1 / 37

Database Security

Database Security. Reading assignments. Required: Pfleeger : Chapter 6 (except 6.3)

roary-spence
Télécharger la présentation

Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Database Security

  2. Reading assignments Required: • Pfleeger: Chapter 6 (except 6.3) • Multilevel Secure Relational Data Model (S. Jajodia, R. S. Sandhu. Toward a Multilevel Secure Relational Data Model. Proc. 1991 ACM Int'l. Conf. on Management of Data (SIGMOD), 50-59. http://www.list.gmu.edu/articles/infosec_collection/20.pdf ) Recommended: • Polyinstantiation (SushilJajodia, Ravi S. Sandhu, and Barbara T. Blaustein, Solutions to the PolyinstantiationProblem,http://www.acsac.org/secshelf/book001/21.pdf) • MLS/RDMS Architectures (LouAnnaNotargiacomo, Architectures for MLS Database Management Systems http://www.acsac.org/secshelf/book001/19.pdf CSCE 522 - Farkas

  3. Database Management System (DBMS) • Collection of • interrelated data and • set of programs to access the data • Convenient and efficient processing of data • Database Application Software CSCE 522 - Farkas

  4. Data Models • A collection of tools for describing • Data • Relationships among data items • Semantics of stored data • Database constraints CSCE 522 - Farkas

  5. Relational Data Model Works CSCE 522 - Farkas

  6. Relational Data Model • Set of relation names:R • Set of attribute names:A • Relation schema:S=(r,{a1, …,an}) • r relation name in R • {a1, …,an} subset of A e.g., (Works,{person-name,company-name,salary}) CSCE 522 - Farkas

  7. Tuple (Record) Tuple over a relation scheme S is a mapping t: {a1, …,an}  dom(a1 …  an) e.g., t(person-name)=Smith t(company-name)=BB&C t(salary)= $43,982 CSCE 522 - Farkas

  8. Relation Relation over schema S is a set of tuples over the scheme e.g., t(person-name)=Smith, t(company-name)=BB&C, t(salary)=$43,982 t’(person-name)=Dell, t’(company-name)=Bell, t’(salary)= $97,900 t”(person-name)=Black, t”(company-name)=BB&C, t”(salary)= $35,652 CSCE 522 - Farkas

  9. Database • Database: set of relations e.g., EMPLOYEE database: • Lives(person-name,street,city) • Works(person-name,company-name,salary) • Located-in(company-name,city) • Manages(person-name,manager-name) CSCE 522 - Farkas

  10. Query Languages • Relational Algebra • Set operations • SQL • Bag operations CSCE 522 - Farkas

  11. Relational Algebra Select () Project () Set difference (-) Union () Rename (Px(r)) Set intersection () Natural join () CSCE 522 - Farkas

  12. Structured Query LanguageSQL • Typical SQL query form:SELECT A1, A2, ..., AnFROMr1, r2, ..., rmWHERE C • Ais represent attributes to be returned • ris represent relations • C is a condition CSCE 522 - Farkas

  13. Constraints • Relationship among data elements • DBMS should enforce the constraints • Types • Keys • Foreign-key (referential integrity) • Value-based constraints • Integrity constraints • Database dependencies (e.g., functional dependencies) CSCE 522 - Farkas

  14. Database Security Requirements • Physical database integrity • Logical database integrity • Element integrity • Auditability • Access control • User authentication • Availability CSCE 522 - Farkas

  15. Sensitive data • Inherently sensitive • From a sensitive source • Declared sensitive • Part of a sensitive attribute or record • In relation to previously disclosed information CSCE 522 - Farkas

  16. Types of disclosures • Exact data • Range of data • Negative results • Existence • Probable values CSCE 522 - Farkas

  17. Access control • Operating system • Database Management System • Granularity! CSCE 522 - Farkas

  18. Granularity • Database • Relation • Record • Attribute • Element Advantages vs. disadvantages of supporting different granularity levels CSCE 522 - Farkas

  19. Relation-Level Granularity (Works)= Secret CSCE 522 - Farkas

  20. Tuple-level Granularity Works CSCE 522 - Farkas

  21. Attribute-Level Granularity Works CSCE 522 - Farkas

  22. Cell-Level Granularity Works CSCE 522 - Farkas

  23. Access Control Mechanisms • Security through Views • Stored Procedures • Grant and Revoke • Query modification CSCE 522 - Farkas

  24. Security Through Views • Assign rights to access predefined views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Problem: Difficult to maintain updates. CSCE 522 - Farkas

  25. Security Through Views Studentrelation CSCE 522 - Farkas

  26. Security Through Views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Outstanding-Student CSCE 522 - Farkas

  27. Security Through Views CREATE VIEW Fall-Student AS SELECT NAME, COURSE FROM Student WHERE SEMESTER=“Fall 2000” Fall-Student CSCE 522 - Farkas

  28. Stored Procedures • Assign rights to execute compiled programs • GRANT RUN ON <program> TO <user> Problem: Programs may access resources for which the user who runs the program does not have permission. CSCE 522 - Farkas

  29. Grant and Revoke GRANT <privilege> ON <relation> To <user> [WITH GRANT OPTION] ------------------------------------------------------------------------------------------------------------------------------------ • GRANT SELECT * ON Student TO Matthews • GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS • GRANT SELECT(NAME) ON Student TO Brown GRANT command applies to base relations as well as views CSCE 522 - Farkas

  30. Grant and Revoke REVOKE <privileges> [ON <relation>] FROM <user> ------------------------------------------------------------------------------------------------------------------------- • REVOKE SELECT* ON Student FROM Blue • REVOKE UPDATE ON Student FROM Black • REVOKE SELECT(NAME) ON Student FROM Brown CSCE 522 - Farkas

  31. B E A D C F Non-cascading Revoke A revokes D’s privileges E B A F C CSCE 522 - Farkas

  32. B E A D C F Cascading Revoke A revokes D’s privileges B A C CSCE 522 - Farkas

  33. - B E + + D A - C Positive and Negative Authorization • Problem: • Contradictory authorizations • GRANT <privilege> ON X TO <user> • DENY <privilege> ON X TO <user> CSCE 522 - Farkas

  34. - B E + + D A - C Negative Authorization - Positive authorization granted By A to D becomes blocked but NOT deleted. CSCE 522 - Farkas

  35. - B E + + D A - C Negative Authorization - + F What should happen with the privilege given by D To F? (Blocked but not deleted) CSCE 522 - Farkas

  36. Query Modification • GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” • Blue’s query: SELECT * FROM Student • Modified query: SELECT NAME FROM Student WHERE COURSE=“CSCE 580” CSCE 522 - Farkas

  37. Next Class: • Inference Problem CSCE 522 - Farkas

More Related