Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security.

Similar presentations


Presentation on theme: "Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security."— Presentation transcript:

1 Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security

2 Computer Science CSC 405Dr. Peng Ning2 Agenda Discretionary access control in DBMS Mandatory access control and multi-level databases Database inference control

3 Computer Science CSC 405Dr. Peng Ning3

4 Computer Science CSC 405Dr. Peng Ning4 Topic 6.1 DAC in DBMS

5 Computer Science CSC 405Dr. Peng Ning5 Outline Relational model Grant and revoke Extension to the basic model Questions/comments in reviews

6 Computer Science CSC 405Dr. Peng Ning6 Basic Relational Concepts Data is organized as a collection of tables, called RELATIONS –Example: two relations - EMP, DEPT –EMP: name, title, department –DEPT: department, location Each row (or record) of a relation is called a TUPLE Each relation has a unique name Each attribute has a unique name within a relation All values in a relation are atomic (indecomposable) –As a consequence, we have two tuples for a user

7 Computer Science CSC 405Dr. Peng Ning7 EMPNameTitleDept TomProfECE TomProfCS AdamsProfECE SmithInstCS DEPTNameLocation CSWither Hall ECEDaniels Hall MathHarrelson Hall Examples

8 Computer Science CSC 405Dr. Peng Ning8 CREATE TABLE EMP (Name CHAR(15) NOT NULL, Title CHAR(4), Dept CHAR(10), PRIMARY KEY (Name)) CREATE TABLE DEPT (Name CHAR(10) NOT NULL, Location CHAR (15), PRIMARY KEY (Name)) Relation Schemes A relational database consists of 2 relation schemes: EMP(Name, Title, Dept) DEPT(Name, Location) Schemes: structure of the database Structured Query Language (SQL) SQL "data definition" statements are used to create relations

9 Computer Science CSC 405Dr. Peng Ning9 The SELECT statement SELECTName FROM EMP WHERE Dept = `ECE' Joins SELECT * FROMEMP, DEPT WHEREEMP.Dept= DEPT.Name AND Dept.Location = `Wither Hall' Tom ProfCSWither Hall Smith InstCSWither Hall SQL Tom Adams

10 Computer Science CSC 405Dr. Peng Ning10 CREATE VIEW EMP_LOCATION AS SELECT Name, Dept, Location FROM EMP, DEPT WHERE EMP.Dept = DEPT.Name Views EMP_LOCATION NameDept Location TomECEDaniels Hall TomCSWither Hall AbramsECEDaniels Bldg SmithCSWither Hall Views are "virtual" relations. They can be used to customize relations and to provide security

11 Computer Science CSC 405Dr. Peng Ning11 Discretionary Access Controls Decentralized administration –Users can protect what they own –The owner may grant access to others –The owner may define the type of access (read/write/execute) given to others

12 Computer Science CSC 405Dr. Peng Ning12 Access Control Mechanisms Identification and Authentication (I&A) Security through Views Stored Procedures Grant and Revoke Query Modification

13 Computer Science CSC 405Dr. Peng Ning13 Identification and Authentication Identification provided by DBMS can be distinct from that provided by the underlying OS –Example: MS SQL server Two options –I&A through the OS –Separate I&A

14 Computer Science CSC 405Dr. Peng Ning14 NAME DEPT SALARY MANAGER Smith Toy 10,000Jones Jones Toy 15,000Baker Baker Admin 40,000 Harding Adams Candy 20,000Harding Harding Admin 50,000None EMP Security Through Views Users are allowed to access partial information (such as the Toy dept data), but not the detailed information.

15 Computer Science CSC 405Dr. Peng Ning15 Example CREATE VIEW TOY_DEPT AS SELECT NAME, SALARY, MANAGER FROMEMP WHEREDEPT = 'Toy' TOY_DEPT NAMESALARY MANAGER Smith10,000Jones Jones15,000Baker

16 Computer Science CSC 405Dr. Peng Ning16 Example CREATE VIEW TOY_EMP_MGR AS SELECT EMP, MANAGER FROMEMP WHEREDEPT = 'Toy' TOY_EMP_MGR NAMEMANAGER SmithJones JonesBaker

17 Computer Science CSC 405Dr. Peng Ning17 Example CREATE VIEW AVSAL(DEPT, AVG) AS SELECT DEPT, AVG(SALARY) FROM EMP GROUP BY DEPT AVSAL DEPTAVG TOY12,500 CANDY20,000 ADMIN45,000

18 Computer Science CSC 405Dr. Peng Ning18 Stored Procedures Right to execute compiled programs GRANT RUN ON program_A TO ADAMS Suppose program_A needs to access the relation EMP. Adams can execute program_A even though he does not have permission to access EMP

19 Computer Science CSC 405Dr. Peng Ning19 Query Modification Adams: GRANT SELECT ON EMP TO THOMAS WHERE SALARY < THOMAS: SELECT * FROM EMP DBMS: SELECT * FROM EMP WHERE SALARY < 15000

20 Computer Science CSC 405Dr. Peng Ning20 The Grant Command GRANT ON TO [WITH GRANT OPTION] – GRANT SELECT ON EMP TO ADAMS – GRANT SELECT ON EMP TO ADAMS WITH GRANT OPTION – GRANT SELECT, UPDATE(SALARY) ON EMP TO JIM, JILL Applied to base relations as well as views

21 Computer Science CSC 405Dr. Peng Ning21 The Revoke Command REVOKE [ON ] FROM – REVOKE SELECT ON EMP FROM TOM – REVOKE UPDATE ON EMP FROM SMITH – REVOKE RESOURCE FROM ABRAMS – REVOKE DBA FROM SMITH

22 Computer Science CSC 405Dr. Peng Ning22 Semantics of Revoke A sequence of grant command follow by a revoke operation –G 1, G 2, …, G n, R h Semantics –Equivalent to: G 1, G 2, …G h-1, G h+1, G n

23 Computer Science CSC 405Dr. Peng Ning23 Time-stamped Authorizations A B C D 20g 10g 30g F E 40g 50g 60g

24 Computer Science CSC 405Dr. Peng Ning24 Cascading Revocation ABCD 20g 10g30g AB 10g Grant sequence: B revokes privilege from C :

25 Computer Science CSC 405Dr. Peng Ning25 Timestamps Make a Difference A B C D 20g 10g 30g F E 40g 50g 60g

26 Computer Science CSC 405Dr. Peng Ning26 Timestamps Make a Difference A B C D 20g 10g 30g F E 40g 50g 60g

27 Computer Science CSC 405Dr. Peng Ning27 Further Extension Make cascading optional Permit negative authorizations

28 Computer Science CSC 405Dr. Peng Ning28 The Revoke Command REVOKE [ON ] FROM [CASCADE] –REVOKE SELECT ON EMP FROM TOM –REVOKE UPDATE ON EMP FROM SMITH CASCADE –REVOKE RESOURCE FROM ADAMS –REVOKE DBA FROM SMITH CASCADE

29 Computer Science CSC 405Dr. Peng Ning29 Non-cascading Revocation ABCD 20g 10g30g ABD 10g 30g

30 Computer Science CSC 405Dr. Peng Ning30 Why Non-cascading Revoke Reasons for revoke –Task is done. No need to have the privilege anymore –Task is still in progress. But a member left the project (e.g., promoted)

31 Computer Science CSC 405Dr. Peng Ning31 Example A B G F E D C

32 Computer Science CSC 405Dr. Peng Ning32 Example A B G F E D C A B F D C After cascading revocation

33 Computer Science CSC 405Dr. Peng Ning33 Example A B G F E D C After non-cascading revocation A B G F E D C

34 Computer Science CSC 405Dr. Peng Ning34 Why Positive & Negative Authorization Closed world policy –Cannot access unless explicitly granted the right Negative authorization –User A should not be allowed to read table Emp –Need explicit deny policies

35 Computer Science CSC 405Dr. Peng Ning35 Positive & Negative Authorizations A B C E g 30 + g D 20

36 Computer Science CSC 405Dr. Peng Ning36 Complication It is possible to have two authorizations –Grant A privilege p –Deny A privilege p Negative authorizations override positive authorizations

37 Computer Science CSC 405Dr. Peng Ning37 Problem 1 A B C E g 30 + g D User B gives D negative authorization at time 50 : In our model, positive authorization granted by A to D becomes blocked, but we do not delete the authorization.

38 Computer Science CSC 405Dr. Peng Ning38 Problem 2 A B C E g 30 + g D F Suppose D receives negative authorization from B at time 60 : 60 What about the privilege given to F by D? Under our approach, it becomes blocked, but we do not delete it.

39 Computer Science CSC 405Dr. Peng Ning39 Revocation When Negative Authorizations Are Present A BE g 30 + g D F 60 Given : Suppose A revokes B s privilege. C

40 Computer Science CSC 405Dr. Peng Ning40 Cascading Revocation When Negative Authorizations Are Present A C 30 + g D F

41 Computer Science CSC 405Dr. Peng Ning41 Non-cascading Revocation When Negative Authorizations Are Present A E g D F 60 C


Download ppt "Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security."

Similar presentations


Ads by Google