Geospatial Database Security

Geospatial Database Security Nguyễn Minh Nhật Nguyễn Ngọc Hương Thảo Lê Trần Hoài Thu

Content Part 01 Basic Knowledge about GIS Is some basic information to know about GIS Part 02 Authorization in GIS Database Is one of regular way to authorization about users and their privileges. Part 03 Some GIS Security Model Is some of Security model common used.

Contents of Basic GIS Introduction of GIS & Geospatial database GIS database structure

What is GIS? Application? USER GIS Geographical Information Systems REAL WORLD

GIS: history background • This technology has developed from: • Digital cartography and CAD • Data Base Management Systems 1 2 3 CAD System DataBaseManagement System

Geospatial Database Database map Attribute values

Contents of Basic GIS Introduction of GIS & Geospatial database GIS database structure

Representation of Geographical Information • Many spatial databases are partitioned internally: • Partitions defined spatially • Partitions defined thematically • Both • Tile: a geographical partition of a database • Layer: a thematic partition

LAYER • A layer: logical grouping of geographic feature, that can also be referred to as a coverage. Thematic Map of the Continental United States

States Rivers Lakes Roads Capitals Maps are composed of Layers LAYER

GIS database structure • Layers contain features or surfaces • Layers are represented by: • Vector model • Raster model • TIN model • GIS database structure: • Database map: spatial data • Attribute map: non-spatial data features surfaces

Representing data with vector • Vector model: geometric objects: • Points • Lines • Polygons • Spaghetti model and Topology model

Spaghetti model • Stores by x, y co-ordinate • Represents relational spatial data for each object • Represents attribute data

Spaghetti model • Advantages: • Simple , easy to represent • Disadvantages: • Unable to represent relational spatial data among these objects • Polygons: boundary is stored twice

Topology model • Spatial data • Relational spatial data topology • Arc-Node topology • Polygon-Arc topology

Representing data with vector • Advantage: • Allowing precise representation of points, boundaries, and linear features. • Disadvantage: • The boundaries of the resultant map polygons discrete, whereas in reality the map polygons may represent continuous gradation or gradual change

Representing data with raster • Raster model as image files: • Composed of grid-cells (pixels) • A value attribute table (VAT) keeps track of your value classification. • Add custom attributes by adding more columns. • Disadvantage? • Raster data has one or more bands. • Each band has an identical grid layout representing a different attribute.

Representing data with raster • Representing well indistinct boundaries • Thematic information on soil types, soil moisture, vegetation, ground temperatures • Being used as reconnaissance satellites and aerial surveys use raster-based scanners, the information (scanned images) can be directly incorporated into GIS • The higher the grid resolution, the larger the data file is going to be.

Representing data with TIN • TIN: Triangulated Irregular Networks • Representing continuous surfaces

Representing data with TIN • Network structure

Attribute data • Features are stored in a database along with information describing them. • Attributes of a street: name, street type, length, street code, number of lanes, pavement type. • Attributes of a park: name, area, hours of operation, maintenance schedule.

Attribute data 3 1 4 2 • Attribute values in a GIS are stored as relational database table. • Each feature within in GIS layer will be represented as a record in a table

Contents of Authorization in GIS Why is authorization in GIS important? Topological spatial data model (TSDM) Basic components of the model The geographic access control model Authorization control mechanism

Why is authorization in GIS important? • Geographical data have a strategic relevance in a large variety of contexts • Gathering and analyzing intelligence • Protecting critical infrastructure • Responding to complex emergencies • Preparing for disease outbreaks and bioterrorism • Securing complex events

Topological spatial data model (TSDM) • Geometric layer: • Shape and location on the earth surface of features • Geometric value: set of points, set of simple connected (or not) polylines, set of simple polygons • Topological layer: • Describing the topological relations of the feature with others features of the map • Relation: {Disjoint, Touch, In, Contains, Equal, Cross, Overlap}

Topological spatial data model (TSDM) Example of a geographical database the railway network

Topological spatial data model (TSDM) Topological relations among the features of the Region and the County feature types

Topological spatial data model (TSDM) • Geometric layer • Topological layer • Operators: • Feature-based operators • Map-based operators • Mixed operators

Basic components of the model • Subject and object • Subject: All users that interact with the system • Object: • Schema objects • Instance objects • Group objects • privileges • Instances privileges • Insertion privileges • Schema privileges

Basic components of the model • Authorization sign and type • Sign • (+) A subject is authorized for a given privilege • (-) A subject is denied access to a given object under a given privilege • Type: specifies whether an authorization can be overridden or not • Weak authorizations • Strong authorizations • Queries and windows • Grant option: Only (+) authorizations can be delegated

The geographic access control model • Authorization • Authorization extension • Correct authorization

Authorization • A tuple containing all the basic components of the model • The form: (u, p, pt, g, go, o ,t, w, q) • Example: • Set A = { a8 = (Ted, selM(2,geo),+,Bob,false,M_rail,st,Milan, ┴), a9 = (Ted, updF(0,space,+, Bod, false,Accident,wk, Milan, N=‘wrong manouevre’Name=‘X’(Accident)) }

Derivation rule • Derivation over object relationships • Derivation over privilege relationships • An authorization granting a privilege to objects with a certain dimension has to be propagated to objects with lower dimension • An authorization denying a privilege to objects with a certain dimension has to be propagated to objects with higher dimension

Derivation rule

Algorithms for access control • Given an access request r = (u,p,o) • An authorization: a = (u,p,pt,g,go,o,t,w,q) • The access request can be satisfied if: • R depends on a strong positive authorization and on no strong negative authorization • R depends on a weak positive authorization, on no weak negative authorization and on no strong authorization.

Contents of GIS Security Model Aspects in Security of Database System Analysis of Access Control Mechanisms for Spatial DB Secure Access Control in a Multi-User Geodatabase Access control model for spatial data on web Q&A

Aspects in Security of Database System  • Privacy • Confidential • Secrecy • Integrity • Accuracy • Granularity • Availability How????

Privacy & Secrecy  Access limit control • User private access right. • GIS User-level based. • Problems: • Non module GIS database. • Module GIS database. User 1 User 2 GIS Database GIS Database Aspects in Security of Database System

Privacy & Secrecy (cont)  Change 01 User 01 Change 02 User 02 GIS Database Change 03 User 03 Change 04 User 04 Change 05 User 05 Change 06 User 06 Change 07 User 07 Change …. User …. Aspects in Security of Database System

Availability  • Storage Structure Data Database Management • Application • Web Service • Web Users • Operating System Data Image Aspects in Security of Database System

Availability (cont)  • Database Restore • Loss of power • Disconnect. • Hardware or Software errors. forwarding Packet Aspects in Security of Database System

Granularity  • Metadata Aspects in Security of Database System

Integrity & Accuracy  • Data type • Not Null Definitions • Default Definitions • Identity Properties • Constraints • Rules • Triggers • Indexes • Advanced Query Techniques Integrity & Accuracy = Can’t be tampered (added, deleted, or altered) by illegal users. Aspects in Security of Database System

Confidentialy  Network Data Data User Data Data Data Poison Data Poison Data Confidentialy = only user knows data Attacker Aspects in Security of Database System

Contents of GIS Security Model Aspects in Security of Database System Analysis of Access Control Mechanisms for Spatial DB Efﬁcient Techniques for Realizing Geo-Spatial Access Control Secure Access Control in a Multi-User Geodatabase Access control model for spatial data on web

Introduction Two possible solution to restricting access to database: • SDE-based access control mechanism. • View-based access control mechanism. SDE-based access control mechanism View-based access control mechanism. Analysis of Access Control Mechanisms for Spatial DB

SDE-based access control mechanism • SDE (Spatial Data Engine). • Function: manage unstructured spatial data in structure RDBMS (Relational database management system) http://en.wikipedia.org/wiki/Relational_database_management_system Analysis of Access Control Mechanisms for Spatial DB

Geospatial Database Security

Geospatial Database Security

Presentation Transcript

DATABASE SECURITY

Database Security

Database Security

DATABASE SECURITY

Database Security

Database Security

Database Security

Database Security

Middle Verde Geospatial Database Project

Database Security

GEOSPATIAL DATABASE SECURITY

Approaches to Geospatial Database Integration

Database Security

Database Security

Geospatial Cyber Security

Database Security

Database Security

Database Security

Database Security