1 / 20

Highlights of Database Security

This compiled document highlights various aspects of database security, including discretionary access control, authorization graph model, trojan horse attack, and mandatory access control.

kbello
Download Presentation

Highlights of Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Highlights of Database Security Csci - 5708 Compiled by - Jayant Gupta

  2. Outline • Discretionary Access Control • Authorization Graph Model • Extension to Authorization Graph Model • Trojan Horse Attack • Mandatory Access Control • Bell-Lapadula Model • Multi-Level Relational Model • Statistical Database Security

  3. Discretionary Access Control • Authorization Graph ModelORSystem R Authorization Model • Tuple (g, s, p, t, go) User s granted privilege by user g on tablet With permissionp Having grant option defined by “go”

  4. Authorization Graph Example GRANT select ON account TO Anja AT A WITH GRANT OPTION (implicit System) GRANT select ON account TO Bill AT A WITH GRANT OPTION (executed by Anja) GRANT select ON account TO Cain AT A WITH GRANT OPTION (executed by Anja) GRANT select ON account TO Didi AT A WITH GRANT OPTION (executed by Bill) GRANT select ON account TO Didi AT A WITH GRANT OPTION (executed by Cain) GRANT select ON account TO Bill AT A WITH GRANT OPTION (executed by Didi) REVOKE select ON account FROM Bill AT ACASCADE (executed by Anja) DBMS Security

  5. Authorization Graph Example GRANT select ON account TO Anja AT A WITH GRANT OPTION (implicit System) GRANT select ON account TO Bill AT A WITH GRANT OPTION (executed by Anja) GRANT select ON account TO Cain AT A WITH GRANT OPTION (executed by Anja) GRANT select ON account TO Didi AT A WITH GRANT OPTION (executed by Cain) GRANT select ON account TO Didi AT A WITH GRANT OPTION (executed by Bill) GRANT select ON account TO Bill AT A WITH GRANT OPTION (executed by Didi) DBMS Security

  6. Authorization Graph REVOKE select ON account FROM Cain AT ACASCADE (executed by Anja) Masters Project - Plan B

  7. Extension Non cascading REVOKE.

  8. Authorization Graph Source: Database Security and Access Control Methods: A brief overview, Kriti, InduKashyap, IJERT, 2(5), May 2013

  9. Revoke Without Cascade With Cascade Source: Database Security and Access Control Methods: A brief overview, Kriti, InduKashyap, IJERT, 2(5), May 2013

  10. Trojan Horse Attack-Initial State Source: Database Security and Access Control Methods: A brief overview, Kriti, InduKashyap, IJERT, 2(5), May 2013

  11. Trojan Horse Attack-Finished State Source: Database Security and Access Control Methods: A brief overview, Kriti, InduKashyap, IJERT, 2(5), May 2013

  12. Mandatory Access Control Bell-Lapadula Model

  13. Bell-Lapadula Model • Simple security property • No read-up/Read down • Star Property • No write-down/Write up

  14. Bell-Lapadula Model Source: Database Security and Access Control Methods: A brief overview, Kriti, InduKashyap, IJERT, 2(5), May 2013

  15. Mandatory Access Control and Role-Based Access Control for Multilevel Security (cont’d.) Source:Elmasri, R.Navathe B. Fundamentals of database systems. Pearson. 7th Ed. • Simple security property • Subject S not allowed read access to object O unless class(S) ≥ class(O) • Star property • Subject not allowed to write an object unless class(S) ≤ class(O) • Prevent information from flowing from higher to lower classifications • Attribute values and tuples considered as data objects

  16. Polyinstantiation User with clearance ‘C’ UPDATE EMPLOYEE SETJob_performance = ‘Excellent’ WHERE Name=‘Smith’; Figure 30.2 A multilevel relation to illustrate multilevel security (a) The original EMPLOYEE tuples (b) Appearance of EMPLOYEE after filtering for classification C users (c) Appearance of EMPLOYEE after filtering for classification U users (d) Polyinstantiation of the Smith tuple Source:Elmasri, R.Navathe B. Fundamentals of database systems. Pearson. 7th Ed. Pg 1136.

  17. 30.5 Introduction to Statistical Database Security Figure 30.3 The PERSON relation schema for illustrating statistical database security Source:Elmasri, R.Navathe B. Fundamentals of database systems. Pearson. 7th Ed. • Statistical databases used to provide statistics about various populations • Users permitted to retrieve statistical information • Must prohibit retrieval of individual data • Population: set of tuples of a relation (table) that satisfy some selection condition

  18. Introduction to Statistical Database Security (cont’d.) Source:Elmasri, R.Navathe B. Fundamentals of database systems. Pearson. 7th Ed. Pg 1147. Only statistical queries are allowed

  19. Introduction to Statistical Database Security (cont’d.) Source:Elmasri, R.Navathe B. Fundamentals of database systems. Pearson. 7th Ed. • Preventing the inference of individual information • Provide minimum threshold on number of tuples • Prohibit sequences of queries that refer to the same population of tuples • Introduce slight noise or inaccuracy • Partition the database • Store records in groups of minimum size

  20. Thank You!!

More Related