1 / 21

Computer System Security CSE 5339/7339

Computer System Security CSE 5339/7339. Session 21 November 2, 2004. Contents. Introduction to Database Database Security Group Work Kay’s presentation. Introduction to Database. Consider an enterprise, airline, for example Large amount of data kept for long period of time

vinny
Download Presentation

Computer System Security CSE 5339/7339

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer System SecurityCSE 5339/7339 Session 21 November 2, 2004

  2. Contents • Introduction to Database • Database Security • Group Work • Kay’s presentation

  3. Introduction to Database • Consider an enterprise, airline, for example • Large amount of data kept for long period of time • Information about: passengers, flights, aircraft, and personnel • Queries • Operations

  4. Four major Components • Data • Hardware • Software • Users – end user + application programmer + administrator

  5. Levels of Abstraction in a DBMS View 1 View 2 View n Conceptual Database Physical Database

  6. Important Concepts in Database • Data independence -- storage media; application • Schema -- record definition • Relation – table • Indexing – B trees • Entity/ Relationship model – entity, entity set, attributes, key, relationship • Relational Database – information for an enterprise  entities and relationships  relational database • SQL – Query language, programming language, embedded vs. interactive

  7. Recover and Concurrency • Transaction – single execution of a program – logical unit of work • Concurrency Problems • Lost update problem • Uncommitted dependency problem • Inconsistent analysis problem Solving the problem – the use of locks

  8. Locks • Problems – live lock, deadlock • Serial schedule , serializable schedule • Transactions must have the ACID properties • Atomicity – all or nothing • Consistency – only correct results are committed • Isolation – events within a transaction are hidden • Durability – committed results must be guaranteed

  9. Transaction execution Begin Begin Begin Begin ***Failure*** ***Abort*** ** System Abort ** Commit By the user System Crash Time out or deadlock Okay

  10. Four Recovery Actions • Transaction UNDO • Global UNDO – all incomplete transactions must be rolled back • Partial REDO – results of complete transactions that may have not been reflected in the DB • Global REDO – Archive recovery – old copy + archive log

  11. Time Famous Diagram T1 T2 T3 T4 T5 Checkpoint Failure

  12. Group Work • Discuss the two-phase update technique. Why is it needed? Work a simple example with your group.

  13. Sensitive Data • Data that should not be made public • Nothing sensitive and everything sensitive – can be handled by access control to the database itself • Some but not all are sensitive -- not only data elements but context and meaning • Factors that make data sensitive • Inherently sensitive • From a sensitive source • Declared sensitive • Part of a sensitive attribute or a sensitive record • Sensitive in relation to previously disclosed information

  14. Types of Disclosures • Exact data -- most serious disclosure • Bounds – sensitive data is between L and H • Negative result -- a value that is not a zero • Existence • Probable value -- probability that a certain element has a certain value A successful security strategy must protect against both direct and indirect disclosures

  15. Inference Problem A way to infer or derive sensitive data from non-sensitive data Consider the following database:

  16. Direct Attack • Obvious Select Name where Sex = M and Drug = 1 • Less Obvious Select Name where (Sex = M and Drug = 1) or (Sex  M and Sex  F) or (Dorm = Caruth)

  17. Indirect Attack To infer a final result based on one or more intermediate statistical results. • SUM Example: it might seem safe to report student aid total by sex and dorm We can infer that any female living in East such as Mary is not receiving AID

  18. Indirect Attack To infer a final result based on one or more intermediate statistical results. • Count Example: report the count of records for students by dorm and sex Combined with the sum report, one can infer that the two males in Holmes and West are receiving $5000 and $4000. Names can be found easily.

  19. Indirect Attack • Tracker attacks Count (( Sex = F) and (RACE = White) and (DORM = Holmes)) • If the result is one, the system may conceal it count(a and b and c) = count (a) – count(a andnot(b and c) Count ( Sex = F) Count (( Sex = F) and (RACE White) or (DORM Holmes))

  20. Control for Statistical Inference attacks • Suppress obviously sensitive information • Track what the user knows – very costly, how about two people or user with multiple IDS • Disguise the data – statistical results are close but not exact

  21. Group Work • Discuss a situation in which the sensitivity of an aggregate is greater than that of its constituent values. Discuss a situation in which the sensitivity of an aggregate is less than that of its constituent values

More Related