1 / 30

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Security for Distributed Data Management September 2012. Outline. Distributed Database Systems Architecture, Data Distribution, Functions Security Issues

paloma
Télécharger la présentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Security for Distributed Data Management September 2012

  2. Outline • Distributed Database Systems • Architecture, Data Distribution, Functions • Security Issues • Discretionary Security, Multilevel Security • Secure Heterogeneous and Federated Systems • Single Sign-on and Identity Management • Assumption: Network is secure; focusing on securing the data

  3. Data- base 1 DBMS 3 Data- base 3 Distributed Processor 3 Site 3 DBMS 1 Distributed Processor 1 Communication Network Site 1 Distributed Processor 2 Data- base 2 DBMS 2 Site 2 Distributed Architecture

  4. Data Distribution S I T E 1 E M P 1 D E P T 1 D # S S # N a m e S a l a r y D # D n a m e M G R 1 0 1 J o h n 2 0 1 0 C . S c i . J a n e 2 0 2 P a u l 3 0 2 0 3 J a m e s 4 0 3 0 E n g l i s h D a v i d 2 0 4 J i l l 5 0 4 0 F r e n c h P e t e r 1 0 6 0 5 M a r y 2 0 6 J a n e 7 0 S I T E 2 E M P 2 D E P T 2 S S # N a m e S a l a r y D # D n a m e D # M G R 9 M a t h e w 7 0 5 0 5 0 J o h n M a t h 7 D a v i d 8 0 3 0 P h y s i c s P a u l 2 0 8 P e t e r 9 0 4 0

  5. Distributed Database Functions • Distributed Query Processing • Optimization techniques across the databases • Distributed Transaction Management • Techniques for distributed concurrency control and recovery • Distributed Metadata Management • Techniques for managing the distributed metadata • Distributed Security/Integrity Maintenance • Techniques for processing integrity constraints and enforcing access control rules across the databases

  6. Secure Distributed Architecture

  7. Discretionary Security Mechanism

  8. Security Policy Integration

  9. Views for Security

  10. Secure Distributed Database Functions

  11. Architecture for Multilevel Security

  12. Multilevel Distributed Data Model

  13. MLS/DDBMS Functions

  14. Distributed Inference Controller

  15. Interoperability of Heterogeneous Database Systems Database System A Database System B (Relational) (Object- Oriented) Network Transparent access to heterogeneous databases - both users and application programs; Query, Transaction processing Database System C (Legacy)

  16. Technical Issues on the Interoperability of Heterogeneous Database Systems • Heterogeneity with respect to data models, schema, query processing, query languages, transaction management, semantics, integrity, and security policies • Federated database management • Collection of cooperating, autonomous, and possibly heterogeneous component database systems, each belonging to one or more federations • Interoperability based on client-server architectures

  17. Federated Database Management Database System A Database System B Federation F1 Cooperating database systems yet maintaining some degree of autonomy Federation F2 Database System C

  18. External External External External Schema 1.2 Schema 2.1 Schema 2.2 Schema 1.1 Federated Schema Federated Schema for FDS - 1 for FDS - 2 Export Schema II Export Schema I Export Schema Export Schema for Component B for Component C for Component B for Component A Generic Schema Generic Schema Generic Schema for Component B for Component A for Component C Component Schema Component Schema Component Schema for Component A for Component B for Component C Schema Integration and Transformation in a Federated Environment Adapted from Sheth and Larson, ACM Computing Surveys, September 1990

  19. Client-Server Architecture: Example Client from Vendor A Client from Vendor B Network Server from Vendor C Server from Vendor D Database Database

  20. Security Issues • Transforming secure data models • Secure architectures: Heterogeneous and federated data management • Security impact on schema/data/policy integration • Incomparable/Overlapping security levels • Inference Control • Secure client-server computing

  21. EMP: Level = Secret SS# Ename Salary D# 1 John 20K 10 2 Paul 30K 20 3 Mary 40K 20 Transforming Secure Data Models • Class EMP is Secret • It has 3 instances: • John, Paul and Mary DEPT • Class DEPT is Unclassified • It has 2 instances Math and Physics • Math is Unclassified • Physics is Confidential Level D# Dname Mgr 10 Smith U Math 20 Physics Jones C

  22. Security Architecture: Heterogeneous data management

  23. Security Architecture: Federated data management

  24. Federated Data and Policy Management Data/Policy for Federation Export Export Data/Policy Data/Policy Export Data/Policy Component Component Data/Policy for Data/Policy for Agency A Agency C Component Data/Policy for Agency B

  25. Incomparable Security Levels

  26. Overlapping Security Levels

  27. Inference Control

  28. Secure Client-Server Computing

  29. Federated Identity Management • Federated identity, or the ‘federation’ of identity, describes the technologies, standards and use-cases which serve to enable the portability of identity information across otherwise autonomous security domains. • The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration. Identity federation comes in many flavors, including ‘user-controlled’ or ‘user-centric’ scenarios, as well as enterprise controlled or B2B scenarios. • Federation is enabled through the use of open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use cases. • Typical use-cases involve things such as cross-domain, web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management and cross-domain user attribute exchange.

  30. Comments • Techniques for centralize data management have to be extended for a distributed/heterogeneous/federated environment • Access control enforced across databases • Inference control across databases • Web will continue to impact the development of secure distributed data managers • Network security is critical

More Related