SE571 Security in Computing

Slides:

Advertisements

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Advertisements

Understand Database Security Concepts

Security and Integrity

Database Management System

Information Security Policies and Standards

Information Security Principles & Applications

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

SE571 Security in Computing

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Last time Finish OTR Database Security Introduction to Databases

10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Database Systems: Design, Implementation, and Management Ninth Edition

Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,

Concepts of Database Management Sixth Edition

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.

Objectives Overview Define the term, database, and explain how a database interacts with data and information Define the term, data integrity, and describe.

Database Security And Audit. Databasics Data is stored in form of files Record : is a one related group of data (in a row) Schema : logical structure.

Chapter 6 – Database Security  Integrity for databases: record integrity, data correctness, update integrity  Security for databases: access control,

Chapter 6: Foundations of Business Intelligence - Databases and Information Management Dr. Andrew P. Ciganek, Ph.D.

Sensitive Data  Data that should not be made public  What if some but not all of the elements of a DB are sensitive Inherently sensitiveInherently sensitive.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

1 Welcome: To the second learning sequence “ Data Base (DB) and Data Base Management System (DBMS) “ Recap : In the previous learning sequence, we discussed.

SEC835 Practical aspects of security implementation Part 1.

Computer Security: Principles and Practice

Databases Collections of data. Set of rules to organize data. Types ◦ Relational: use (rows) & columns to organize. ◦ Object oriented: complex data (audio,

Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 5 – Database Security.

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

C6 Databases. 2 Traditional file environment Data Redundancy and Inconsistency: –Data redundancy: The presence of duplicate data in multiple data files.

Chapter No 4 Query optimization and Data Integrity & Security.

CHAPTER 5 Database Security 1. Objectives  Explain briefly the concept of databases  Identify the security requirement of the databases  List and explain.

Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.

Pertemuan Ke 7 Agung BP. Pembahasan Integrity for databases: record integrity, data correctness, update integrity Security for databases: access control,

Database Administration

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 21 November 2, 2004.

Programming Logic and Design Fourth Edition, Comprehensive Chapter 16 Using Relational Databases.

Chap1: Is there a Security Problem in Computing?.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

0 / Database Management. 1 / Identify file maintenance techniques Discuss the terms character, field, record, and table Describe characteristics.

Chapter 9 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Introduction to Databases Dr. Osama AL Rababah. Objectives In this capture you will learn: Some common uses of database systems. The characteristics of.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 7 Module 7 Data Base Security  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 1 Database Systems.

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.

Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.

Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Chapter 7 Database Security. SCSR 3413 Computer Security Protecting data is a primary concern to secure systems, user count on the DataBase Management.

Database and Cloud Security

Functions of a Database Management System

Security Engineering.

Chapter 8 Data Base Security

Database Security (Chapter 8, Sections 4-7)

Security in Computing, Fifth Edition

Presentation transcript:

SE571 Security in Computing Chap 6: Database and Data Mining Security

This Chapter Examines… Integrity for databases: record integrity, data correctness, update integrity Security for databases: access control, inference, and aggregation Multilevel secure databases: partitioned, cryptographically sealed, and filtered Security in data mining applications SE571 Security in Computing Dr. Ogara

Research… Top 10 Database Security Threats(Shulman, CTO Imperva, Inc) Excessive privilege abuse Legitimate privilege abuse Privilege elevation Database platform vulnerabilities SQL injection Weak audit trail Denial of service (DOS) Database communication protocol vulnerabilities Weak authentication Back up data exposure SE571 Security in Computing Dr. Ogara

Research… Major Database Security Threats(Sybase Users Group, 2010) Human error (56%) Malicious insiders abusing privileges (24%) SE571 Security in Computing Dr. Ogara

Research… Database auditing and real time protection report (Forrester Report, 2007) DBAs spending approx. 5% of their time on database security 80% of organizations do not have a database security plan that addresses critical threats 20% of enterprises employ advanced security measures Environmental complexity – cloud computing, grids, SOA, etc 60% of enterprises are behind in database security patches, making database highly vulnerable 75% of attacks are internal, often difficult to detect SE571 Security in Computing Dr. Ogara

Research… Top Security Tips to Ensure Database Security (Application Security, Inc., 2007) Devise a database security plan Fix default, blank, and weak password Regularly patch databases Minimize attack surface Review user privileges Locate sensitive information Encrypt sensitive data at rest or in motion Train and enforce corporate best practices SE571 Security in Computing Dr. Ogara

Three Pillars of Database Security (Forrester Research, Inc., 2010) SE571 Security in Computing Dr. Ogara

Database and Data Mining Security Collection of data and a set of rules that organize the data by specifying certain relationships among the data Database administrator Person who defines the rules that organize the data Controls access to data Database Management System (DBMS) Program that allows user to interact with database SE571 Security in Computing Dr. Ogara

Database and Data Mining Security Components of a database Records Fields Schema – logical structure of database Queries – commands used in DBMS to retrieve, modify, add or delete records in a database SE571 Security in Computing Dr. Ogara

Database and Data Mining Security Advantages of a database shared access minimal redundancy data consistency data integrity controlled access SE571 Security in Computing Dr. Ogara

Database and Data Mining Security Security of a database (Requirements) Physical database integrity Logical database integrity Element integrity Auditability Access control User authentication Availability SE571 Security in Computing Dr. Ogara

Database Security Requirements Integrity How ? Field checks – appropriateness of values Access control – who has access to what Change log – what changes have been made Auditability Establish audit record of all access Access control Establish who has access to which data Specify privileges to read, change, delete, or append records or fields User authentication Supplement OS authentication e.g. password and time-of- day check SE571 Security in Computing Dr. Ogara

Database Reliability and Integrity Database integrity Concern - disk failure, corruption of master database index Solution - OS integrity controls and recovery procedures Element integrity Concern – Is data changed or written by authorized users only? Solution – access control SE571 Security in Computing Dr. Ogara

Database Reliability and Integrity Element accuracy Concern – are correct values written into elements of the database? Solution – constraints conditions to detect incorrect values SE571 Security in Computing Dr. Ogara

Sensitive Data Inherently sensitive From a sensitive source Value reveals sensitivity, e.g. location of defensive missiles From a sensitive source Source may suggest confidentiality, e.g. an informer identity Declared sensitive Database admin declares them sensitive Part of a sensitive attribute or record An attribute may be sensitive, e.g. salary In relation to previously disclosed information Sensitive in the presence of other data SE571 Security in Computing Dr. Ogara

Access Decisions Database admin determines who gets access to what Access decisions are based on three factors Availability of data block access during updates Acceptability of access Release sensitive info to authorized users only Assurance of authenticity Allow access during certain times/working hours SE571 Security in Computing Dr. Ogara

Types of Disclosures Exact data Bounds Negative result Most serious disclosure User is aware about sensitive data Bounds Disclose sensitive data lies between two values, L and H. Negative result Disclosing that a value is not 0, e.g. # of felonies SE571 Security in Computing Dr. Ogara

Types of Disclosures Existence Probable value Knowing that certain data exists Probable value Possibility of determining that the probability of certain element has a certain value SE571 Security in Computing Dr. Ogara

Inference Ways of deriving sensitive data values from the database Direct attack – uses queries to seek for values directly, e.g. List NAME where SEX=M ^ DRUGS=1 Indirect attack - infer final result based on one or more statistical results SE571 Security in Computing Dr. Ogara

Controlling Inference Suppress obviously sensitive information May be used to limit queries accepted /data provided Track what the user knows May be used to limit queries accepted /data provided Costly/information of all users must be obtained Disguise the data Applicable to released data only SE571 Security in Computing Dr. Ogara

Multilevel Databases The Case for Differentiated Security The security of a single element may be different from the security of other elements of the same record Two levels—sensitive and non-sensitive The security of an aggregate—a sum, a count, or a group of values in a database—may differ from the security of the individual elements SE571 Security in Computing Dr. Ogara

Multilevel Databases SE571 Security in Computing Dr. Ogara

Multilevel Databases Granularity How do we associate a sensitivity level with each value of a database? Access control policy - which users have access to what data? Guarantee – an unauthorized person does not change data SE571 Security in Computing Dr. Ogara

Multilevel Secure Databases Must provide both Integrity and Confidentiality Separation can be implemented physically, logically, or cryptographically SE571 Security in Computing Dr. Ogara

Proposal for Multilevel Security Separation Partitioning - divide database into separate database with their own level of sensitivity Encryption – encrypt data Integrity lock – to limit access Entrust database manager with trusted procedure Sensitivity lock – combination of unique identifier (e.g. record number) and sensitivity level SE571 Security in Computing Dr. Ogara

Five Approaches to Confidentiality Multilevel Database Security Integrity lock Actual data Sensitivity level – sensitivity of data Error detecting code - checksum Trusted front end Serves as one-way filter – removes results not needed by users Cumulative filters Filters reformats query to allow database manager to screen out unacceptable records Provides second screening to select data which user has access SE571 Security in Computing Dr. Ogara

Design for Secure Multilevel Security Distributed databases Trusted front end controls access to all low- sensitivity data and all high-sensitivity data If user is cleared for high-sensitivity data, the front end submits queries to both the high- and low-sensitivity databases If user is not cleared for high-sensitivity data, the front end submits a query to only the low- sensitivity database SE571 Security in Computing Dr. Ogara

Design for Secure Multilevel Security Window/view DBMS creates picture of the data reflecting only what the user needs to see/different views A window is a subset of a database, containing exactly the information that a user is entitled to access Subset guarantees that the user does not access values outside the permitted ones SE571 Security in Computing Dr. Ogara

Data Mining Data mining uses statistics, machine learning, mathematical models, pattern recognition, and other techniques to discover patterns and relations on large datasets SE571 Security in Computing Dr. Ogara

Security Problems with Data Mining Confidentiality/Privacy and Sensitivity Difficult to maintain Inference across multiple databases is a threat to confidentiality Data Correctness and Integrity Data owned and controlled by one party Mining of different databases from different users Correcting Mistakes in Data – have data in one place Using Comparable Data Eliminating False Matches Availability of Data Missing data may lead to incorrect data mining results SE571 Security in Computing Dr. Ogara