370 likes | 455 Vues
Database Security. Reading assignments. Required: Pfleeger : Chapter 6 (except 6.3)
E N D
Reading assignments Required: • Pfleeger: Chapter 6 (except 6.3) • Multilevel Secure Relational Data Model (S. Jajodia, R. S. Sandhu. Toward a Multilevel Secure Relational Data Model. Proc. 1991 ACM Int'l. Conf. on Management of Data (SIGMOD), 50-59. http://www.list.gmu.edu/articles/infosec_collection/20.pdf ) Recommended: • Polyinstantiation (SushilJajodia, Ravi S. Sandhu, and Barbara T. Blaustein, Solutions to the PolyinstantiationProblem,http://www.acsac.org/secshelf/book001/21.pdf) • MLS/RDMS Architectures (LouAnnaNotargiacomo, Architectures for MLS Database Management Systems http://www.acsac.org/secshelf/book001/19.pdf CSCE 522 - Farkas
Database Management System (DBMS) • Collection of • interrelated data and • set of programs to access the data • Convenient and efficient processing of data • Database Application Software CSCE 522 - Farkas
Data Models • A collection of tools for describing • Data • Relationships among data items • Semantics of stored data • Database constraints CSCE 522 - Farkas
Relational Data Model Works CSCE 522 - Farkas
Relational Data Model • Set of relation names:R • Set of attribute names:A • Relation schema:S=(r,{a1, …,an}) • r relation name in R • {a1, …,an} subset of A e.g., (Works,{person-name,company-name,salary}) CSCE 522 - Farkas
Tuple (Record) Tuple over a relation scheme S is a mapping t: {a1, …,an} dom(a1 … an) e.g., t(person-name)=Smith t(company-name)=BB&C t(salary)= $43,982 CSCE 522 - Farkas
Relation Relation over schema S is a set of tuples over the scheme e.g., t(person-name)=Smith, t(company-name)=BB&C, t(salary)=$43,982 t’(person-name)=Dell, t’(company-name)=Bell, t’(salary)= $97,900 t”(person-name)=Black, t”(company-name)=BB&C, t”(salary)= $35,652 CSCE 522 - Farkas
Database • Database: set of relations e.g., EMPLOYEE database: • Lives(person-name,street,city) • Works(person-name,company-name,salary) • Located-in(company-name,city) • Manages(person-name,manager-name) CSCE 522 - Farkas
Query Languages • Relational Algebra • Set operations • SQL • Bag operations CSCE 522 - Farkas
Relational Algebra Select () Project () Set difference (-) Union () Rename (Px(r)) Set intersection () Natural join () CSCE 522 - Farkas
Structured Query LanguageSQL • Typical SQL query form:SELECT A1, A2, ..., AnFROMr1, r2, ..., rmWHERE C • Ais represent attributes to be returned • ris represent relations • C is a condition CSCE 522 - Farkas
Constraints • Relationship among data elements • DBMS should enforce the constraints • Types • Keys • Foreign-key (referential integrity) • Value-based constraints • Integrity constraints • Database dependencies (e.g., functional dependencies) CSCE 522 - Farkas
Database Security Requirements • Physical database integrity • Logical database integrity • Element integrity • Auditability • Access control • User authentication • Availability CSCE 522 - Farkas
Sensitive data • Inherently sensitive • From a sensitive source • Declared sensitive • Part of a sensitive attribute or record • In relation to previously disclosed information CSCE 522 - Farkas
Types of disclosures • Exact data • Range of data • Negative results • Existence • Probable values CSCE 522 - Farkas
Access control • Operating system • Database Management System • Granularity! CSCE 522 - Farkas
Granularity • Database • Relation • Record • Attribute • Element Advantages vs. disadvantages of supporting different granularity levels CSCE 522 - Farkas
Relation-Level Granularity (Works)= Secret CSCE 522 - Farkas
Tuple-level Granularity Works CSCE 522 - Farkas
Attribute-Level Granularity Works CSCE 522 - Farkas
Cell-Level Granularity Works CSCE 522 - Farkas
Access Control Mechanisms • Security through Views • Stored Procedures • Grant and Revoke • Query modification CSCE 522 - Farkas
Security Through Views • Assign rights to access predefined views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Problem: Difficult to maintain updates. CSCE 522 - Farkas
Security Through Views Studentrelation CSCE 522 - Farkas
Security Through Views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Outstanding-Student CSCE 522 - Farkas
Security Through Views CREATE VIEW Fall-Student AS SELECT NAME, COURSE FROM Student WHERE SEMESTER=“Fall 2000” Fall-Student CSCE 522 - Farkas
Stored Procedures • Assign rights to execute compiled programs • GRANT RUN ON <program> TO <user> Problem: Programs may access resources for which the user who runs the program does not have permission. CSCE 522 - Farkas
Grant and Revoke GRANT <privilege> ON <relation> To <user> [WITH GRANT OPTION] ------------------------------------------------------------------------------------------------------------------------------------ • GRANT SELECT * ON Student TO Matthews • GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS • GRANT SELECT(NAME) ON Student TO Brown GRANT command applies to base relations as well as views CSCE 522 - Farkas
Grant and Revoke REVOKE <privileges> [ON <relation>] FROM <user> ------------------------------------------------------------------------------------------------------------------------- • REVOKE SELECT* ON Student FROM Blue • REVOKE UPDATE ON Student FROM Black • REVOKE SELECT(NAME) ON Student FROM Brown CSCE 522 - Farkas
B E A D C F Non-cascading Revoke A revokes D’s privileges E B A F C CSCE 522 - Farkas
B E A D C F Cascading Revoke A revokes D’s privileges B A C CSCE 522 - Farkas
- B E + + D A - C Positive and Negative Authorization • Problem: • Contradictory authorizations • GRANT <privilege> ON X TO <user> • DENY <privilege> ON X TO <user> CSCE 522 - Farkas
- B E + + D A - C Negative Authorization - Positive authorization granted By A to D becomes blocked but NOT deleted. CSCE 522 - Farkas
- B E + + D A - C Negative Authorization - + F What should happen with the privilege given by D To F? (Blocked but not deleted) CSCE 522 - Farkas
Query Modification • GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” • Blue’s query: SELECT * FROM Student • Modified query: SELECT NAME FROM Student WHERE COURSE=“CSCE 580” CSCE 522 - Farkas
Next Class: • Inference Problem CSCE 522 - Farkas