Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction Database Security Overview. Readings This lecture: This lecture: –Textbook: Chapter 5.2 –Lecture materials from CSCE 522, Nov. 3, Lecture.

Published byCleopatra Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction Database Security Overview. Readings This lecture: This lecture: –Textbook: Chapter 5.2 –Lecture materials from CSCE 522, Nov. 3, Lecture."— Presentation transcript:

1 Introduction Database Security Overview

2 Readings This lecture: This lecture: –Textbook: Chapter 5.2 –Lecture materials from CSCE 522, Nov. 3, Lecture 20 at http://www.cse.sc.edu/~farkas/csce522- 2010/lectures.htm http://www.cse.sc.edu/~farkas/csce522- 2010/lectures.htm http://www.cse.sc.edu/~farkas/csce522- 2010/lectures.htm For next class: For next class: –Textbook: Chapter 10.1, 10.2 CSCE 8242

3 3 Database Security Requirements Physical database integrity Physical database integrity Logical database integrity Logical database integrity Element integrity Element integrity Auditability Auditability Access control Access control User authentication User authentication Availability Availability

4 CSCE 8244 Sensitive data Inherently sensitive Inherently sensitive From a sensitive source From a sensitive source Declared sensitive Declared sensitive Part of a sensitive attribute or record Part of a sensitive attribute or record In relation to previously disclosed information In relation to previously disclosed information

5 CSCE 8245 Types of disclosures Exact data Exact data Range of data Range of data Negative results Negative results Existence Existence Probable values Probable values

6 CSCE 8246 Access control Operating system Operating system Database Management System Database Management System Granularity! Granularity!

7 CSCE 8247 Granularity Database Database Relation Relation Record Record Attribute Attribute Element Element Advantages vs. disadvantages of supporting different granularity levels

8 CSCE 8248 Granularity Database Database Relation Relation Record Record Attribute Attribute Element Element Advantages vs. disadvantages of supporting different granularity levels

9 Relation-Level Granularity CSCE 8249 Person- name Company- name Salary SmithBB&C$43,982 DellBell$97,900 BlackBB&C$35,652 (Works)= Secret

10 Tuple-level Granularity CSCE 82410 Person- name Company- name Salary Salary SmithBB&C $43,982 P DellBell $97,900 S BlackBB&C $35,652 P Works

11 Attribute-Level Granularity CSCE 82411 Person- name P Person- name =P Company- name P Company- name =PSalary S =S SmithBB&C$43,982 DellBell$97,900 BlackBB&C$35,652 Works

12 Cell-Level Granularity CSCE 82412 Person- name Company- name Salary Smith P BB&C P $43,982 S Dell S Bell S $97,900 S Black P BB&C S $35,652 S Works

13 CSCE 82413 Access Control Mechanisms Security through Views Security through Views Stored Procedures Stored Procedures Grant and Revoke Grant and Revoke Query modification Query modification

14 CSCE 82414 Security Through Views Assign rights to access predefined views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Problem: Difficult to maintain updates.

15 CSCE 82415 Security Through Views NAMECOURSEGRADESEMESTER WhiteCSCE 122C+Fall 2000 BlackCSCE 313AFall 2000 BrownCSCE 580ASpring 2000 GreenCSCE 850B+Fall 2000 BlueCSCE 122BFall 2000 Student relation

16 CSCE 82416 Security Through Views NAMECOURSEGRADE BlackCSCE 313A BrownCSCE 580A GreenCSCE 850B+ CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Outstanding-Student

17 CSCE 82417 Security Through Views NAMECOURSE WhiteCSCE 122 BlackCSCE 313 GreenCSCE 850 BlueCSCE 122 CREATE VIEW Fall-Student AS SELECT NAME, COURSE FROM Student WHERE SEMESTER=“Fall 2000” Fall-Student

18 CSCE 82418 Stored Procedures Assign rights to execute compiled programs Assign rights to execute compiled programs GRANT RUN ON TO GRANT RUN ON TO Problem: Programs may access resources for which the user who runs the program does not have permission.

19 CSCE 82419 Grant and Revoke GRANT ON GRANT ON To To [WITH GRANT OPTION] --------------------------------------------------------------------------------------------------------------------- --------------- GRANT SELECT * ON Student TO Matthews GRANT SELECT * ON Student TO Matthews GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS GRANT SELECT(NAME) ON Student TO Brown GRANT SELECT(NAME) ON Student TO Brown GRANT command applies to base relations as well as views

20 CSCE 82420 Grant and Revoke REVOKE [ON ] FROM FROM --------------------------------------------------------------------------------------------------- ---------------------- REVOKE SELECT* ON Student FROM Blue REVOKE SELECT* ON Student FROM Blue REVOKE UPDATE ON Student FROM Black REVOKE UPDATE ON Student FROM Black REVOKE SELECT(NAME) ON Student FROM Brown REVOKE SELECT(NAME) ON Student FROM Brown

21 CSCE 82421 Query Modification GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” Blue’s query: Blue’s query: SELECT * FROM Student Modified query: Modified query: SELECT NAME FROM Student WHERE COURSE=“CSCE 580”

22 CSCE 82422 Indirect Information Flow Channels Covert channels Covert channels Inference channels Inference channels

23 CSCE 82423 Communication Channels Overt Channel: designed into a system and documented in the user's manual Overt Channel: designed into a system and documented in the user's manual Covert Channel: not documented. Covert channels may be deliberately inserted into a system, but most such channels are accidents of the system design. Covert Channel: not documented. Covert channels may be deliberately inserted into a system, but most such channels are accidents of the system design.

24 CSCE 82424 Covert Channel Timing Channel: based on system times Timing Channel: based on system times Storage channels: not time related communication Storage channels: not time related communication Can be turned into each other Can be turned into each other

25 CSCE 82425 Inference Channels + Meta-data Sensitive Information Non-sensitiveinformation =

26 CSCE 82426 Inference Channels Statistical Database Inferences Statistical Database Inferences General Purpose Database Inferences General Purpose Database Inferences

27 CSCE 82427 Statistical Databases Goal: provide aggregate information about groups of individuals Goal: provide aggregate information about groups of individuals –E.g., average grade point of students Security risk: specific information about a particular individual Security risk: specific information about a particular individual –E.g., grade point of student John Smith Meta-data: Meta-data: –Working knowledge about the attributes –Supplementary knowledge (not stored in database)

28 CSCE 82428 Types of Statistics Macro-statistics: collections of related statistics presented in 2-dimensional tables Macro-statistics: collections of related statistics presented in 2-dimensional tables Micro-statistics: Individual data records used for statistics after identifying information is removed Micro-statistics: Individual data records used for statistics after identifying information is removed Sex\Year19971998Sum Female415 Male 6 1319 Sum101424 SexCourseGPAYear FCSCE 5903.52000 M CSCE 590 3.02000 FCSCE 7904.02001

29 CSCE 82429 Statistical Compromise Exact compromise: find exact value of an attribute of an individual (e.g., John Smith’s GPA is 3.8) Exact compromise: find exact value of an attribute of an individual (e.g., John Smith’s GPA is 3.8) Partial compromise: find an estimate of an attribute value corresponding to an individual (e.g., John Smith’s GPA is between 3.5 and 4.0) Partial compromise: find an estimate of an attribute value corresponding to an individual (e.g., John Smith’s GPA is between 3.5 and 4.0)

30 CSCE 82430 Methods of Attacks and Protection Small/Large Query Set Attack Small/Large Query Set Attack –C: characteristic formula that identifies groups of individuals If C identifies a single individual I, e.g., count(C) = 1 –Find out existence of property If count(C and D)=1 means I has property D If count(C and D)=1 means I has property D If count(C and D)=0 means I does not have D If count(C and D)=0 means I does not have DOR –Find value of property Sum(C, D), gives value of D Sum(C, D), gives value of D

31 CSCE 82431 Small/Large Query Set Attack cont. Protection from small/large query set attack: query-set-size control Protection from small/large query set attack: query-set-size control A query q(C) is permitted only if A query q(C) is permitted only if N-n  |C|  n, where n  0 is a parameter of the database and N is all the records in the database

32 CSCE 82432 Tracker attack TrackerC C1 C2 C=C1 and C2 T=C1 and ~C2 q(C)=q(C1) – q(T) q(C) is disallowed

33 CSCE 82433 Tracker attack Tracker C C1 C2 C=C1 and C2 T=C1 and ~C2 D C and D q(C and D)= q(T or C and D) – q(T) q(C and D) is disallowed

34 CSCE 82434 Query overlap attack C1 C2 John Kathy Max Fred Eve Paul Mitch Q(John)=q(C1)-q(C2) Protection: query-overlap control

35 CSCE 82435 Insertion/Deletion Attack Observing changes overtime Observing changes overtime –q 1 =q(C) –insert(i) –q 2 =q(C) –q(i)=q 2 -q 1 Protection: insertion/deletion performed as pairs Protection: insertion/deletion performed as pairs

36 CSCE 82436 Statistical Inference Theory Give unlimited number of statistics and correct statistical answers, all statistical databases can be compromised (Ullman) Give unlimited number of statistics and correct statistical answers, all statistical databases can be compromised (Ullman)

37 CSCE 82437 Inferences in General- Purpose Databases Queries based on sensitive data Queries based on sensitive data Inference via database constraints Inference via database constraints Inferences via updates Inferences via updates

38 CSCE 82438 Queries based on sensitive data Sensitive information is used in selection condition but not returned to the user. Sensitive information is used in selection condition but not returned to the user. Example: Salary: secret, Name: public Example: Salary: secret, Name: public  Name  Salary=$25,000 Protection: apply query of database views at different security levels Protection: apply query of database views at different security levels

39 CSCE 82439 Database Constraints Integrity constraints Integrity constraints Database dependencies Database dependencies Key integrity Key integrity

40 CSCE 82440 Integrity Constraints C=A+B C=A+B A=public, C=public, and B=secret A=public, C=public, and B=secret B can be calculated from A and C, i.e., secret information can be calculated from public data B can be calculated from A and C, i.e., secret information can be calculated from public data

41 CSCE 82441 Database Dependencies Metadata: Functional dependencies Functional dependencies Multi-valued dependencies Multi-valued dependencies Join dependencies Join dependencies etc. etc.

42 CSCE 82442 Functional Dependency FD: A  B, that is for any two tuples in the relation, if they have the same value for A, they must have the same value for B. FD: A  B, that is for any two tuples in the relation, if they have the same value for A, they must have the same value for B. Example: FD: Rank  Salary Example: FD: Rank  Salary Secret information: Name and Salary together –Query1: Name and Rank –Query2: Rank and Salary –Combine answers for query1 and 2 to reveal Name and Salary together

43 CSCE 82443 Key integrity Every tuple in the relation have a unique key Every tuple in the relation have a unique key Users at different levels, see different versions of the database Users at different levels, see different versions of the database Users might attempt to update data that is not visible for them Users might attempt to update data that is not visible for them

44 CSCE 82444 Example Name (key)SalaryAddress Black P38,000 PColumbia S Red S42,000 SIrmo S Secret View Name (key)SalaryAddress Black P38,000 PNull P Public View

45 CSCE 82445 Updates Public User: Name (key)SalaryAddress Black P38,000 PNull P 1.Update Black’s address to Orlando 2.Add new tuple: (Red, 22,000, Manassas) If Refuse update: covert channel Allow update: Overwrite high data – may be incorrect Create new tuple – which data it correct (polyinstantiation) – violate key constraints

46 CSCE 82446 Updates Name (key)SalaryAddress Black P38,000 PColumbia S Red S42,000 SIrmo S Secret user: 1.Update Black’s salary to 45,000 If Refuse update: denial of service Allow update: Overwrite low data – covert channel Create new tuple – which data it correct (polyinstantiation) – violate key constraints

47 CSCE 82447 Inference Problem No general technique is available to solve the problem No general technique is available to solve the problem Need assurance of protection Need assurance of protection Hard to incorporate outside knowledge Hard to incorporate outside knowledge

48 Next Class Transaction Processing Transaction Processing CSCE 82448

Download ppt "Introduction Database Security Overview. Readings This lecture: This lecture: –Textbook: Chapter 5.2 –Lecture materials from CSCE 522, Nov. 3, Lecture."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Outline  Introduction  Background  Distributed DBMS Architecture  Distributed Database Design  Semantic Data Control ➠ View Management ➠ Data Security.

Outline  Introduction  Background  Distributed DBMS Architecture  Distributed Database Design  Semantic Data Control ➠ View Management ➠ Data Security.
Database Security CS461/ECE422 Spring 2012. Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Database Security CS461/ECE422 Spring Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.
Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.

Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.
Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.

Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.
Database Management System

Database Management System
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Information Security Principles & Applications

Information Security Principles & Applications
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Chapter 12.3+ Information Systems Database Management.

Chapter Information Systems Database Management.
Dr. Leszek Lilien Department of Computer Science

Dr. Leszek Lilien Department of Computer Science
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Last time Finish OTR Database Security Introduction to Databases

Last time Finish OTR Database Security Introduction to Databases
Chapter 12 Information Systems. 2 Chapter Goals Define the role of general information systems Explain how spreadsheets are organized Create spreadsheets.

Chapter 12 Information Systems. 2 Chapter Goals Define the role of general information systems Explain how spreadsheets are organized Create spreadsheets.
SE571 Security in Computing

SE571 Security in Computing
IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.
Database Integrity and Security HAP 709 – Healthcare Databases George Mason University Janusz Wojtusiak, PhD Fall, 2010.

Database Integrity and Security HAP 709 – Healthcare Databases George Mason University Janusz Wojtusiak, PhD Fall, 2010.
Lecture 2 The Relational Model. Objectives Terminology of relational model. How tables are used to represent data. Connection between mathematical relations.

Lecture 2 The Relational Model. Objectives Terminology of relational model. How tables are used to represent data. Connection between mathematical relations.

Similar presentations

Ads by Google