Database security. André Zúquete Security 1. Advantages of using databases. Shared access Many users use one common, centralized data set



Similar documents
Database and Data Mining Security

Computer Security (EDA263 / DIT 641)

Database Security. Database Security Requirements

Computer Security (EDA263 / DIT 641)

Concepts of Database Management Seventh Edition. Chapter 7 DBMS Functions

Chapter 23. Database Security. Security Issues. Database Security

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

Module outline. CS 458 / 658 Computer Security and Privacy. (Relational) Databases. Module outline. Module 6 Database Security and Privacy.

Chapter 8 A secure virtual web database environment

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21

Database Management. Chapter Objectives

Database Security. The Need for Database Security

DATA MINING - 1DL360

ITM661 Database Systems. Database Security and Administration

INFO/CS 330: Applied Database Systems

Policy-based Pre-Processing in Hadoop

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University

Database Security. Chapter 21

Information Management and Security Policy

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Security Implications of Distributed Database Management System Models

Information Security Basic Concepts

Chap. 1: Introduction

TRANSMAT Trusted Operations for Untrusted Database Applications

CS346: Advanced Databases

Database Security and Authorization

Trusted RUBIX TM. Version 6. Multilevel Security in Trusted RUBIX White Paper. Revision 2 RELATIONAL DATABASE MANAGEMENT SYSTEM TEL

SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

DATABASE SECURITY - ATTACKS AND CONTROL METHODS

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Chapter 23. Database Security. Security Issues. Database Security

Central Agency for Information Technology

Security and Privacy: An Introduction to HIPAA

Access Control Models Part I. Murat Kantarcioglu UT Dallas

Employees monitoring of information and communication technologies private usage Guidelines updated in Portugal

Database Security. Sarajane Marques Peres, Ph.D. University of São Paulo

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

Introduction to Database Systems

Secure Computation Martin Beck

NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO TABLE OF CONTENTS

SQL Tables, Keys, Views, Indexes

IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, Integration Guide IBM

Cloud and Big Data Summer School, Stockholm, Aug Jeffrey D. Ullman

Introduction to Database Management Systems

Database Security Part 7

Chapter 15: Recovery System

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

DATABASE SECURITY, INTEGRITY AND RECOVERY

IOM Data Privacy and Accuracy Policy

Information Security in Big Data using Encryption and Decryption

Newcastle University Information Security Procedures Version 3

Chapter 13 File and Database Systems

Chapter 13 File and Database Systems

CPSC 467b: Cryptography and Computer Security

DBMS Recovery Procedures Frederick Gallegos Daniel Manson

Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

Towards Privacy aware Big Data analytics

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

What is Auditing? IT 4823 Information Security Administration. Problems. Uses. Logger. Audit System Structure. Logging. Auditing. Auditing November 7

Microsoft SQL Server Security and Auditing Clay Risenhoover ISACA North Texas April 14,

Chapter 12 Databases, Controls, and Security

ISO COMPLIANCE WITH OBSERVEIT

Database Replication with MySQL and PostgreSQL

PROCESSING CLASSIFIED INFORMATION ON PORTABLE COMPUTERS IN THE DEPARTMENT OF JUSTICE

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Notes on Network Security - Introduction

HIPAA Security Alert

VALLIAMMAI ENGNIEERING COLLEGE SRM Nagar, Kattankulathur

Main Reference : Hall, James A Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Lecture 7: Concurrency control. Rasmus Pagh

2009 ikeep Ltd, Morgenstrasse 129, CH-3018 Bern, Switzerland (

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Chapter 1: Introduction

The Classical Architecture. Storage 1 / 36

Chapter 6 The database Language SQL as a tutorial

Methods to increase search performance for encrypted databases

Welcome to Information Systems Security (503009)

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Security and privacy for multimedia database management systems

INTRUSION DETECTION SYSTEMS and Network Security

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

Transcription:

Database security André Zúquete Security 1 Advantages of using databases Shared access Many users use one common, centralized data set Minimal redundancy Individual users do not have to collect and maintain their own sets of data Data consistency A change to a data value affects all users of the data value Data integrity Data values are protected against accidental or malicious undesirable changes Controlled access Only authorized users are allowed to view or to modify data values André Zúquete Security 2 1

Security requirements (1/2) Physical integrity Immunity to physical problems e.g. power failures Ability to reconstruct the database if destroyed in a catastrophe Logical integrity Structure is preserved Element integrity Data in each element is accurate Auditability It is possible to track who or what has accessed (or modified) which elements in the database André Zúquete Security 3 Security requirements (2/2) Access control A user/role is allowed to access only authorized data/queries Different users/roles can be restricted to different modes e.g. read or write User authentication Every user/role is positively identified Fundamental for audit trails and for permissions to access data Availability Users/roles can access the database in general and all the data for which they are authorized André Zúquete Security 4 2

Two-phase updates Problem Failures during updates may render databases incoherent Requirement atomicity (from ACID) Logical integrity problem Solution: Atomicity with two-phase updates André Zúquete Security 5 Two-phase update 1st phase: intent phase The DBMS gathers resources it needs to perform the update It does everything to prepare for the update, but makes no changes to the database Committing: writes a commit flag to the database Point of no return After, the DBMS begins making permanent changes 2nd phase: commit phase Makes the permanent changes in the database It lasts until finishing all changes prepared in the first phase When it finishes, the database changed to a new stable, coherent state André Zúquete Security 6 3

Redundancy / internal consistency Error detection and correction codes Parity bits, Hamming codes, cyclic redundancy checks Can be applied to different data elements Fields, records, entire database More space To store error detection/correction information Shadow fields Duplication of fields or records Requires substantial storage space André Zúquete Security 7 Concurrency / consistency Accesses by two users of the same DBMS must be constrained so that neither interferes with the other Simple locking: multiple readers, one writer But simple locking may not be enough on query-update cycles Solution Treat every query-update cycle as a single atomic operation (a transaction) e.g. flight booking Synchronization should be applied to transactions Two concurrent transactions cannot write (and sometimes read) the same field/record André Zúquete Security 8 4

Monitors DBMS unit responsible for the DB structural integrity Checks entered values to ensure their consistency with field, record or database consistency constraints Types of monitors Range comparisons Tests is values belong to an acceptable range State constraints Describe the condition of the entire database e.g. the commit flag Impose integrity restriction rules e.g. to detect duplicate records Transition constraints Describe required conditions before changing the database André Zúquete Security 9 Database activity monitoring DBMS usage supervision To detect abuses To detect unusual/suspect activity or operations DBMS independent Not part of the DBMS External observation of DBMS activity Monitoring sensors Network activity Local SQL commands performed Log analysis André Zúquete Security 10 5

Sensitive data Data requiring (extra) protection From loss (disclosure) From misuse From modification From unauthorized access Risks Affect privacy and welfare of individuals Affect business activities Affect security-related activities André Zúquete Security 11 Sensitive data Some databases contain sensitive data Data that should not be made public e.g. clinical records of patients Sensitivity depends on: BD purpose + DB data Some record fields, entire records/tables, entire database e.g. personal clinical record with all detected pathologies, treatments and interventions e.g. clinical records of an AIDS table e.g. defense-related databases Complexity Simple cases: all or nothing Everything sensitive, nothing sensitive Complicated cases: part of the DB elements are sensitive In some cases, sensitivity is extended to the simple existence of a field data or record André Zúquete Security 12 6

Sensitive data: Factors that make data sensitive Inherently sensitive The value itself may be so revealing that it is sensitive From a sensitive source The value may reveal the identity of the source that provided it Declared sensitive The value was explicitly declared sensitive Belongs to a sensitive record Value of a record was explicitly marked as sensitive Sensitive given previously disclosed information By itself, the data is not sensitive, but together with other data, the whole can be sensitive André Zúquete Security 13 Types of disclosures (of sensitive data) Exact data The exact value of a sensitive datum The most serious disclosure Bounds Sensitive data item is > lower bound or < upper bound Sometimes bounds are used to protect (hide) sensitive data By providing bounds to elements instead of their exact value Negative result By getting a negative result for a query on a sensitive value, a user can conclude that the queried value has a particular set of values e.g. from a list of effective voters we can conclude who didn t vote André Zúquete Security 14 7

Types of disclosures (of sensitive data) Existence The existence of a sensitive field in a record can be, by itself, sensitive information Because it may reveal a hidden data gathering & processing activity Probable value By crossing the results of several queries we can infer a probability for an element value André Zúquete Security 15 Inference Definition A way to infer, or derive, sensitive data from non-sensitive data André Zúquete Security 16 8

Inference attacks Direct attack Uses queries with a blend of selection rules that use sensitive fields and non-sensitive fields The DBMS can be deceived by the selection rules with nonsensitive fields, which are not intended to select particular records Indirect attack Inference of particular values from statistical values computed over several records Counts, sums, averages Tracker attack The database may conceal data when a small number of records make up the large proportion of the data revealed A tracker attack can fool the DBMS by using different queries that reveal data and, by combining the results, the attacker can get the desired information André Zúquete Security 17 K-anonymity L. Sweeney, K-anonymity: A Model for Protecting Privacy, Int. Journal on Uncertainty, Fuzziness and Knowledge-based Systems. 2002 Definition No query can deliver an anonymity set with less than k entries The anonymity set is the set of all possible subjects Privacy-critical attributes (Unique) identifiers Quasi-identifiers When combined can produce unique tuples Sensitive attributes Potentially unique per subject Disease, salary, crime committed André Zúquete Security 18 9

Multilevel security: Goal Tag information items with security classifications e.g unclassified, confidential, secret, top secret Tag queries with security levels The security level of the entity responsible for the query Prevent queries from observing values of fields with a different security classification Or from observing meaningful values André Zúquete Security 19 Multilevel security: Poli-instanciation instanciation A record with a particular key field may be duplicated in different security levels Possibly with different values This reduces the precision of the database information The correctness of the information depends on the entity performing the query Duplicates know can legitimately occur André Zúquete Security 20 10

Multilevel security: Separation strategies (1) Partitioning Different security levels, different databases Queries are directed to the appropriate DB Advantages Easy to implement Disadvantages Redundancy of information Problems in the access to records with fields with different security levels André Zúquete Security 21 Multilevel security: Separation strategies (2) Encryption Fields are encrypted with a security-level key Advantages Single database, same database structure Disadvantages Decryption on each query with the adequate security level key Randomized encryption: equal fields should no produce the same cryptogram Otherwise statistics and known-plaintext attacks could disclose values Solution: different keys per record or different IVs per record No encrypted values should be updated by providing another encrypted value André Zúquete Security 22 11

Multilevel security: Separation strategies (3) Integrity lock Each data item is formed by three parts: Data item, sensitivity label, checksum The sensitivity label should be Unforgeable (cannot be changed) Unique (cannot be copied to another data item) Concealed (cannot be observed) Advantages Can use a regular DBMS Trusted stored procedures are enough to implement integrity locks Disadvantages Space for storing sensitivity labels and checksums André Zúquete Security 23 Laws for the protection of personal data Each country has its how set of laws There is not a global consensus In Portugal this is supervised by CNPD Comissão Nacional de Proteção de Dados All data processing involving personal data gathered from individuals needs to be submitted to CNPD for authorization André Zúquete Security 24 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information