1. Data and Applications Security Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Security for Distributed Data Management
Lecture #10
February 11, 2008

2. Outline Distributed Database Systems
Architecture, Data Distribution, Functions
Security Issues
Discretionary Security, Multilevel Security
Secure Heterogeneous and Federated Systems
Some Comments
Assumption: Network is secure; focusing on securing the data

3. Distributed Architecture
Communication Network
Distributed
Processor 1
DBMS 1
Data-
base 1
base 3
base 2
DBMS 2
DBMS 3
Processor 2
Processor 3
Site 1
Site 2
Site 3

4. Data Distribution S I T E 1 E M P 1 D E P T 1 S S # N a m e S a l a ry D # D # D n a m e M G R 1 J o h n 2 1 1 C . S c i . J a n e 2 P a u l 3 2 3 J a m e s 4 2 3 E n g l i s h D a v i d 4 J i l l 5 2 5 M a r y 6 1 4 F r e n c h P e t e r 6 J a n e 7 2 S I T E 2 E M P 2 D E P T 2 S S # N a m e S a l a r y D # D # D n a m e M G R 9 M a t h e w 7 5 5 M a t h J o h n 7 D a v i d 8 3 P h y s i c s P a u l 8 P e t e r 9 4 2

5. Distributed Database Functions
Distributed Query Processing
Optimization techniques across the databases
Distributed Transaction Management
Techniques for distributed concurrency control and recovery
Distributed Metadata Management
Techniques for managing the distributed metadata
Distributed Security/Integrity Maintenance
Techniques for processing integrity constraints and enforcing access control rules across the databases

6. Secure Distributed Architecture

7. Discretionary Security Mechanism

8. Security Policy Integration

9. Views for Security

10. Secure Distributed Database Functions

11. Architecture for Multilevel Security

12. Multilevel Distributed Data Model

13. MLS/DDBMS Functions

14. Distributed Inference Controller

15. Interoperability of Heterogeneous Database Systems
Database System A
Database System B
(Relational)
(Object-
Oriented)
Network
Transparent access
to heterogeneous
databases -
both users
and application
programs;
Query, Transaction
processing
Database System C
(Legacy)

16. Technical Issues on the Interoperability of Heterogeneous Database Systems
Heterogeneity with respect to data models, schema, query processing, query languages, transaction management, semantics, integrity, and security policies
Federated database management
Collection of cooperating, autonomous, and possibly heterogeneous component database systems, each belonging to one or more federations
Interoperability based on client-server architectures

17. Federated Database Management
Database System A
Database System B
Federation F1
Cooperating database
systems yet maintaining
some degree of
autonomy
Federation F2
Database System C

18. Schema Integration and Transformation in a Federated Environment
Component Schema
for Component A
for Component B
for Component C
Generic Schema
Export Schema
Export Schema I
Federated Schema
for FDS - 1
for FDS - 2
External
Schema 1.2
Schema 2.1
Schema 2.2
Schema 1.1
Export Schema II
Adapted from Sheth and Larson, ACM Computing Surveys, September 1990

19. Client-Server Architecture: Example
from Vendor A
Client
from Vendor B
Network
Server
from Vendor C
Server
from Vendor D
Database
Database

20. Security Issues Transforming secure data models
Secure architectures: Heterogeneous and federated data management
Security impact on schema/data/policy integration
Incomparable/Overlapping security levels
Inference Control
Secure client-server computing

21. Transforming Secure Data Models
EMP: Level = Secret
SS#
Ename
Salary D# 1
John
20K 10 2
Paul
30K 20 3
Mary
40K
Class EMP is Secret
It has 3 instances:
John, Paul and Mary
DEPT
Class DEPT is Unclassified
It has 2 instances Math and Physics
Math is Unclassified
Physics is Confidential
Level D#
Dname
Mgr 10
Math
Smith U 20
Physics
Jones C

22. Security Architecture: Heterogeneous data management

23. Security Architecture: Federated data management

24. Federated Data and Policy Management
Data/Policy for Federation
Export
Export
Data/Policy
Data/Policy
Export
Data/Policy
Component
Component
Data/Policy for
Data/Policy for
Agency A
Agency C
Component
Data/Policy for
Agency B

25. Incomparable Security Levels

26. Overlapping Security Levels

27. Inference Control

28. Secure Client-Server Computing

29. Comments
Techniques for centralize data management have to be extended for a distributed/heterogeneous/federated environment
Access control enforced across databases
Inference control across databases
Web will continue to impact the development of secure distributed data managers
Network security is critical