slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Database Security and Authorization PowerPoint Presentation
Download Presentation
Database Security and Authorization

Loading in 2 Seconds...

play fullscreen
1 / 33

Database Security and Authorization - PowerPoint PPT Presentation


  • 341 Views
  • Uploaded on

Database Security and Authorization. By Yazmin Escoto Rodriguez Christine Tannuwidjaja. Main Types of Security:. Enforce security of portions of a database against unauthorized access - Database Security and Authorization Subsystem

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Database Security and Authorization' - Antony


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Database Security and Authorization

By

Yazmin Escoto Rodriguez

Christine Tannuwidjaja

main types of security
Main Types of Security:

Enforce security of portions of a database against unauthorized access

- Database Security and Authorization Subsystem

Prevent unauthorized persons from accessing the system itself

- Access Control

Control the access to statistical databases

- Statistical Database Security

Protect sensitive data that is being transmitted via some type of communications

- Data Encryption

database security and authorization subsystem
Database Security and Authorization Subsystem

Discretionary Security Mechanisms

- concerned with defining, modeling, and enforcing access to information

Mandatory Security Mechanisms for Multilevel Security

- requires that data items and users are assigned to certain security labels

mandatory access control
Mandatory Access Control

Elements:

OBJECTS CLASSIFICATIONS

--class(o)--

SUBJECTS CLEARANCE

--clear(s)--

Levels: Top Secret, Secret, Confidential, Unclassified

mandatory access control5
Mandatory Access Control

Rules:

Simple Property: subject s is allowed to read data item d if clear(s) ≥ class(d)

*-property:

subject s is allowed to write data item d if clear(s) ≤ class(d)

  • Simple Property protects information from unauthorized access
  • *-property protects data from contamination or unauthorized modification
multilevel security databases example
Set up:

we have: - subject x with clear(x) = TS

- subject y with clear(y) = S

- subject z with clear(z) = U

Multilevel Security Databases- example
multilevel security databases example9
Multilevel Security Databases- example
  • subject z wants to insert the next tuple

< Silver, LP, Omaha>

Polyinstantiation : the existence of multiple data objects with the same key

multilevel security databases example10
Multilevel Security Databases- example
  • subject z wants to replace the null values with certain data items

< Markov Chain, New Jersey>

security relevant knowledge
Security Relevant Knowledge

Data Flow Diagram -- represents the functions the system should perform

Entity Relationship

-- describes the structural part of the database

  • Classification Constraints
  • To assign to security classifications concepts of schemas:
  • ones that classify items
  • ones that classify query results
system object
System Object

In security it is the target of protection

  • Entity type
  • Specialization type
  • Relationship type

What is it?

O(A1..,An)

- Ai (i=1..N) is an attribute and is defined over domain Di

Has an identity property (key attributes)

A ⊆ (A1,..,An)

Notation

multilevel secure application
Multilevel Secure Application

MAJOR QUESTION:

Which way should the attributes and occurrences of O be assigned to proper security classifications?

CLASSIFICATION

RESULT:

Security object O  multilevel security object Om

Performed by means of security constraints

graphical extensions to the er
Graphical Extensions to the ER

Secrecy Levels

Ranges of Secrecy Levels

Aggregation leading to TS (N..constant)

Inference leading to Co

Evaluation of predicate P

Security dependency

(U)

(Co)

(S)

(TS)

[U..S]

[Co..TS]

N

X

P

slide15

ER Diagram

SSN

Date

Function

Title

Name

Is

Assigned

to

Subject

Employee

(0,N)

(0,M)

Project

Dep

Client

Salary

SSN

Title

object classification constraints simple constraints
Object Classification Constraints – Simple Constraints
  • Let X be a set of attributes of security object O (X ⊆ {A1,…,An})
  • SiC (O(X))=C, (C ∈ SL)
  • Results in a multilevel object Om(A1, C1,…, An, Cn,TC) where Ci=C ∀ Ai ∈ X, Ci left unchanged for Ai ∉ X
  • Application to ER:

- SiC(Is Assigned to,{Function},S)

- assigns property Function of relationship “Is Assigned to” to a classification of secret.

slide17

ER Diagram – classifying properties of security objects

SSN

Date

Function

Title

Name

Is

Assigned

to

Subject

Employee

(0,N)

(0,M)

Project

Dep

Client

Salary

SSN

Title

object classification constraints content based constraints
Object Classification Constraints – Content-based Constraints
  • Let Ai be an attribute of security object O with domain Di, let P be a predicate defined on Ai and let X ⊆ {Ai,…,An}
  • CbC (O(X), P: Aiθ a) = C or CbC (O(X), P: Aiθ Aj) = C

(θ ∈ {=,≠,<,>,≤,≥}, a∈ Di, i ≠ j, C ∈ SL)

  • For any instance o of security object O(A1,…,An) for which a predicate evaluates into true the transformation into o(a1,c1,…,an,cn,tc) is performed
  • Classifications are assigned in a way that ci = C in the case Ai ∈ X, ci left unchanged otherwise
  • Application to ER:

- CbC (Employee, {SSN, Name}, Salary, ‘≥’, ‘100’, Co))

- represents the semantic that properties SSN and Name of employees with a salary ≥ 100 are treated as confidential information

slide19

ER Diagram – classifying properties of security objects

SSN

Date

Function

Title

Name

Is

Assigned

to

Subject

Employee

(0,N)

(0,M)

Project

P

Dep

Client

Salary

SSN

Title

object classification constraints complex constraints
Object Classification Constraints – Complex Constraints
  • Let O, O’ be two security objects and the existence of an instance o of O is dependent on the existence of a corresponding occurrence o’ of O’ where the k values of the identifying property K’ of o’ are identical to k values of attributes of o (foreign key)
  • Let P(O’) be a valid predicate defined on o’ and let X ⊆ {A1,…,An} be an attribute set of O
  • CoC (O(X), P(O’)) = C (C ∈ SL)
  • For every instance o of security object O(A1,…,An) for which a predicate evaluates into true in the related object o’ of O’ the transformation into o(a1,c1,…,an,cn,tc) is performed
  • Classifications are assigned in a way that ci = C in the case Ai ∈ X, ci left unchanged otherwise
slide21

Object Classification Constraints – Complex Constraints (con’t)

  • Application to ER:
  • - CoC (Is Assigned to, {SSN}, Project, Subject, ‘=‘, ‘Research’, S)
  • - individual assignment data (SSN) is regarded as secret information in the case the assignment refers to a project with Subject = ‘Research’
slide22

ER Diagram – classifying properties of security objects

SSN

Date

Function

Title

Name

Is

Assigned

to

Subject

Employee

(0,N)

(0,M)

Project

P

Dep

Client

Salary

SSN

Title

P

slide23

Object Classification Constraints – Level-based Constraints

  • Let level (Ai) be a function that returns the classification ci of the value of attribute Ai in object o(a1,c1,…,an,cn,tc) of a multilevel security object Om
  • Let X be a set of attributes of Om such that X ⊆ {A1,…,An}
  • LbC (O(X)) = level (Ai)
  • Result for every object o(a1,c1,…,an,cn,tc) to the assignment cj = ci in the case Aj ∈ X
  • Application to ER:
  • - LbC (Project, {Client}, Subject)
  • - states that property Client of security object Project must always have the same classification as the property Subject of the Project
slide24

ER Diagram – classifying properties of security objects

SSN

Date

Function

Title

Name

Is

Assigned

to

Subject

Employee

(0,N)

(0,M)

Project

P

Dep

Client

Salary

SSN

Title

P

slide25

Query Result Classification Constraints – Association-based Constraints

  • Let O (A1,…An) be a security object with identifying property K
  • Let X (X ⊆ {A1,…,An} (K ⋂ X = {}) be a set of attributes of O
  • AbC (O (K,X)) = C (C ∈ SL)
  • Results in the assignment of security level C to the retrieval result of each query that takes X together with identifying property K
  • Application to ER:
  • - AbC (Employee, {Salary}, Co)
  • - the salary of an individual person is confidential
  • - the value of salaries without the information which employee gets what salary is unclassified
slide26

ER Diagram –

classifying query results

SSN

Date

Function

Title

Name

Is

Assigned

to

Subject

Employee

(0,N)

(0,M)

Project

Dep

Client

[Co]

Salary

SSN

Title

slide27

Query Result Classification Constraints – Aggregation Constraints

  • Let count(O) be a function that returns the number of instances referenced by a particular query and belonging to security object O (A1,…,An)
  • Let X (X ⊆ {A1,…,An}) be sensitive attributes of O
  • AgC (O, (X, count(O) > n = C (C ∈ SL, n ∈ N)
  • Result into the classification C for the retrieval result of a query in the case count(O) > n, i.e. the number of instances of O referenced by a query accessing properties X exceeds the value n
slide28

Query Result Classification Constraints – Aggregation Constraints (con’t)

  • Application to ER:
  • - AgC (Is Assigned to, {Title}, ‘3’, S)
  • - the information which employee is assigned to what projects is regarded as unclassified
  • - aggregating all assignments for a certain project and thereby inferring which team is responsible for what project is considered secret
slide29

ER Diagram –

classifying query results

SSN

Date

Function

Title

Name

Is

Assigned

to

Subject

Employee

(0,N)

(0,M)

Project

Dep

Client

[Co]

Salary

SSN

Title

3

slide30

Query Result Classification Constraints – Inference Constraints

  • Let PO be the set of multilevel objects involved in a potential logical inference
  • Let O, O’ be two particular objects from PO with corresponding multilevel representation O (A1,C1,…,An,Cn,TC) and O’ (A’1,C’1,…,A’n,C’n,TC’)
  • Let X ⊆ {A1,…,An} and Y⊆ {A’1,…,A’n})
  • IfC (O(X), O’(Y)) = C
  • Results into the assignment of security level C to the retrieval result of each query that takes Y together with the properties in X
slide31

Query Result Classification Constraints – Inference Constraints (con’t)

  • Application to ER:
  • - IfC (Employee, {Dep}, Project, {Subject}, Co)
  • - consider the situation where the information which employee is assigned to what projects is considered as confidential
  • - from having access to the department an employee works for and to the subject of a project, users may infer which department may be responsible for the project and thus may conclude which employee are involved
slide32

ER Diagram –

classifying query results

SSN

Date

Function

Title

Name

Is

Assigned

to

Subject

Employee

(0,N)

(0,M)

Project

Dep

Client

[Co]

Salary

SSN

Title

3

X