Database Security - Integrated Computer Security - Lecture Slides, Slides of Computer Security

These lecture slides are very easy to understand the ntegrated Computer Security system.The major points in these lecture slides are:Database Security, Structured Collection, Applications, Relationships, Data Items, Database Management System, Constructing, Maintaining, Facilities, Architecture

Typology: Slides

2012/2013

Uploaded on 04/25/2013

bageshri
bageshri ๐Ÿ‡ฎ๐Ÿ‡ณ

4.3

(24)

175 documents

1 / 30

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 9
Database Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e

Partial preview of the text

Download Database Security - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!

Lecture 9

Database Security

Databases

  • structured collection of data stored

for use by one or more applications

  • contains the relationships between data items and groups of data items
  • can sometimes contain sensitive data
  • database management system (DBMS)
  • suite of programs for constructing and maintaining the database
  • ad hoc query facilities to multiple users and applications
  • provides a uniform interface to the database

Relational Databases

  • table of data consisting of rows and columns
    • each column holds a particular type of data
    • each row contains a specific value for each column
    • ideally has one column where all values are unique, forming an identifier/key for that row - enables the creation of multiple tables linked together by a unique identifier that is present in all tables
  • use a relational query language to access the

database

  • allow users to request data that fit a given set of criteria

Relational Database Example

Structured Query Language (SQL)

  • originally developed by IBM in the mid-1970s
  • standardized language to define, manipulate, and query data in a relational database
  • several similar versions of ANSI/ISO standard

8

SQL statements can be used to:

  • create tables
  • insert and delete data in tables
  • create views
  • retrieve data with query statements

Database Access Control

9

database access control system determines:

if the user has access to the entire database or just portions of it

what access rights the user has (create, insert, delete, update, read, write)

can support a range of administrative policies

centralized administration

  • small number of privileged users may grant andrevoke access rights

ownership-based administration

  • the creator of a table may grant and revokeaccess rights to the table

decentralized administration

  • the owner of the table may grant and revokeauthorization rights to other users, allowing them to grant and revoke access rights to the table

Cascading Authorizations

11

Revoke t = 100

Role-Based Access Control (RBAC)

  • RBAC eases administrative burden and improves

security

  • categories of database users:
    • application owner
    • end user
    • administrator
  • needs to provide the following capabilities:
    • create and delete roles
    • define permissions for a role
    • assign and cancel assignment of users to roles

Inference Example

Inference Countermeasures

  • inference detection at database design
    • alter the database structure or
    • change the access control regime
  • inference detection at query time
    • monitor and alter or reject the query
  • an inference detection algorithm is needed

for either approach

  • difficult
  • subject of ongoing research

18

Statistical

Database

Example

Statistical Database Security

  • use a characteristic formula C
    • a logical formula over the values of attributes
    • e.g. (Sex=Male) AND ((Major=CS) OR (Major=EE))
  • query set X(C) of characteristic formula C, is

the set of records matching C

  • a statistical query is a query that produces a

value calculated over a query set

Tracker Attacks

  • divide queries into parts
    • C = C1.C
    • count(C โ‹… D) = count(C1) - count (C1 โ‹… ~C2)
  • combination is called a tracker
    • each part acceptable query size
    • overlap is desired result
  • Count(C) = Count(C1) - Count(T)
  • Count(C โ‹… D ) = Count(T + C1D) - Count(T) (^22)

Other Query Restrictions

  • query set overlap control
    • limit overlap between new and previous queries
  • partitioning
    • cluster records into a number of mutually exclusive groups
    • query the statistical properties of each group as a whole
  • query denial and information leakage
    • denials can leak information
    • to counter, must track queries from user (^) Docsity.com^23