introduction to db security
play

Introduction to DB Security Secrecy: Users should not be able to see - PDF document

May 07, 2023 •390 likes •424 views

Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. Security E.g., A student cant see other students grades. Integrity: Users should not be able to modify things they are not

  1. Introduction to DB Security ❖ Secrecy: Users should not be able to see things they are not supposed to. Security – E.g., A student can’t see other students’ grades. ❖ Integrity: Users should not be able to modify things they are not supposed to. Lecture 17 – E.g., Only instructors can assign grades. ❖ Availability: Users should be able to see and modify things they are allowed to. Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 1 2 Access Controls Discretionary Access Control ❖ A security policy specifies who is authorized ❖ Based on the concept of access rights or privileges for objects (tables and views), and to do what. mechanisms for giving users privileges (and ❖ A security mechanism allows us to enforce a revoking privileges). chosen security policy. ❖ Creator of a table or a view automatically gets ❖ Two main mechanisms at the DBMS level: all privileges on it. – Discretionary access control – DMBS keeps track of who subsequently gains and loses privileges, and ensures that only requests – Mandatory access control from users who have the necessary privileges (at the time the request is issued) are allowed. Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 3 4 GRANT Command GRANT and REVOKE of Privileges GRANT privileges ON object TO users [WITH GRANT OPTION] ❖ GRANT INSERT, SELECT ON Sailors TO Horatio v The following privileges can be specified: – Horatio can query Sailors or insert tuples into it. v SELECT : Can read all columns (including those added later ❖ GRANT DELETE ON Sailors TO Yuppy WITH GRANT via ALTER TABLE command). OPTION v INSERT (col-name): Can insert tuples with non-null or non- default values in this column. – Yuppy can delete tuples, and also authorize others to do so. v INSERT means same right with respect to all columns. ❖ GRANT UPDATE ( rating ) ON Sailors TO Dustin v DELETE : Can delete tuples. v REFERENCES (col-name): Can define foreign keys (in other – Dustin can update (only) the rating field of Sailors tuples. tables) that refer to this column. ❖ GRANT SELECT ON ActiveSailors TO Guppy, Yuppy v If a user has a privilege with the GRANT OPTION, can pass privilege on to other users (with or without – This does NOT allow the ‘uppies to query Sailors directly! passing on the GRANT OPTION ). ❖ REVOKE : When a privilege is revoked from X, it is v Only owner can execute CREATE, ALTER, and DROP. also revoked from all users who got it solely from X. Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 5 6

  2. GRANT/REVOKE on Views Views and Security ❖ Views can be used to present necessary ❖ If the creator of a view loses the SELECT information (or a summary), while hiding privilege on an underlying table, the view is details in underlying relation(s). dropped! – Given ActiveSailors, but not Sailors or Reserves, we can find sailors who have a reservation, but not the ❖ If the creator of a view loses a privilege held bid ’s of boats that have been reserved. with the grant option on an underlying table, ❖ Creator of view has a privilege on the view if (s)he loses the privilege on the view as well; (s)he has the privilege on all underlying tables. so do users who were granted that privilege on the view! ❖ Together with GRANT/REVOKE commands, views are a very powerful access control tool. Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 7 8 Role-Based Authorization Security to the Level of a Field! ❖ In SQL-92, privileges are actually assigned to ❖ Can create a view that only returns one field authorization ids, which can denote a single of one tuple. (How?) user or a group of users. ❖ Then grant access to that view accordingly. ❖ In SQL:1999 (and in many current systems), ❖ Allows for arbitrary granularity of control privileges are assigned to roles. – A bit clumsy to specify. – Roles can then be granted to users and to other roles. – Can be hidden under a good UI. – Reflects how real organizations work. – Illustrates how standards often catch up with “de facto” standards embodied in popular systems. Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 9 10 Mandatory Access Control Why Mandatory Control? ❖ Based on system-wide policies that cannot be ❖ Discretionary control has some flaws, e.g., the Trojan changed by individual users. horse problem: – Each DB object is assigned a security class. – Dick creates Horsie and gives INSERT privileges to Justin (who doesn’t know about this). – Each subject (user or user program) is assigned a clearance for a security class. – Dick modifes the code of an application program used by Justin to additionally write some secret data to table Horsie. – Rules based on security classes and clearances govern who can read/write which objects. – Now, Justin can see the secret info. ❖ Most commercial systems do not support mandatory ❖ The modification of the code is beyond the DBMSs access control. Versions of some DBMSs do support control, but it can try and prevent the use of the it; used for specialized (e.g., military) applications. database as a channel for secret information. Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 11 12

  3. Bell-LaPadula Model Intuition ❖ Objects (e.g., tables, views, tuples) ❖ Idea is to ensure that information can never flow from a higher to a lower security level. ❖ Subjects (e.g., users, user programs) ❖ E.g., If Dick has security class C, Justin has class S, ❖ Security classes: and the secret table has class S: – Top secret (TS), secret (S), confidential (C), – Dick’s table, Horsie, has Dick’s clearance, C. unclassified (U): TS > S> C > U – Justin’s application has his clearance, S. ❖ Each object and subject is assigned a class. – So, the program cannot write into table Horsie. – Subject S can read object O only if class(S) >= ❖ The mandatory access control rules are applied in class(O) (Simple Security Property) addition to any discretionary controls that are in – Subject S can write object O only if class(S) <= effect. class(O) (*-Property) Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 13 14 Multilevel Relations Statistical DB Security bid bname color class ❖ Statistical DB: Contains information about 101 Salsa Red S individuals, but allows only aggregate queries 102 Pinto Brown C (e.g., average age, rather than Joe’s age). ❖ Users with S and TS clearance will see both rows; ❖ New problem: It may be possible to infer some a user with C will only see the 2 nd row; a user secret information! with U will see no rows. – E.g., If I know Joe is the oldest sailor, I can ask “How many sailors are older than X?” for different values ❖ If user with C tries to insert <101,Pasta,Blue,C>: of X until I get the answer 1; this allows me to infer – Allowing insertion violates key constraint Joe’s age. – Disallowing insertion tells user that there is another ❖ Idea: Insist that each query must involve at object with key 101 that has a class > C! least N rows, for some N. Will this work? (No!) – Problem resolved by treating class field as part of key. Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 15 16 Why Minimum N is Not Enough Summary ❖ Three main security objectives: secrecy, integrity, ❖ By asking “How many sailors older than X?” availability. until the system rejects the query, can identify ❖ DB admin is responsible for overall security. a set of N sailors, including Joe, that are older – Designs security policy, maintains an audit trail, or history of than X; let X=55 at this point. users’ accesses to DB. ❖ Two main approaches to DBMS security: discretionary ❖ Next, ask “What is the sum of ages of sailors and mandatory access control. older than X?” Let result be S1. – Discretionary control based on notion of privileges. ❖ Next, ask “What is sum of ages of sailors other – Mandatory control based on notion of security classes. than Joe who are older than X, plus my age?” ❖ Statistical DBs try to protect individual data by Let result be S2. supporting only aggregate queries, but often, individual information can be inferred. ❖ S1-S2 is Joe’s age! Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke 17 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to data security. - Security requirements. - Types of security threats. - Security risks. - Technologies and security solutions. Introduction

411 views • 37 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security Landscape Meraki Security Demo Security Landscape The Growing Importance of Security MALWARE HAS RISEN BY MORE THAN 10X IN THE LAST YEAR 70% M ALW AR E

604 views • 35 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering

790 views • 39 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
Between Fluffy Bunnies and Command &amp; Control Agile Adop8on

Between Fluffy Bunnies and Command &amp; Control Agile Adop8on

Between Fluffy Bunnies and Command &amp; Control Agile Adop8on in Prac8ce 5493 Benjamin Mitchell Independent Consultant @benjaminm Mixed Messages &amp;

964 views • 48 slides
Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010

Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010

Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010 Philippe Lagadec NATO C3 Agency CAT2 Cyber Defence and Assured Information Sharing Au menu Cyber-Dfense Visualisation CIAP -

306 views • 26 slides
hip, transitioning from command and control to teaming and trust Dr. Scott Reed Head of

hip, transitioning from command and control to teaming and trust Dr. Scott Reed Head of

Joining Humans and Robots at the hip, transitioning from command and control to teaming and trust Dr. Scott Reed Head of Engineering The 5 Year Vision 1. Can you survey the 1 sq. km area immediately outside the harbour? 3. I see the ATR

279 views • 14 slides
COMP 2718: Introduction By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline

COMP 2718: Introduction By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline

COMP 2718: Introduction By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline What this course is about The command line interface (CLI) CLI vs. GUI What uses are there for the CLI? What this course is about Its

379 views • 11 slides
Reverse Engineering In-System-Configuration Controllers Jessy Diamond Exum (diamondman) Initial

Reverse Engineering In-System-Configuration Controllers Jessy Diamond Exum (diamondman) Initial

Reverse Engineering In-System-Configuration Controllers Jessy Diamond Exum (diamondman) Initial Project 3-4 year in the making 7400 logic based processor Agenda 1. An attempt to build a Processor (and how it ended in flames) 2. A

802 views • 48 slides
The R-Tcl/Tk interface: Potential usage for graphical models Peter Dalgaard Department of

The R-Tcl/Tk interface: Potential usage for graphical models Peter Dalgaard Department of

The R-Tcl/Tk interface: Potential usage for graphical models Peter Dalgaard Department of Biostatistics Faculty of Health Sciences, University of Copenhagen gR-2003 Aalborg, September 1720, 2001. 1 Overview What is Tcl/Tk? Tool

381 views • 17 slides
The Essence of iRRAM Andrej Bauer (University of Ljubljana) Sewon Park (KAIST) Alex Simpson

The Essence of iRRAM Andrej Bauer (University of Ljubljana) Sewon Park (KAIST) Alex Simpson

Thank you for giving me the opportunity to speak. I will present some recent work done jointly with Sewon Park and Alex Simpson. The work is still in progress but we think its worth reporting about. Our work was inspired by the ERC

531 views • 15 slides
Schedule UC Santa Barbara Announcements Send me email

Schedule UC Santa Barbara Announcements Send me email

Schedule UC Santa Barbara Announcements Send me email with teams and team name Demo 8mes (4/26, 5/17, 6/7 from 3-7) Anonymous Feedback

374 views • 20 slides

More recommend