Info Systems Security: Multilevel Databases - Partitioning, Encryption, Integrity Lock - P, Study notes of Cryptography and System Security

A part of the computer science course csc 474/574, information systems security, taught by dr. Peng ning. It covers the topic of multilevel databases, discussing approaches such as partitioning, encryption, integrity lock, trusted front-end, and distributed databases. The concepts, advantages, and disadvantages of each approach, providing examples and use cases.

Typology: Study notes

Pre 2010

Uploaded on 03/18/2009

koofers-user-fxj
koofers-user-fxj 🇺🇸

10 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
CSC 474/574 Dr. Peng Ning 1
Computer Science
CSC 474/574
Information Systems Security
Topic 7.2: Multilevel Databases
CSC 474/574 Dr. Peng Ning 2
Computer Science
Approaches to Multi-level Databases
Partitioning
Encryption
Integrity lock
Trusted Front-End
Distributed Databases
pf3
pf4
pf5

Partial preview of the text

Download Info Systems Security: Multilevel Databases - Partitioning, Encryption, Integrity Lock - P and more Study notes Cryptography and System Security in PDF only on Docsity!

CSC 474/574 Dr. Peng Ning 1 Computer Science

CSC 474/

Information Systems Security

Topic 7.2: Multilevel Databases

Computer Science CSC 474/574 Dr. Peng Ning 2

Approaches to Multi-level Databases

• Partitioning

• Encryption

• Integrity lock

• Trusted Front-End

• Distributed Databases

Computer Science CSC 474/574 Dr. Peng Ning 3 Partitioning

  • Separate data in different levels into different partitions. - Redundancy - Example: the primary key of a logical relation must be duplicated in all partitions in which the relation are stored. - Usability - Example: a high-level user needs to combine both high- level and low-level data. Computer Science CSC 474/574 Dr. Peng Ning 4 Encryption
  • Encrypt the sensitive data at each level with a key

unique to that level.

  • Known plaintext attack
    • Example:
      • Party attribute is encrypted.
      • Alice knows party=“Democrat” for Bob; she can compare the ciphertext of Bob’s party attribute with other tuples
    • Reason: Limited set of plaintexts.
  • Authentication
    • Example:
      • Replace one ciphertext with another
  • Above problems can be partially avoided with multiple keys.
  • Unable to use DBMS functionalities for encrypted data.
    • Query optimization, indexes, etc.

Computer Science CSC 474/574 Dr. Peng Ning 7 Trusted Front End

  • Trusted Front End
    • User authentication
    • Access control
    • Verification
    • Essentially a reference monitor Untrusted DBMS Trusted Access Controller Sensitive Database Users Trusted Front End Computer Science CSC 474/574 Dr. Peng Ning 8 Trusted Front End (Cont’d)
  • Commutative Filters
    • Processes that interfaces to both the user and the DBMS.
    • Reformat the query by putting in more conditions to filter out unnecessary records.
    • Example:
      • Retrieve NAME where ((Occup= Physicist) ^ (City =WashDC)) From all records R
      • After reformatting
      • Retrieve NAME where ((Occup= Physicist) ^ (City =WashDC)) From all records R where (Name-level (R) <= User-level) ^ (Occup-level (R) <= User-level) ^ (City-level (R) <= User-level)

Computer Science CSC 474/574 Dr. Peng Ning 9 Distributed Databases

  • Store data items at different level in different physical databases
  • Trusted front-end translates each query into single-level queries and send to different databases
  • Trusted front-end combines results and returns to the user. High-level Untrusted DBMS Users Trusted Front End Low-level Untrusted DBMS