Challenges in Database Security Elisa Bertino CERIAS Purdue University
Why Today is Database Security more Challenging Data security concerns are evolving We have massive amounts of data Data is very valuable Internet has resulted in disintermediation of data access The democratization of ubiquitous computing has resulted in requirements to access data anywhere, anytime, anyhow New computing paradigms and applications, like grid-based computing and on-demand business, are emerging Security policies, and especially access control policies, are becoming more complex
Classical Security Concerns Confidentiality Data is only available to authorized subjects Integrity Data is only modified by authorized subjects Availability Data is available when needed
New Data Security Concerns Data quality and completeness Is the data complete and correct with respect to the external world? Is the data up-to-date? How do we make sure that users receive all information they are entitled to access? How does one show proof of compliance with respect to policies concerning data release to users?
New Data Security Concerns Data Provenance, Ownership and IPR From which information sources are the data in a database coming from? Have the data been modified while being copied from a database into another database? How does one enforce data ownership and protect IPR?
Large Data Volumes It is estimated that the amount of information in the world is doubling every 20 months, and the size and number of databases are increasing even faster [Rakesh Agrawal, VLDB Conf. 2002]
Large Data Volumes & Large Data Variety Multimedia data This makes content-based access control much more difficult GIS data GIS data are increasingly being used in a variety of governmental applications (see for example the INSPIRE initiative of EU) GIS data models are fairly complex
Much More Valuable Data Any e-activitity like e-business, e-government, e-learning, e-medicine relies not only on making relevant information accessible outside the enterprise, it also depends on making the best, most up-to-date information available to users when they need
Much More Valuable Data The value of data is not only monetary Data is particularly sensitive when referring to individuals Personal data privacy is becoming a main concern for citizens
Much More Valuable Data Improving the value of data available to legitimate users generally improves its value to intruders as well Highly valuable data increases the potential rewards to be gained from unauthorized access and the potential damage that can done if the data were corrupted
Data Access Disintermediation By disintermediation we mean that intermediate information processing steps, typically carried out by the corporate employees like typing an order received over the phone, are removed Users who are outside the traditional corporate boundary can have direct and immediate online access to business information which pertains them
Data Access Disintermediation In a traditional environment, any access to sensitive information is through employees Although employees are not always reliable, at least They are known Their access to sensitive data is limited by their function Employees violating access policies may be subject to disciplinary actions
Data Access Disintermediation When activities are moved to Internet, the environment drastically changes Companies may know little or nothing about the users (including, in many cases, employees) accessing their systems It is very difficult for companies to deter users from accessing information contrary to company policies
Ubiquitous Computing Data must be available to users in a number of different systems (PDA, cell phones) In a large number of applications, data are collected through sensors The limited processing of these devices makes very difficult to deploy security
Grid-Based Computing Grid-based systems are today attracting large commercial interests In a grid-based system, computing resources are dynamically combined to execute large computations issued by the grid users Grid-based systems may also be used to store massive databases
Grid-Based Computing Today grid-based systems are typically untrusted environments and only rudimentary security techniques are used Issues: How to protect computations from malicious grid hosts? How to protect grid hosts from malicious computations?
On-Demand Business An on-demand business is an enterprise whose business processes are integrated end-to-end across the company and key partners, suppliers and customers so it can respond with speed to any customer demand, market opportunity or external threat [Nelson Mattos, VLDB Conf. 2003]
On-Demand Business Information integration plays a crucial role in creating on-demand operating environments It enables integrated, real-time access to traditional and emerging data sources, transforms information to support data analysis, and manages data placement for performance, currency, and availability
On-Demand Business Even though the field of federated databases has been widely investigated, we still need to understand how to deploy a uniform privacy and security model across a multitude of systems
Complex Access Control Policies Flexible access control policies exceptions and explicit denials Wide range of protection object granularities Access control depending on: Temporal and contextual conditions History Subject properties
Database Security Challenges 1. Data quality and completeness - Metrics for data quality and completeness - Methodologies and techniques for evaluation and assurance of data quality and completeness 2. Privacy-preserving databases - How do we engineer hippocratic databases [Agrawal 2002] - How do we achieve both privacy and accountability?
Database Security Challenges 3. Sophisticated access control models and mechanisms - How do we extend access control models of DBMS so that they can directly support complex application-dependent access control policies? - Tools for access control administration
Database Security Challenges 4. Security for large scale dynamically federated databases - Models for multi-domain security - Rich and flexible security mediator languages - Support for evolution of access control policies 5. Security for multimedia databases - Security-relevant metadata schema - Content-based access control - Real-time access control for video data
Database Security Challenges 6. Security for GIS and spatial databases - Techniques for access control and integrity specifically tailored to spatial data and GIS 7. Data security in pervasive computing environments 8. Integration of DB access control systems with trust negotiation systems and identity management schemes