Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Slides:



Advertisements
Similar presentations
7- Sicurezza delle basi di dati
Advertisements

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Understand Database Security Concepts
Access Control Methodologies
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Security and Integrity
Database Management System
Database Security - Farkas 1 Database Security and Privacy.
Access Control Intro, DAC and MAC System Security.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
User Domain Policies.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Li Xiong CS573 Data Privacy and Security Access Control.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
Polyinstantiation Problem
1 Polyinstantiation. 2 Definition and need for polyinstantiation Sea View model Jajodia – Sandhu model.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
Chapter 5 Network Security
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
DATABASE SECURITY MODULE 5.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
Li Xiong CS573 Data Privacy and Security Access Control.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Academic Year 2014 Spring Academic Year 2014 Spring.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Database Security Chapter Terms Security – all the processes and mechanisms by which computer-based equipment, information and services are.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Privilege Management Chapter 22.
Chapter 9 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Computer Security: Principles and Practice
Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security and Authorization Introduction to DB Security Access Controls Database Security and the DBA Discretionary Access Control The privileges.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Access control techniques Once an organization decides upon the access control model it will implement(DAC,MAC, or RBAC), then it needs to look at the.
Database Security Advanced Database Dr. AlaaEddin Almabhouh.
IST 210 Security. IST 210 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. E.g., A student can’t.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
19 Copyright © 2008, Oracle. All rights reserved. Security.
AdvDB-6 J. Teuhola Database Security Security = protection from unauthorized use 6.1. Security issues Legal / ethical / ownership issues Policy.
Database System Implementation CSE 507
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Security Models and Designing a Trusted Operating System
Database Security and Authorization
Role-Based Access Control (RBAC)
OS Access Control Mauricio Sifontes.
Access Control.
Database Security Chapter 30
Presentation transcript:

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can update … ? Techniques include/involve: accounts - system (DBA), user passwords log-in process - new entry for the log: {who, where, when} privileges roles encryption

Security Fall 2009McFadyen ACS Control mechanisms: Discretionary access control (DAC) Text: 23.2 Mandatory access control (MAC) Text: 23.3 Role-based access control (RBAC) Text: NIST. An introduction to Role Based Access ControlAn introduction to Role Based Access Control R. S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman, Role-Based Access Control ModelsRole-Based Access Control Models

Security Fall 2009McFadyen ACS Other references: curity/OracleUserManagementWhitePaper.pdf pdf/seceval_wp.pdf /rjaibi.pdf 03&opv=tb&p=3

Security Fall 2009McFadyen ACS Discretionary access control (DAC) privileges such as read, write, update are granted to users/accounts a certain amount of discretion is given to the owner or anyone else with appropriate authority

Security Fall 2009McFadyen ACS Mandatory access control (MAC) multilevel security is applied to data and users controlled by a central authority, not by owners of an object the owner/creator of an object does not decide who has clearance to see the object

Security Fall 2009McFadyen ACS Role-based access control (RBAC) involves users, roles, operations, permissions, sessions permissions such as read, write, update are applied to objects/resources for a database we could have database-level – connect, … table/column level – update, … stored procedures – execute, … users are persons users interact with system during sessions, during a session the user invokes one or more roles roles are collections of job functions RBAC

Security Fall 2009McFadyen ACS Role Example: a role Specialist could contain the roles of Doctor and Intern. This means that members of the role Specialist are implicitly associated with the operations associated with the roles Doctor and Intern without the administrator having to explicitly list the Doctor and Intern operations roles Cardiologist and Rheumatologist could each contain the Specialist role RBAC

Security Fall 2009McFadyen ACS RBAC  Example from a paper on RBAC We might have drawn this as: cardiologistrheumatologist specialist doctor intern

Security Fall 2009McFadyen ACS Example: A teller and an accounting supervisor in a bank. Teller: read/write access to records. Supervisor: perform correction (also need read/write access). Rule #1: Supervisor cannot initiate deposits or withdrawals, but can only perform corrections after the fact. Rule #2: Teller can only initiate deposits or withdrawals, but cannot perform corrections once the transaction has been completed. RBAC

Security Fall 2009McFadyen ACS Example: See class discussion Create the database from ER/Studio Populate database Create views Give users access to the database Create roles in the database Add users to the roles Add permissions to the roles RBAC

Security Fall 2009McFadyen ACS RBAC Some variations of RBAC allow lattices for roles…. What change is needed for the ERD?

Security Fall 2009McFadyen ACS Security principles: Least privilege Separation of duties Data abstraction RBAC

Security Fall 2009McFadyen ACS Least privilege user must be given no more privilege than is necessary to perform the job. concept of least privilege requires identifying the user's job functions, determining the minimum set of privileges required to perform that function, and restricting the user to a domain with those privileges and nothing more RBAC

Security Fall 2009McFadyen ACS Separation of duties – mutually exclusive Example: requiring an accounting clerk and account manager to participate in issuing a cheque These two roles must be mutually exclusive to deter fraudulent activities RBAC

Security Fall 2009McFadyen ACS Data abstraction : Permission can be defined at a higher level, rather than on read/write/ execute. For example, permissions can be defined on credit, debit for an account object This is in contrast to the more conventional and less intuitive process of attempting to administer lower-level access control mechanisms directly (e.g., access control lists, capabilities) on an object-by-object basis RBAC

Security Fall 2009McFadyen ACS MAC / DAC: US DoD has four basic divisions for systems: A, B, C, D lowest to highest is D, C1, C2, B1, B2, B3, A1 C1, C2, B1, B2, B3, A1 require DAC B1, B2, B3, A1 require MAC

Security Fall 2009McFadyen ACS Discretionary access control based on granting and revoking of privileges based on a users identity or group they belong to Discretionary

Security Fall 2009McFadyen ACS Discretionary access control example grant createtab to A1 ; if A1 creates a table X, then A1 owns X, and has all privileges on table X, and A1 can grant privileges to others Discretionary

Security Fall 2009McFadyen ACS Discretionary access control access matrix model: subject1 object1 object2 object3 subject2 subject3 read/write/update Users/ accounts/ programs Relations/records/columns/views/operations Discretionary

Security Fall 2009McFadyen ACS Discretionary access control: suppose A1 executes: create table employee (…); create table department (…); grant insert, delete on employee, department to A2; grant select on employee, department to A3; grant update on employee(salary) to A4; A1 employeedepartment A2 A3 all insert, delete select all insert, delete select employee.salary A4 update Discretionary access matrix

Security Fall 2009McFadyen ACS Discretionary access control: Views suppose A1 executes: create view EmployeesInDiv5 as select name, position, manager from employee e, department d where d.div=5 and e.deptno=d.deptno; grant select on EmployeesInDiv5 to A4; employeedepartment A4 all select all EmployeesInDiv5 A1 all Discretionary

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Bell LaPadula model: specifies the allowable paths of information flow set of subjects S, and a set of objects O each s in S and o in O has a fixed security class C(s) a clearance C(o) a classification level security classes are ordered by <= e.g. public <= sensitive <= top secret Mandatory

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Two properties of the Bell LaPadula model: Simple Security Property a subject s is not allowed read access to an object o unless C(s) >= C(o) Mandatory To see something, your clearance must be at least that of what you want In the military model, the security clearance of someone receiving a piece of information must be at least as high as the classification of the information

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Second property of the Bell LaPadula model: Star Property a subject s is not allowed write access to an object o unless C(s) <= C(o) Mandatory In the military model, a person receiving some information at one level may pass that information along only to people at levels no lower than the level of the information To create/update something, your clearance must be no greater than the object you are creating/updating

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Implementation of the Bell LaPadula model: for each original attribute in a relation, add a classification attribute add a classification attribute for the tuple (row) - value is maximum of all classifications within the tuple these classification attributes are transparent to the user Mandatory

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Implementation example: suppose U <= C <= S Mandatory Employee relation Smith 40,000 Fair Brown 80,000 Good Name Salary JobPerformance The user view without MAC Smith U 40,000 C Fair S S Brown C 80,000 S Good C S Name C 1 Salary C 2 JobPerformance C 3 TC system view with MAC

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Implementation example: Mandatory Stored Rows: we store only the required tuples that then allow us to materialize tuples for lower levels For example, allows us to materialize tuples for Classes U, C, and S: U: C: S: Smith U 40,000 C Fair S S Smith null null Smith 40,000 null Smith 40,000 Fair

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Implementation example: Mandatory What does a class C user see if he/she executes Select * from Employee Smith 40,000 null Name Salary JobPerformance Smith U 40,000 C Fair S S Brown C 80,000 S Good C S Name C 1 Salary C 2 JobPerformance C 3 TC Brown null Good The result is filtered

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Implementation example: Mandatory What happens if a class C user executes Update Employee set Salary=100,000 Smith U 40,000 C Fair S S Brown C 80,000 S Good C S Name C 1 Salary C 2 JobPerformance C 3 TC Smith U 100,000 C Fair S S Brown C 80,000 S Good C S Name C 1 Salary C 2 JobPerformance C 3 TC Brown C 100,000 C Good C C Class C attribute is updated Class S attribute forces polyinstantiation Let’s assume the result is to be class C.

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Implementation example: Mandatory Stored Rows: our update example required a row to be polyinstantiated For example, updating the Salary field in requires two rows for us to be able to materialize records for classes S, C Brown C 80,000 S Good C S Brown C 100,000 C Good C C Two rows with the same key!

Security Fall 2009McFadyen ACS Mandatory access control for multilevel security Implementation example: Mandatory What does a class C user see if he/she executes Select * from Employee The result is filtered Smith U 100,000 C Fair S S Brown C 80,000 S Good C S Name C 1 Salary C 2 JobPerformance C 3 TC Brown C 100,000 C Good C C Smith 100,000 null Name Salary JobPerformance Brown 100,000 Good Only the row with TC=C is used

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.