Upload
earl-elliott
View
218
Download
0
Embed Size (px)
Citation preview
Database Security:Concepts, Approaches and Challenges
ĐẠI HỌC BÁCH KHOA TP. HỒ CHÍ MINHKhoa khoa học máy tính
Group 20: Võ Văn Vinh : 7140843 Nguyễn Hoàng Tín : 7140260 Vũ Hoàng Việt : 7140266 Phạm Văn Vinh : 7140842
ContentsPart I : DB Security ConceptsPart II : DB Security Approaches Part III: DB Security ChallengesPart IV: Summary
2
DB Security Concepts Authentication:
Authentication is the process or act of confirming that a user who is Attempting to log in to a database, Authorized to log in to a database Examples:
A mobile phone performs authentication by asking for a PIN.
A computer authenticates a username by asking for the corresponding password
3
DB Security Concepts Authorization
Authorization is a process of defining : which users are allowed to access to
database what privileges(access to which views, tables,
attributes, how long…) of use in the database. Examples:
The students are not allowed to modify their Academic Records in the University webpage.
The students are allowed to view their Academic Records in a University webpage.
4
DB Security ConceptsDB Security Requirements- CIA Triad
5
Database Security Concepts Confidentiality(Secrecy)
Data Confidentiality : Data is not made available or disclosed to unauthorized individuals Examples: DB stores Payroll Information
=>Not release/modify the individual salaries to/by unauthorized users.
6
DB Security Concepts
Integrity Data Integrity : Data is changed only in a specified
and authorized manner Examples: A web site of airline Company =>customer’s
reservations are not modified arbitrarily.
Availability: Data Availability:
Data is available when needing to access. Prevention and recovery from making data be
unavailable(Ex … DDoS attacks) Examples: A web site of airline Company =>The
information on flight and reservations are always available.
7
DB Security Concepts
Introducing DB Security Approaches Authentication mechanism Cryptographic techniques Designed Features to detect, prevent, or recover from
a security attacks Recovery Subsystem & Concurrence Control Access Control Privacy-Preserving Techniques for Database(New) Privacy-Preserving Data mining(New) Privacy-Preserving Information Retrieval(New)
8
DB Security Concepts What is Access Control ?
A process by which users are granted access and certain privileges to systems, resources or information.
Why using Access Control ? Whenever a user tries to access to a data object,
Access Control checks the rights of the user against the set of authorization which states whether the subject can perform a particular action on the data object=>Access Control ensures Data Confidentiality.
Whenever a user tries to modify some data, Access Control verifies the user have the right to modify the data=>Access Control assures the Data Integrity
9
DB Security Approaches
Part II: DB Security Approaches
-Access ControlPart : Discretionary Access Control(DAC)
Part : Mandatory Access Control (MAC)
-Privacy-Preserving Data TechniquesPart : Privacy-Preserving Data Techniques
10
1II
2II
3II
DB Security Concepts What is Access Control ?
Control of rules determined by security policies for all direct accesses to the system
Why using Access Control ? Whenever a subject tries to access to a data object,
Access Control checks the rights of the user against the set of authorization which states whether the subject can perform a particular action on the data object=>Access Control ensures the Data Confidentiality.
Whenever a subject tries to modify some data, Access Control verifies the user have the right to modify the data=>Access Control assures the Data Integrity
11
DB Security Approaches
There are two Access Control Models: Discretionary Access Control(DAC) Mandatory Access Control(MAC)
12
Part II : DB Security Approaches
PART
Discretionary Access Control(DAC)
13
1II
Introduction to DAC
A means of restricting access to objects based on the identity of subjects and/or groups to which they belong => Discretionary access control (DAC) is a type of access control
defined
Discretionary Access Control (DAC)
owner object
Specifies Users/ groups who can access
There are two levels for assigning privileges to use the database system
The account/system level: The administrator / DBA specifies the particular
privileges that each account holds independently of the objects in the
database system.
The object level / relation (or table) level: The administrator can control the
privilege to access each individual object in the database system
Introduction to DAC
The account/system level privileges (example) CREATE SCHEMA CREATE TABLE CREATE VIEW ALTER DROP MODIFY SELECT
Introduction to DAC
The relation/object level privileges Data objects: relation or view Includes:
INSERT UPDATE DELETE REFERENCE
SQL for Data Control
Commands:• GRANT• REVOKE
Based on three central objects:• Users• Database objects• Privileges: select, modify (insert, update, delete),
reference
SQL for Data Control
GRANT: pass privileges on their own database objects to other users
GRANT <privilege list>
ON <database objects>
TO <user list> REVOKE: take back (cancel) privileges on
their own database objects from other users
REVOKE <privilege list>
ON <database objects>
FROM <user list>
An Example
Suppose that the DBA creates four accounts A1, A2, A3, A4 and wants only A1 to be able to create base relations. Then the DBA must issue the following GRANT command in SQL
GRANT CREATETAB TO A1;
An Example(2)
User account A1 can create tables under the schema called EXAMPLE.
Suppose that A1 creates the two base relations EMPLOYEE and DEPARTMENT A1 is then owner of these two relations and hence all
the relation privileges on each of them.
An Example(2)
Suppose that A1 wants to grant A2 the privilege to insert and delete tuples in both of these relations, but A1 does not want A2 to be able to propagate these privileges to additional accounts:
GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2;
An Example(2) - Notice
Owner account A1 automatically has the GRANT OPTION, allowing it to grant privileges on the relation to other accounts
However, account A2 cannot grant INSERT and DELETE privileges on the EMPLOYEE and DEPARTMENT tables because A2 was not given the GRANT OPTION in the preceding command.
Suppose that A1 wants to allow account A3 to retrieve information from either of the two tables and also to be able to propagate the SELECT privilege to other accounts. A1 can issue the following command:
GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRANT OPTION;
An Example(2)
Now, A3 can grant the SELECT privilege on the EMPLOYEE relation to A4 by issuing the following command:
GRANT SELECT ON EMPLOYEE TO A4;
Notice that A4 cannot propagate the SELECT privilege to other accounts because the GRANT OPTION was not given to A4.
An Example(2)
Now suppose that A1 decides to revoke the SELECT privilege on the EMPLOYEE relation from A3; A1 then can issue this command:
REVOKE SELECT ON EMPLOYEE FROM A3;
The DBMS must now revoke the SELECT privilege on EMPLOYEE from A3, and it must also automatically revoke the SELECT privilege on EMPLOYEE from A4. This is because A3 granted that privilege to A4, but A3 does not have the privilege anymore.
An Example(3)
Next, suppose that A1 wants to give back to A3 a limited capability to SELECT from the EMPLOYEE relation and wants to allow A3 to be able to propagate the privilege.
The limitation is to retrieve only the Name, Bdate, and Address attributes and only for the tuples with Dno = 5. A1 then can create the following view:
CREATE VIEW A3EMPLOYEE AS
SELECT Name, Bdate, Address
FROM EMPLOYEE
WHERE Dno = 5;
GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT OPTION
Role Based Access Control (RBAC)
Hierarchies RBAC
Constrained RBAC
Add a requirement for enforcing separation of duty (SOD) Static SOD – SSD (based on user-role
assignment) Impose restriction on role intersections: 2
roles can not have common users Dynamic SOD – DSD (based on role
activation) Restrict the activation of roles at run time
RBAC in commercial DBMS
INFORMIX Online Dynamic Server Version 7.2
Sybase Adaptive Server release 11.5
Oracle Enterprise Server Version 8.0
Mandatory Access Control (MAC)
Based on multilevel security (MLS) Top Secret > Secret > Confidential > Unclassified
Subject has security clearance of a given level Object has security classification of a given level Two required properties for confidentiality (Bell-
LaPadula) No read up (simple security property)
Class(S) >= Class(0) No write down (star property)
Class(S) <= Class(0)
Part II: Database Security
PART
Mandatory Access Control(MAC)
33
2II
Mandatory Access Control (MAC)
Polyinstantiation
Mandatory Access Control (MAC)
Pros Ensure a high degree of protection, prevent
any illegal flow of information. Suitable for military and high security types of
applications. Cons:
Require strict classification of subjects and objects
Applicable to few environments.
Part II : Database Security Approaches
PART
Privacy-Preserving Data Techniques
36
3II
Privacy-Preserving Data Techniques
Why needing Privacy-Preserving Data Techniques ? Importance of data representation Increasing number of data set including
Individual Data Data availability causes the serious
threats for the privacy of Individuals and Organizations
37
Privacy-Preserving Data Techniques
Modifying the released data by removing items related to Individuals(data anonymity). Problems : The remaining data can be linked with
others infos, so people can recover the privacy data Solutions : Generalizations Techniques (Relations to
Fuzzy Concepts)
38
Privacy-Preserving Data Techniques
Privacy-Preservation Data in Data Mining Context Causes: Data mining techniques may recover
the removed information All approaches are based on modifying or
perturbing data Developments are based Commutative
Encrypted Techniques
39
Privacy-Preserving Data Techniques
Hippocratic Databases Incorporating privacy protection in relational
database system. Privacy policies stored in privacy-policy
tables Privacy authorization stored in privacy-
authorization tables Privacy authorization defines authorized
users
40
PART III
Database Security CHALLENGES
41
Database Security Challenges
Data quality & Completeness Data quality : A perception or an
assessment of data's fitness to serve its purpose in a given context.
Data Completeness : Data is not modified comparing with the original
Database Security Challenges Data quality & Completeness
Is data complete and of acceptable quality ? Is data from Web is relyable ? How to assess and attest the quality of data ?
Techniques and organizational solutions Quality stamps Providing more effective integrity verification Tools for assessment of data quality Application-level recovery
Database Security Challenges
Intellectual Property Rights(IPR) Who create data Can be illegal if using this data
Techniques Watermaking techniques for relational data are
used to detect IPR violations
Database Security Challenges Database Survivability
Confinement : Actions to eliminate the attacker’s access
Damage assessment: Determine the problem including failed function and corrupted data
Reconfiguration : Run in safe-mode while recovery
Repair:Recover data, reinstall failed system Fault treatment:Identify the weakness and
prevent the recurrence of the faults
Database Security Challenges Access control and privacy for mobile
users Mobile is popular and larger variety device
available Computing power and sensor in environment User with continuous online activities Personal information and become impotant key Need efficient storage, potable access rights
Database Security Challenges Techniques for mobile users
Access control mechanisms + standar for id manage
Trust negotiation Processing techniques for continuous queries
PART III
Summary
48
Summary DB Security Concepts
Confidentialilty, Integrity and Avalaiblity Database Sercurity Approaches
Access Control Privacy-Preserving Data Techniques
Database Security Challenges Data quality and Completeness Access Control and Pravicy for Mobile users Intellectual Property Right Database survivability
50
References
[1] Database security-concepts, approaches, and challenges(2005)
[2] Ramez Elmasri and Shamkant B. Navathe Fundamentals of Database Systems”, 6th Edition (2010)
THANK YOU !
51
Questions1. Why is the access control of information systems necessary?
A For the preservation of their authenticity, confidentiality, integrity and availability.
B For the preservation of their integrity and availability.
C For the preservation of their confidentiality and integrity.
D For the preservation of their authenticity, confidentiality and availability.
2. Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?
A MAC (Mandatory Access Control)
B RBAC (Role Based Access Control)
C DAC (Discretionary Access Control)
D None of the above.
52
Answers1. Why is the access control of information systems necessary?
A For the preservation of their authenticity, confidentiality, integrity and availability.
B For the preservation of their integrity and availability.
C For the preservation of their confidentiality, integrity.
D For the preservation of their authenticity, confidentiality and availability.
2. Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?
A MAC (Mandatory Access Control)
B RBAC (Role Based Access Control)
C DAC (Discretionary Access Control)
D None of the above.
53