database security and authorization by yazmin escoto rodriguez christine tannuwidjaja
Post on 19-Dec-2015
224 views
TRANSCRIPT
![Page 1: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/1.jpg)
Database Security and Authorization
ByYazmin Escoto RodriguezChristine Tannuwidjaja
![Page 2: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/2.jpg)
Main Types of Security:
Enforce security of portions of a database against unauthorized access - Database Security and Authorization Subsystem
Prevent unauthorized persons from accessing the system itself - Access Control
Control the access to statistical databases - Statistical Database Security
Protect sensitive data that is being transmitted via some type of communications - Data Encryption
![Page 3: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/3.jpg)
Database Security and Authorization Subsystem
Discretionary Security Mechanisms
- concerned with defining, modeling, and enforcing access to information
Mandatory Security Mechanisms for Multilevel Security
- requires that data items and users are assigned to certain security labels
![Page 4: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/4.jpg)
Mandatory Access Control
Elements:OBJECTS CLASSIFICATIONS --class(o)--
SUBJECTS CLEARANCE --clear(s)--
Levels: Top Secret, Secret, Confidential,
Unclassified
![Page 5: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/5.jpg)
Mandatory Access Control
Rules: Simple Property:
subject s is allowed to read data item d if clear(s) ≥ class(d)
*-property:
subject s is allowed to write data item d if clear(s) ≤ class(d)
Simple Property protects information from unauthorized access
*-property protects data from contamination or unauthorized modification
![Page 6: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/6.jpg)
Multilevel Security Databases- example
Set up:
we have: - subject x with clear(x) = TS - subject y with clear(y) = S - subject z with clear(z) = U
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
![Page 7: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/7.jpg)
Multilevel Security Databases- example
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
Project Name Topic Location TC
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
![Page 8: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/8.jpg)
Multilevel Security Databases- example
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
Project Name Topic Location TC
Gold, U -, U -, U U
Indigo, U Telecommunication, U Austin, U U
![Page 9: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/9.jpg)
Multilevel Security Databases- example
subject z wants to insert the next tuple
< Silver, LP, Omaha>
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
Silver, U Linear Programming, U Omaha, U U
Polyinstantiation : the existence of multiple data objects with the same key
![Page 10: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/10.jpg)
Multilevel Security Databases- example
Project Name Topic Location TC
Gold, U -, U -, U U
Indigo, U Telecommunication, U Austin, U U
subject z wants to replace the null values with certain data items
< Markov Chain, New Jersey>
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
Gold, U Markov Chain, U New Jersey, U U
![Page 11: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/11.jpg)
Security Relevant Knowledge
Entity Relationship-- describes the structural part of the database
Data Flow Diagram -- represents the functions the system should perform
Classification ConstraintsTo assign to security classifications concepts of schemas:- ones that classify items- ones that classify query results
![Page 12: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/12.jpg)
System Object
What is it?• Entity type• Specialization type• Relationship type
In security it is the target of protection
Notation
O(A1..,An)- Ai (i=1..N) is an attribute and is defined over domain Di
Has an identity property (key attributes)A ⊆ (A1,..,An)
![Page 13: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/13.jpg)
Multilevel Secure Application
MAJOR QUESTION:Which way should the attributes and occurrences of O be assigned to proper security classifications?
CLASSIFICATION
RESULT:
Security object O multilevel security object Om
Performed by means of security constraints
![Page 14: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/14.jpg)
Graphical Extensions to the ER
N
X
P
(U) (Co) (S)
[U..S] [Co..TS]
(TS)
Secrecy Levels
Ranges of Secrecy Levels
Aggregation leading to TS (N..constant)
Inference leading to Co
Evaluation of predicate P
Security dependency
![Page 15: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/15.jpg)
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
IsAssigned
to
(0,N) (0,M)
ER Diagram
![Page 16: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/16.jpg)
Object Classification Constraints – Simple Constraints
• Let X be a set of attributes of security object O (X {A⊆ 1,…,An}) • SiC (O(X))=C, (C SL) ∈
• Results in a multilevel object Om(A1, C1,…, An, Cn,TC) where Ci=C A∀ i X, C∈ i left unchanged for Ai X∉
• Application to ER: - SiC(Is Assigned to,{Function},S) - assigns property Function of relationship “Is Assigned to” to a
classification of secret.
![Page 17: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/17.jpg)
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
IsAssigned
to
(0,N) (0,M)
ER Diagram – classifying properties of security objects
![Page 18: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/18.jpg)
Object Classification Constraints – Content-based Constraints
• Let Ai be an attribute of security object O with domain D i, let P be a predicate defined on Ai and let X {A⊆ i,…,An}
• CbC (O(X), P: Ai θ a) = C or CbC (O(X), P: Ai θ Aj) = C (θ {=,≠,<,>,≤,≥}, a∈ D∈ i, i ≠ j, C SL)∈
• For any instance o of security object O(A1,…,An) for which a predicate evaluates into true the transformation into o(a1,c1,…,an,cn,tc) is performed
• Classifications are assigned in a way that c i = C in the case Ai X, c∈ i left unchanged otherwise
• Application to ER: - CbC (Employee, {SSN, Name}, Salary, ‘≥’, ‘100’, Co)) - represents the semantic that properties SSN and Name of employees with a
salary ≥ 100 are treated as confidential information
![Page 19: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/19.jpg)
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
IsAssigned
toP
(0,N) (0,M)
ER Diagram – classifying properties of security objects
![Page 20: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/20.jpg)
Object Classification Constraints – Complex Constraints
• Let O, O’ be two security objects and the existence of an instance o of O is dependent on the existence of a corresponding occurrence o’ of O’ where the k values of the identifying property K’ of o’ are identical to k values of attributes of o (foreign key)
• Let P(O’) be a valid predicate defined on o’ and let X {A⊆ 1,…,An} be an attribute set of O
• CoC (O(X), P(O’)) = C (C SL)∈
• For every instance o of security object O(A1,…,An) for which a predicate evaluates into true in the related object o’ of O’ the transformation into o(a1,c1,…,an,cn,tc) is performed
• Classifications are assigned in a way that ci = C in the case Ai X, c∈ i left unchanged otherwise
![Page 21: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/21.jpg)
Object Classification Constraints – Complex Constraints (con’t)
• Application to ER: - CoC (Is Assigned to, {SSN}, Project, Subject, ‘=‘, ‘Research’, S) - individual assignment data (SSN) is regarded as secret information in
the case the assignment refers to a project with Subject = ‘Research’
![Page 22: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/22.jpg)
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
IsAssigned
toP
P
(0,N) (0,M)
ER Diagram – classifying properties of security objects
![Page 23: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/23.jpg)
Object Classification Constraints – Level-based Constraints
• Let level (Ai) be a function that returns the classification ci of the value of attribute Ai in object o(a1,c1,…,an,cn,tc) of a multilevel security object Om
• Let X be a set of attributes of Om such that X {A⊆ 1,…,An}
• LbC (O(X)) = level (Ai)
• Result for every object o(a1,c1,…,an,cn,tc) to the assignment cj = ci in the case Aj X∈
• Application to ER: - LbC (Project, {Client}, Subject) - states that property Client of security object Project must always have
the same classification as the property Subject of the Project
![Page 24: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/24.jpg)
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
IsAssigned
toP
P
(0,N) (0,M)
ER Diagram – classifying properties of security objects
![Page 25: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/25.jpg)
Query Result Classification Constraints – Association-based Constraints
• Let O (A1,…An) be a security object with identifying property K
• Let X (X {A⊆ 1,…,An} (K X = {}) be a set of attributes of O⋂• AbC (O (K,X)) = C (C SL)∈
• Results in the assignment of security level C to the retrieval result of each query that takes X together with identifying property K
• Application to ER: - AbC (Employee, {Salary}, Co) - the salary of an individual person is confidential - the value of salaries without the information which employee gets
what salary is unclassified
![Page 26: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/26.jpg)
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
IsAssigned
to
(0,N) (0,M)
ER Diagram – classifying query results
[Co]
![Page 27: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/27.jpg)
Query Result Classification Constraints – Aggregation Constraints
• Let count(O) be a function that returns the number of instances referenced by a particular query and belonging to security object O (A1,…,An)
• Let X (X {A⊆ 1,…,An}) be sensitive attributes of O
• AgC (O, (X, count(O) > n = C (C SL, n N)∈ ∈
• Result into the classification C for the retrieval result of a query in the case count(O) > n, i.e. the number of instances of O referenced by a query accessing properties X exceeds the value n
![Page 28: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/28.jpg)
Query Result Classification Constraints – Aggregation Constraints (con’t)
• Application to ER: - AgC (Is Assigned to, {Title}, ‘3’, S) - the information which employee is assigned to what projects is
regarded as unclassified - aggregating all assignments for a certain project and thereby inferring
which team is responsible for what project is considered secret
![Page 29: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/29.jpg)
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
IsAssigned
to
(0,N) (0,M)
ER Diagram – classifying query results
[Co]
3
![Page 30: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/30.jpg)
Query Result Classification Constraints – Inference Constraints
• Let PO be the set of multilevel objects involved in a potential logical inference
• Let O, O’ be two particular objects from PO with corresponding multilevel representation O (A1,C1,…,An,Cn,TC) and O’ (A’
1,C’1,…,A’
n,C’n,TC’)
• Let X {A⊆ 1,…,An} and Y {A⊆ ’
1,…,A’n})
• IfC (O(X), O’(Y)) = C
• Results into the assignment of security level C to the retrieval result of each query that takes Y together with the properties in X
![Page 31: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/31.jpg)
Query Result Classification Constraints – Inference Constraints (con’t)
• Application to ER: - IfC (Employee, {Dep}, Project, {Subject}, Co) - consider the situation where the information which employee is
assigned to what projects is considered as confidential - from having access to the department an employee works for and to
the subject of a project, users may infer which department may be responsible for the project and thus may conclude which employee are involved
![Page 32: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/32.jpg)
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
IsAssigned
to
(0,N) (0,M)
ER Diagram – classifying query results
X
[Co]
3
![Page 33: Database Security and Authorization By Yazmin Escoto Rodriguez Christine Tannuwidjaja](https://reader036.vdocuments.us/reader036/viewer/2022062714/56649d3e5503460f94a170fb/html5/thumbnails/33.jpg)
QUESTION?