1 / 35

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Supporting Technologies. Objective of the Unit. This unit will provide an overview of the supporting technologies. Outline of Part I: Information Security.

cannonj
Download Presentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Supporting Technologies

  2. Objective of the Unit • This unit will provide an overview of the supporting technologies

  3. Outline of Part I: Information Security • Operating Systems Security • Network Security • Designing and Evaluating Systems • Web Security • Other Security Technologies

  4. Operating System Security • Access Control • Subjects are Processes and Objects are Files • Subjects have Read/Write Access to Objects • E.g., Process P1 has read acces to File F1 and write access to File F2 • Capabilities • Processes must presses certain Capabilities / Certificates to access certain files to execute certain programs • E.g., Process P1 must have capability C to read file F

  5. Mandatory Security • Bell and La Padula Security Policy • Subjects have clearance levels, Objects have sensitivity levels; clearance and sensitivity levels are also called security levels • Unclassified < Confidential < Secret < TopSecret • Compartments are also possible • Compartments and Security levels form a partially ordered lattice • Security Properties • Simple Security Property: Subject has READ access to an object of the subject’s security level dominates that of the objects • Star (*) Property: Subject has WRITE access to an object if the subject’s security level is dominated by that of the objects\

  6. Covert Channel Example • Trojan horse at a higher level covertly passes data to a Trojan horse at a lower level • Example: • File Lock/Unlock problem • Processes at Secret and Unclassified levels collude with one another • When the Secret process lock a file and the Unclassified process finds the file locked, a 1 bit is passed covertly • When the Secret process unlocks the file and the Unclassified process finds it unlocked, a 1 bit is passed covertly • Over time the bits could contain sensitive data

  7. Network Security • Security across all network layers • E.g., Data Link, Transport, Session, Presentation, Application • Network protocol security • Ver5ification and validation of network protocols • Intrusion detection and prevention • Applying data mining techniques • Encryption and Cryptography • Access control and trust policies • Other Measures • Prevention from denial of service, Secure routing, - - -

  8. Data Security: Access Control • Access Control policies were developed initially for file systems • E.g., Read/write policies for files • Access control in databases started with the work in System R and Ingres Projects • Access Control rules were defined for databases, relations, tuples, attributes and elements • SQL and QUEL languages were extended • GRANT and REVOKE Statements • Read access on EMP to User group A Where EMP.Salary < 30K and EMP.Dept <> Security • Query Modification: • Modify the query according to the access control rules • Retrieve all employee information where salary < 30K and Dept is not Security

  9. Steps to Designing a Secure System • Requirements, Informal Policy and model • Formal security policy and model • Security architecture • Identify security critical components; these components must be trusted • Design of the system • Verification and Validation

  10. Product Evaluation • Orange Book • Trusted Computer Systems Evaluation Criteria • Classes C1, C2, B1, B2, B3, A1 and beyond • C1 is the lowest level and A1 the highest level of assurance • Formal methods are needed for A1 systems • Interpretations of the Orange book for Networks (Trusted Network Interpretation) and Databases (Trusted Database Interpretation) • Several companion documents • Auditing, Inference and Aggregation, etc. • Many products are now evaluated using the federal Criteria

  11. Security Threats to Web/E-commerce

  12. Other Security Technologies • Middleware Security • Insider Threat Analysis • Risk Management • Trust and Economics • Biometrics • Secure Voting Machines • - - - - -

  13. Outline of Part II: Data Management • Concepts in database systems • Types of database systems • Distributed Data Management • Heterogeneous database integration • Federated data management

  14. An Example Database System Adapted from C. J. Date, Addison Wesley, 1990

  15. Metadata • Metadata describes the data in the database • Example: Database D consists of a relation EMP with attributes SS#, Name, and Salary • Metadatabase stores the metadata • Could be physically stored with the database • Metadatabase may also store constraints and administrative information • Metadata is also referred to as the schema or data dictionary

  16. Functional Architecture Data Management User Interface Manager Schema (Data Dictionary) Manager (metadata) Security/ Integrity Manager Query Manager Transaction Manager Storage Management File Manager Disk Manager

  17. DBMS Design Issues • Query Processing • Optimization techniques • Transaction Management • Techniques for concurrency control and recovery • Metadata Management • Techniques for querying and updating the metadatabase • Security/Integrity Maintenance • Techniques for processing integrity constraints and enforcing access control rules • Storage management • Access methods and index strategies for efficient access to the database

  18. Types of Database Systems • Relational Database Systems • Object Database Systems • Deductive Database Systems • Other • Real-time, Secure, Parallel, Scientific, Temporal, Wireless, Functional, Entity-Relationship, Sensor/Stream Database Systems, etc.

  19. Relational Database: Example Relation S: S# SNAME STATUS CITY S1 Smith 20 London S2 Jones 10 Paris S3 Blake 30 Paris S4 Clark 20 London S5 Adams 30 Athens Relation P: P# PNAME COLOR WEIGHT CITY P1 Nut Red 12 London P2 Bolt Green 17 Paris P3 Screw Blue 17 Rome P4 Screw Red 14 London P5 Cam Blue 12 Paris P6 Cog Red 19 London Relation SP: S# P# QTY S1 P1 300 S1 P2 200 S1 P3 400 S1 P4 200 S1 P5 100 S1 P6 100 S2 P1 300 S2 P2 400 S3 P2 200 S4 P2 200 S4 P4 300 S4 P5 400

  20. D1 D2 J1 Example Class Hierarchy ID Name Author Publisher Document Class Method2: Method1: Print-doc(ID) Print-doc-att(ID) Journal Subclass Book Subclass Volume # # of Chapters B1

  21. Example Composite Object Composite Document Object Section 2 Object Section 1 Object Paragraph 1 Object Paragraph 2 Object

  22. Data- base 1 DBMS 3 Data- base 3 Distributed Processor 3 Site 3 DBMS 1 Distributed Processor 1 Communication Network Site 1 Distributed Processor 2 Data- base 2 DBMS 2 Site 2 Distributed Database System

  23. Data Distribution S I T E 1 E M P 1 D E P T 1 D # S S # N a m e S a l a r y D # D n a m e M G R 1 0 1 J o h n 2 0 1 0 C . S c i . J a n e 2 0 2 P a u l 3 0 2 0 3 J a m e s 4 0 3 0 E n g l i s h D a v i d 2 0 4 J i l l 5 0 4 0 F r e n c h P e t e r 1 0 6 0 5 M a r y 2 0 6 J a n e 7 0 S I T E 2 E M P 2 D E P T 2 S S # N a m e S a l a r y D # D n a m e D # M G R 9 M a t h e w 7 0 5 0 5 0 J o h n M a t h 7 D a v i d 8 0 3 0 P h y s i c s P a u l 2 0 8 P e t e r 9 0 4 0

  24. Interoperability of Heterogeneous Database Systems Database System A Database System B (Relational) (Object- Oriented) Network Transparent access to heterogeneous databases - both users and application programs; Query, Transaction processing Database System C (Legacy)

  25. Different Data Models Network Node A Node B Node C Node D Database Database Database Database Network Model Object- Oriented Model Relational Model Hierarchical Model Developments: Tools for interoperability; commercial products Challenges: Global data model

  26. Federated Database Management Database System A Database System B Federation F1 Cooperating database systems yet maintaining some degree of autonomy Federation F2 Database System C

  27. Federated Data and Policy Management Data/Policy for Federation Export Export Data/Policy Data/Policy Export Data/Policy Component Component Data/Policy for Data/Policy for Agency A Agency C Component Data/Policy for Agency B

  28. Outline of Part I: Information Management • Information Management Framework • Information Management Overview • Some Information Management Technologies • Knowledge Management

  29. What is Information Management? • Information management essentially analyzes the data and makes sense out of the data • Several technologies have to work together for effective information management • Data Warehousing: Extracting relevant data and putting this data into a repository for analysis • Data Mining: Extracting information from the data previously unknown • Multimedia: managing different media including text, images, video and audio • Web: managing the databases and libraries on the web

  30. Data Warehouse Data Warehouse: Data correlating Employees With Medical Benefits and Projects Users Query the Warehouse Could be any DBMS; Usually based on the relational data model Oracle DBMS for Employees Sybase DBMS for Projects Informix DBMS for Medical

  31. Information Harvesting Knowledge Mining Data Mining Knowledge Discovery in Databases Data Dredging Data Archaeology Data Pattern Processing Database Mining Knowledge Extraction Siftware The process of discovering meaningful new correlations, patterns, and trends by sifting through large amounts of data, often previously unknown, using pattern recognition technologies and statistical and mathematical techniques (Thuraisingham 1998) Data Mining

  32. Video and Metadata Multimedia Information Management Broadcast News Editor (BNE) Video Source Broadcast News Navigator (BNN) Correlation Scene Change Detection Story GIST Theme Broadcast Detection Frame Classifier Key Frame Selection Commercial Detection Imagery Silence Detection Story Segmentation Multimedia Database Management System Audio Speaker Change Detection Closed Caption Text Token Detection Named Entity Tagging Closed Caption Preprocess Segregate Video Streams Analyze and Store Video and Metadata Web-based Search/Browse by Program, Person, Location, ...

  33. Image Processing:Example: Change Detection: • Trained Neural Network to predict “new” pixel from “old” pixel • Neural Networks good for multidimensional continuous data • Multiple nets gives range of “expected values” • Identified pixels where actual value substantially outside range of expected values • Anomaly if three or more bands (of seven) out of range • Identified groups of anomalous pixels

  34. TRUST P R I V A C Y Logic, Proof and Trust Rules/Query Other Services RDF, Ontologies XML, XML Schemas URI, UNICODE Semantic Web • Adapted from Tim Berners Lee’s description of the Semantic Web • Some Challenges: Security and Privacy cut across all layers

  35. Knowledge Management Components Knowledge Components of Management: Components, Cycle and Technologies Cycle: Technologies: Components: Knowledge, Creation Expert systems Strategies Sharing, Measurement Collaboration Processes And Improvement Training Metrics Web

More Related