215 Security Project Presentation
-
Upload
priyabrata-pradhan -
Category
Documents
-
view
213 -
download
0
Transcript of 215 Security Project Presentation
-
8/8/2019 215 Security Project Presentation
1/33
Database Security and Authorization
ByYazmin Escoto Rodriguez
Christine Tannuwidjaja
-
8/8/2019 215 Security Project Presentation
2/33
Main Types of Security: Enforce security of portions of a database against
unauthorized access
- Database Security and Authorization Subsystem
Prevent unauthorized persons from accessing thesystem itself
- Access Control
Control the access to statistical databases
- Statistical Database Security
Protect sensitive data that is being transmitted viasome type of communications
- Data Encryption
-
8/8/2019 215 Security Project Presentation
3/33
Database Security and
Authorization Subsystem
Discretionary Security Mechanisms
- concerned with defining, modeling, andenforcing access to information
Mandatory Security Mechanisms for
Multilevel Security
- requires that data items and users areassigned to certain security labels
-
8/8/2019 215 Security Project Presentation
4/33
Mandatory Access Control
Elements:
OBJECTS CLASSIFICATIONS
--class(o)--
SUBJECTS CLEARANCE
--clear(s)--
Levels: Top Secret, Secret, Confidential, Unclassified
-
8/8/2019 215 Security Project Presentation
5/33
Mandatory Access Control
Rules: Simple Property:
subject s is allowed
to read data item d if
clear(s) class(d)
*-property:
subject s is allowedto write data item d if
clear(s) class(d)
Simple Property
protects informationfrom unauthorized
access
*-property protects
data fromcontamination or
unauthorized
modification
-
8/8/2019 215 Security Project Presentation
6/33
Multilevel Security Databases-
exampleSet up:
we have: - subject x with clear(x) = TS
- subject y with clear(y) = S
- subject z with clear(z) = U
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
-
8/8/2019 215 Security Project Presentation
7/33
Multilevel Security Databases-
exampleProject Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
Project Name Topic Location TC
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
-
8/8/2019 215 Security Project Presentation
8/33
Multilevel Security Databases-
exampleProject Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
Project Name Topic Location TC
Gold, U -, U -, U U
Indigo, U Telecommunication, U Austin, U U
-
8/8/2019 215 Security Project Presentation
9/33
Multilevel Security Databases-
example
subject z wants to insert the next tuple
< Silver, LP, Omaha>
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S SIndigo, U Telecommunication, U Austin, U U
Silver, U Linear Programming, U Omaha, U U
Polyinstantiation : the existence of multiple data objects with the same key
-
8/8/2019 215 Security Project Presentation
10/33
Multilevel Security Databases-
exampleProject Name Topic Location TC
Gold, U -, U -, U U
Indigo, U Telecommunication, U Austin, U U
subject z wants to replace the null values with certain data items
< Markov Chain, New Jersey>
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S
Indigo, U Telecommunication, U Austin, U U
Gold, U Markov Chain, U New Jersey, U U
-
8/8/2019 215 Security Project Presentation
11/33
Security Relevant Knowledge
Entity Relationship
-- describes thestructural part of the
database
Data Flow Diagram
-- represents thefunctions the
system should
perform
Classification Constraints
To assign to security classifications concepts of schemas:
- ones that classify items
- ones that classify query results
-
8/8/2019 215 Security Project Presentation
12/33
System Object
What is it?
Entity type
Specialization type
Relationship type
In security
it is the
target ofprotection
Notation
O(A1..,An)
- Ai (i=1..N) is anattribute and is
defined over
domain Di
Has an identity
property (keyattributes)
A (A1,..,An)
-
8/8/2019 215 Security Project Presentation
13/33
Multilevel Secure Application
MAJOR QUESTION:
Which way should the attributes and occurrences of Obe assigned to proper security classifications?
CLASSIFICATION
RESULT:
Security object O multilevel security object Om
Performed by means of security constraints
-
8/8/2019 215 Security Project Presentation
14/33
Graphical Extensions to the ER
N
X
P
(U) (Co) (S)
[U..S] [Co..TS]
(TS)
Secrecy Levels
Ranges of Secrecy
Levels
Aggregation leading
to TS (N..constant)
Inference leading to
Co
Evaluation of
predicate P
Security dependency
-
8/8/2019 215 Security Project Presentation
15/33
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
Is
Assigned
to
(0,N) (0,M)
ER Diagram
-
8/8/2019 215 Security Project Presentation
16/33
Object Classification Constraints
Simple Constraints Let X be a set of attributes of security object O (X {A1,,An})
SiC (O(X))=C, (C SL)
Results in a multilevel object Om(A1, C1,, An, Cn,TC) whereCi=C Ai X, Ci left unchanged for Ai X
Application to ER:
- SiC(Is Assigned to,{Function},S)
- assigns property Function of relationship Is Assigned to to aclassification of secret.
-
8/8/2019 215 Security Project Presentation
17/33
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
Is
Assigned
to
(0,N) (0,M)
ER Diagram classifying
properties of security objects
-
8/8/2019 215 Security Project Presentation
18/33
Object Classification Constraints
Content-based Constraints Let Aibe an attribute of security object O with domain Di, let P be a
predicate defined on Ai and let X {Ai,,An}
CbC (O(X), P: Ai a) = C or CbC (O(X), P: Ai Aj) = C( {=,,,,}, a Di, i j, C SL)
For any instance o of security object O(A1,,An) for which a predicateevaluates into true the transformation into o(a1,c1,,an,cn,tc) isperformed
Classifications are assigned in a way that ci = C in the case Ai X, cileft unchanged otherwise
Application to ER:- CbC (Employee, {SSN, Name}, Salary, , 100, Co))
- represents the semantic that properties SSN and Name of employeeswith a salary 100 are treated as confidential information
-
8/8/2019 215 Security Project Presentation
19/33
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
Is
Assigned
toP
(0,N) (0,M)
ER Diagram classifying
properties of security objects
-
8/8/2019 215 Security Project Presentation
20/33
Object Classification Constraints
Complex Constraints Let O, Obe two security objects and the existence of an instance o of
O is dependent on the existence of a corresponding occurrence o of O
where the k values of the identifying property K of o are identical to
k values of attributes of o (foreign key)
Let P(O) be a valid predicate defined on o and let X {A1,,An} bean attribute set of O
CoC (O(X), P(O)) = C (C SL)
For every instance o of security object O(A1,,An) for which apredicate evaluates into true in the related object o of O thetransformation into o(a1,c1,,an,cn,tc) is performed
Classifications are assigned in a way that ci = C in the case Ai X, cileft unchanged otherwise
-
8/8/2019 215 Security Project Presentation
21/33
Object Classification Constraints
Complex Constraints (cont)
Application to ER:- CoC (Is Assigned to, {SSN}, Project, Subject, =, Research, S)- individual assignment data (SSN) is regarded as secret information inthe case the assignment refers to a project with Subject = Research
-
8/8/2019 215 Security Project Presentation
22/33
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
Is
Assigned
toP
P
(0,N) (0,M)
ER Diagram classifying
properties of security objects
-
8/8/2019 215 Security Project Presentation
23/33
Object Classification Constraints
Level-based Constraints Let level (Ai) be a function that returns the classification ci of the value
of attribute Ai in object o(a1,c1,,an,cn,tc) of a multilevel securityobject Om
Let X be a set of attributes of Om such that X {A1,,An}
LbC (O(X)) = level (Ai)
Result for every object o(a1,c1,,an,cn,tc) to the assignment cj = ci in
the case AjX
Application to ER:- LbC (Project, {Client}, Subject)- states that property Client of security object Project must always havethe same classification as the property Subject of the Project
-
8/8/2019 215 Security Project Presentation
24/33
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
Is
Assigned
toP
P
(0,N) (0,M)
ER Diagram classifying
properties of security objects
-
8/8/2019 215 Security Project Presentation
25/33
Query Result Classification Constraints
Association-based Constraints
Let O (A1,An) be a security object with identifying property K
Let X (X {A1,,An} (K X = {}) be a set of attributes of O
AbC (O (K,X)) = C (C SL)
Results in the assignment of security level C to the retrieval result ofeach query that takes X together with identifying property K
Application to ER:- AbC (Employee, {Salary}, Co)- the salary of an individual person is confidential- the value of salaries without the information which employee getswhat salary is unclassified
-
8/8/2019 215 Security Project Presentation
26/33
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
Is
Assigned
to
(0,N) (0,M)
ER Diagram
classifying query results
[Co]
-
8/8/2019 215 Security Project Presentation
27/33
Query Result Classification Constraints
Aggregation Constraints
Let count(O) be a function that returns the number of instancesreferenced by a particular query and belonging to security object O(A1,,An)
Let X (X {A1,,An}) be sensitive attributes of O
AgC (O, (X, count(O) > n = C (C SL, n N)
Result into the classification C for the retrieval result of a query in the
case count(O) > n, i.e. the number of instances of O referenced by aquery accessing properties X exceeds the value n
-
8/8/2019 215 Security Project Presentation
28/33
Query Result Classification Constraints
Aggregation Constraints (cont)
Application to ER:- AgC (Is Assigned to, {Title}, 3, S)- the information which employee is assigned to what projects is
regarded as unclassified- aggregating all assignments for a certain project and thereby inferringwhich team is responsible for what project is considered secret
-
8/8/2019 215 Security Project Presentation
29/33
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
Is
Assigned
to
(0,N) (0,M)
ER Diagram
classifying query results
[Co]
3
-
8/8/2019 215 Security Project Presentation
30/33
Query Result Classification Constraints
Inference Constraints
Let PO be the set of multilevel objects involved in a potential logicalinference
Let O, O
be two particular objects from PO with correspondingmultilevel representation O (A1,C1,,An,Cn,TC) andO (A1,C
1,,A
n,C
n,TC
)
Let X {A1,,An} and Y {A1,,A
n})
IfC (O(X), O
(Y)) = C
Results into the assignment of security level C to the retrieval result ofeach query that takes Y together with the properties in X
-
8/8/2019 215 Security Project Presentation
31/33
Query Result Classification Constraints
Inference Constraints (cont)
Application to ER:- IfC (Employee, {Dep}, Project, {Subject}, Co)- consider the situation where the information which employee is
assigned to what projects is considered as confidential- from having access to the department an employee works for and tothe subject of a project, users may infer which department may beresponsible for the project and thus may conclude which employee areinvolved
-
8/8/2019 215 Security Project Presentation
32/33
SSN
Name
Dep
Salary
Title
Title
Function
SSN
Date
Client
SubjectEmployee Project
Is
Assigned
to
(0,N) (0,M)
ER Diagram
classifying query results
X
[Co]
3
-
8/8/2019 215 Security Project Presentation
33/33
QUESTION?