Fors o Monitor checks: Range coparison: check that values are within acceptable range days in January: 3 salary o eployees < 50000 Access Control Rules Nae dependent access Nae dependent: based on object nae/id (e.g. nae o relations/tables, attributes) Can be enorced by underlying O tate constraints: describe conditions or entire database all eployees have dierent eployee nubers only one eployee is president Transition constraints: conditions necessary beore changes to be applied eployee who is arried cannot becoe single Alice Bob Exaple: Eployee Table R,W Course Table R R

Content dependent Access Contentdependent: based on object content Ipleentation: contentbased views, query odiication Exaple: Contentbased View DEFINE VIEW X (Eployeeno, salary) A ELECT Eployeeno, salary Fro Eployee WHERE ALARY < 30.000. Contentdependent Access (II) Exaple: Query Modiication DENY (Nae, ALARY) WHERE ALARY > 30.000 FIND alary WHERE Nae = ith > (is odiied to) FIND alary WHERE Nae = ith AND T alary > 30.000 Contextdependent Access Contextdependent: based on syste variables such as data, tie, query source contextbased views Exaple: alary inoration can only be updated at the end o the year Multilevel ecure Databases Ipleent Bell LaPadula s Mandatory ( MultiLevel ) ecurity policy in a relational database First prototype in the eaview (ecure data VIEW) project (988) Major database vendors have DBM versions with ultilevel database security support (e.g. Trusted Oracle) Multilevel ecure Databases tructure Multilevel ecure Databases Exaple Labeling Objects: R: ultilevel relation with n attributes A tuple in R is o the or (v, c,, v n, c n, t c ) where v i : ith attribute value c i : security level o the ith ield (not visible to users) t c : security level o the tuple (not visible) Exaple: C nae C Dept Dept Virus prograer IT ecurity specialist ecretary C pro T : unclassiied : ecret T: Top ecret (For siplicity, we only consider the security classiication parts o the security level in this and in the ollowing exaples) tc T

Multilevel ecure Databases Instances Multilevel ecure Databses Instances (II) CInstance o a relation: Inoration in relation accessible by users at classiication C. Values not accessible are replaced by null values (no entry). Instance: Exaples: Instance: ecretary Dept IT ecurity specialist ecretary Consistent Addressing In order to address a data ite, you have to speciy a database D a relation R within D a priary key or a tuple r within D the attribute i, identiying eleent r i within r To get through to eleent r i, the ollowing ust hold: O (D) O (R) O (r i ) ( O : object security level) ince a user who has access to a tuple r has also access to all its eleents O (r i ) O (r) is required Multilevel Entity Integrity No tuples in an instance o R have null values or any o the priary key attributes All coponents o a priary key o a relation R have the sae security level, which is doinated by the security levels o all nonkey attributes Polyinstantiation Polyinstantiation: everal tuples ight exist or the sae priary key Polyinstantiated eleents: Eleents o an attribute which have dierent security levels, but are associated with the sae priary key and key security level Proble: Tradeo between conidentiality (covert channel protection) and integrity Polyinstantiation (II) How do polyinstantiated eleents arise? A subject updates what appears a null eleent in a tuple, but which actually hides data with a higher (or incoparable) security level Proble: ubject cannot be inored about existence o higher security level data (> covert channel) Overwriting the old value allows low users to unwittingly destroy high data Insertion ust be accepted 3

Polyinstantiation Exaple Polyinstantiation Exaple (cont.) Instance o our Exaple Database: ecretary C nae Dept C Dept Virus Prograer IT ecurity specialist ecretary C pro T tc T Priary key: Eployee Nae nclassiied ubject requests the ollowing operation: pdate eployee ET proession = Prograer WHERE nae = C nae Dept C Dept Virus Prograer IT ecurity specialist Prograer ecretary C pro T tc T nique Identiication RBAC Features in Coercial DBM Extended priary key: Priary key + security levels o all ields in a tuple needed or a unique identiication o tuples Ability or a role grantee to grant that role to other users Multiple active roles or a user session peciy a deault active role set or a user session Build a role hierarchy Feature peciy static separation o duty constraints on roles peciy dynaic separation o duty constraints on roles peciy axiu or iniu cardinality or role ebership Grant DBM yste Privileges to a role GRANT DBM Object Privileges to a role Inorix () ybase Oracle tatistical Database ecurity tatistical Database: Inoration is retrieved by eans o statistical queries on an attribute (colun) o a table Attributes directly identiying persons (e.g., naes, personal nubers) are usually not allowed or statistical queries Record No. 3 5 6 7 8 9 0 tatistical Database Exaple Nae Mayer ith neyer Hall Bob Fisher Knuth ilver Cohn veniek ex Age 0 8 0 0 9 8 Major C C C C C GP 3 Nae: identity data (identiying the persons) ex, Age, Major: deographic data (generally known to any people) GP(student grades): analysis data (not publicly known, o interest or attackers)

tatistical Queries tatistical query: q(c,) (or siply: q(c)) q: statistical unction C: characteristic orula, logical orula over the values o attributes using the operators OR, AND, T : subset o attributes Exaple: CONT (( EX = MALE ) AND ( MAJOR = C )) M(( EX = MALE ) AND ( MAJOR = C ), GP) query set (C) = set o records whose values atch a characteristic orula C ALL = orula whose query set is the entire database iple Attacks all Query et Attacks: Attacker knows that ith is a eale C student: CONT (( EX = FEMALE ) AND ( MAJOR = C )) = => ith is the only eale C student. M(( EX = FEMALE ) AND ( MAJOR = C ), GP) = ith s GP = iple Attacks (II) Large Query et Attacks: It is not suicient to suppress only sall query sets! The sae statistics can be calculated by: CONT(ALL) CONT(T ((EX = FEMALE) AND (MAJOR = C))) = M(ALL, GP) M(T((EX = FEMALE) AND (MAJOR = C)),GP) = Query et ize Control A statistic q(c) is peritted only i n query set (C) Nn or paraeter n, N: size (No. o tuples) o database q(all) can be coputed ro: q (All) = q (C) + q (T C) or C with n query set (C) Nn However: Tracker attacks can still coproise security! Individual Tracker Attack Individual Tracker: uppose: q (C) is rejected, because query set (C) = C = C AND C, n query set (C) N n n query set (C AND T C) N n Individual Tracker: { C, C AND T C} Individual Tracker Attack: (or q : M or CONT)) q(c) = q(c AND C) = q(c) q (C AND T C) Individual Tracker Attack (II) Venn Diagra: C C x z y C= C AND C q(c) = x + z = q(c AND T C) + q(c) => q(c) = q(c AND C) = q(c) q (C AND T C) 5

Individual Tracker Exaple Exaple: n =, Individual Tracker = { (Major = C), (Major = C) AND T (EX = ))} M((Major = C) AND (ex = ),GP) = M (Major = C, GP) M ((Major = C) AND T (ex = ), GP) = 0 = A new Individual Tracker has to be ound or each person! General Tracker Attack General Tracker: Characteristic Forula T such that *n query set (T) N *n, n N/ General Tracker Attack: q(all) = q(t) + q(not T) I query set (C) < n: q(c) = q(c or T) + q(c or not T) q(all) General Tracker Attack (II) VennDiagra: T not T C w x not C y z q(all) = w + x + y + z = q(t) + q(not T) q(c or T) + q(c or not T) = (w+x+y) + (w+x+z) = (w+x) + (w+x+y+z) = q(c) + q(all) => q(c) = q(c or T) + q(c or not T) q(all) General Tracker Attack Exaple Exaple: n =, T = (ex= Male) M ((EX = FEMALE) AND (MAJOR = C), GP) = M((EX = FEMALE) AND (MAJOR = C)) OR (EX = MALE),GP) + M (((EX = FEMALE) AND (MAJOR = C)) OR (T (EX = MALE)), GP) M (ALL, GP) = 8 + 9 3= M (ALL, GP) = M (EX = MALE, GP) + M (T (EX = MALE), GP) Inerence Controls ecurity Controls or tatistical Databases: Data Pertubation (slightly odiies data values in database) Output Controls Output Modiication (odiies statistics, adds sall relative errors to outputs, e.g, rounding, adding rando nubers) Output election (rejects sensitive statistics, e.g. query set size control, axiu order control) Exercise Find a General Tracker Individual Tracker to coproise Mayer s GP (see exaple DB above) 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information