Computer Science and Engineering Computer System Security CSE 5339/7339 Session 21 November 2, 2004

Computer Science and Engineering Contents  Introduction to Database  Database Security  Group Work  Kay’s presentation

Computer Science and Engineering Introduction to Database  Consider an enterprise, airline, for example  Large amount of data kept for long period of time  Information about: passengers, flights, aircraft, and personnel  Queries  Operations

Computer Science and Engineering Four major Components  Data  Hardware  Software  Users – end user + application programmer + administrator

Computer Science and Engineering Levels of Abstraction in a DBMS Physical Database View 1 View 2 View n Conceptual Database

Computer Science and Engineering Important Concepts in Database  Data independence -- storage media; application  Schema -- record definition  Relation – table  Indexing – B trees  Entity/ Relationship model – entity, entity set, attributes, key, relationship  Relational Database – information for an enterprise  entities and relationships  relational database  SQL – Query language, programming language, embedded vs. interactive

Computer Science and Engineering Recover and Concurrency  Transaction  Transaction – single execution of a program – logical unit of work  Concurrency Problems  Lost update problem  Uncommitted dependency problem  Inconsistent analysis problem Solving the problem Solving the problem – the use of locks

Computer Science and Engineering Locks  Problems – live lock, deadlock  Serial schedule, serializable schedule  Transactions must have the ACID properties  Atomicity – all or nothing  Consistency – only correct results are committed  Isolation – events within a transaction are hidden  Durability – committed results must be guaranteed

Computer Science and Engineering Transaction execution ***Failure*** Begin Commit Begin ***Abort*** Begin ** System Abort ** Begin Okay System Crash By the user Time out or deadlock

Computer Science and Engineering Four Recovery Actions  Transaction UNDO  Global UNDO – all incomplete transactions must be rolled back  Partial REDO – results of complete transactions that may have not been reflected in the DB  Global REDO – Archive recovery – old copy + archive log

Computer Science and Engineering Famous Diagram Time T1 T2 T3 T4 T5 CheckpointFailure

Computer Science and Engineering Group Work  Discuss the two-phase update technique. Why is it needed? Work a simple example with your group.

Computer Science and Engineering Sensitive Data  Data that should not be made public  Nothing sensitive and everything sensitive – can be handled by access control to the database itself  Some but not all are sensitive -- not only data elements but context and meaning  Factors that make data sensitive  Inherently sensitive  From a sensitive source  Declared sensitive  Part of a sensitive attribute or a sensitive record  Sensitive in relation to previously disclosed information

Computer Science and Engineering Types of Disclosures  Exact data -- most serious disclosure  Bounds – sensitive data is between L and H  Negative result -- a value that is not a zero  Existence  Probable value -- probability that a certain element has a certain value A successful security strategy must protect against both direct and indirect disclosures

Computer Science and Engineering Inference Problem A way to infer or derive sensitive data from non-sensitive data Consider the following database: NameSexRaceAidFinesDrugsDorm

Computer Science and Engineering Direct Attack  Obvious Select Name where Sex = M and Drug = 1  Less Obvious Select Name where (Sex = M and Drug = 1) or (Sex  M and Sex  F) or (Dorm = Caruth)

Computer Science and Engineering Indirect Attack To infer a final result based on one or more intermediate statistical results.  SUM Example: it might seem safe to report student aid total by sex and dorm HolmesEastWestTotal M F Total We can infer that any female living in East such as Mary is not receiving AID

Computer Science and Engineering Indirect Attack To infer a final result based on one or more intermediate statistical results.  Count Example: report the count of records for students by dorm and sex HolmesEastWestTotal M1315 F Combined with the sum report, one can infer that the two males in Holmes and West are receiving $5000 and $4000. Names can be found easily.

Computer Science and Engineering Indirect Attack  Tracker attacks Count (( Sex = F) and (RACE = White) and (DORM = Holmes))  If the result is one, the system may conceal it count(a and b and c) = count (a) – count(a and not(b and c) Count ( Sex = F) Count (( Sex = F) and (RACE  White) or (DORM  Holmes))

Computer Science and Engineering Control for Statistical Inference attacks  Suppress obviously sensitive information  Track what the user knows – very costly, how about two people or user with multiple IDS  Disguise the data – statistical results are close but not exact

Computer Science and Engineering Group Work  Discuss a situation in which the sensitivity of an aggregate is greater than that of its constituent values. Discuss a situation in which the sensitivity of an aggregate is less than that of its constituent values