1 / 9

Database Security

Database Security. Jagdish S. Gangolly School of Business State University of New York at Albany

temima
Download Presentation

Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Database Security Jagdish S. Gangolly School of Business State University of New York at Albany NOTE: These notes are based on the book Security in Computing, by Charles & Shari Pfleeger, and are prepared solely for the students in the course Acc 661 at SUNY Albany. They are not to be used by others without the permission of the instructor. Acc 661 Auditing of Adv Acctg Info Systems

  2. Database Security • Security requirements • Physical database integrity • Logical database integrity • Element integrity • Auditability • Access control • User authentication • Availability Acc 661 Auditing of Adv Acctg Info Systems

  3. Example of Oracle DBMS Architecture • Source: http://www.wilsonmar.com/1oraarch.htm Acc 661 Auditing of Adv Acctg Info Systems

  4. Database Integrity & Auditability • Field Checks (Domain) • Access control • Maintenance of change log • Granularity problem • Pass-through problem • Direct access of data vs. Inference problem Acc 661 Auditing of Adv Acctg Info Systems

  5. Database reliability & Integrity • Two-phase update: intent phase and commit phase • Redundancy/internal consistency • Error correction codes • Shadow fields • Backup and recovery procedures • Concurrency/Consistency/Deadlock management • Monitors and range comparisons • State constraints (eg., commit flag) and Transition constraints (eg., referential integrity) Acc 661 Auditing of Adv Acctg Info Systems

  6. Inference Problem • Direct vs. Indirect attacks • Tracker attacks: count((SEX=F)  (RACE=C)  (DORM=Holmes)) = count(SEX=F) – count((SEX=F)  ((RACE  C) (DORM  Holmes))) • Linear system vulnerability (inference by solving equations) Acc 661 Auditing of Adv Acctg Info Systems

  7. Controls against Inference Attacks • Controls applied against queries • Controls applied against individual items in the database • Suppression: sensitive data values are not provided (query is rejected) • Concealment: answer provided is close, but not the actual value • Limited response suppression: Low frequency elements are not displayed Acc 661 Auditing of Adv Acctg Info Systems

  8. Approaches to the Inference Problem • Suppress obviously sensitive information • Track what the user knows • Disguise data (random perturbation, rounding, …) Acc 661 Auditing of Adv Acctg Info Systems

  9. Acc 661 Auditing of Adv Acctg Info Systems

More Related