logging in or signing up 215 security projectpresentation Gabir Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 388 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: September 28, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: kostro (14 month(s) ago) cn u plz allow t his slides to be downloaded Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Slide1: Database Security and Authorization By Yazmin Escoto Rodriguez Christine TannuwidjajaMain Types of Security:: Main Types of Security: Enforce security of portions of a database against unauthorized access - Database Security and Authorization Subsystem Prevent unauthorized persons from accessing the system itself - Access Control Control the access to statistical databases - Statistical Database Security Protect sensitive data that is being transmitted via some type of communications - Data EncryptionDatabase Security and Authorization Subsystem : Database Security and Authorization Subsystem Discretionary Security Mechanisms - concerned with defining, modeling, and enforcing access to information Mandatory Security Mechanisms for Multilevel Security - requires that data items and users are assigned to certain security labels Mandatory Access Control : Mandatory Access Control Elements: OBJECTS CLASSIFICATIONS --class(o)-- SUBJECTS CLEARANCE --clear(s)-- Levels: Top Secret, Secret, Confidential, Unclassified Mandatory Access Control : Mandatory Access Control Rules: Simple Property: subject s is allowed to read data item d if clear(s) ≥ class(d) *-property: subject s is allowed to write data item d if clear(s) ≤ class(d) Simple Property protects information from unauthorized access *-property protects data from contamination or unauthorized modificationMultilevel Security Databases- example: Multilevel Security Databases- example Set up: we have: - subject x with clear(x) = TS - subject y with clear(y) = S - subject z with clear(z) = U Multilevel Security Databases- example: Multilevel Security Databases- example Slide8: Multilevel Security Databases- example Multilevel Security Databases- example: Multilevel Security Databases- example subject z wants to insert the next tuple < Silver, LP, Omaha> Polyinstantiation : the existence of multiple data objects with the same key Multilevel Security Databases- example: Multilevel Security Databases- example subject z wants to replace the null values with certain data items < Markov Chain, New Jersey> Security Relevant Knowledge: Security Relevant Knowledge Entity Relationship -- describes the structural part of the database Data Flow Diagram -- represents the functions the system should perform Classification Constraints To assign to security classifications concepts of schemas: ones that classify items ones that classify query resultsSystem Object: System Object What is it? Entity type Specialization type Relationship type In security it is the target of protection Notation O(A1..,An) - Ai (i=1..N) is an attribute and is defined over domain Di Has an identity property (key attributes) A ⊆ (A1,..,An)Multilevel Secure Application: Multilevel Secure Application MAJOR QUESTION: Which way should the attributes and occurrences of O be assigned to proper security classifications? CLASSIFICATION RESULT: Security object O multilevel security object Om Performed by means of security constraintsGraphical Extensions to the ER: Graphical Extensions to the ER N X P (U) (Co) (S) [U..S] [Co..TS] (TS) Secrecy Levels Ranges of Secrecy Levels Aggregation leading to TS (N..constant) Inference leading to Co Evaluation of predicate P Security dependency Slide15: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER DiagramObject Classification Constraints – Simple Constraints: Object Classification Constraints – Simple Constraints Let X be a set of attributes of security object O (X ⊆ {A1,…,An}) SiC (O(X))=C, (C ∈ SL) Results in a multilevel object Om(A1, C1,…, An, Cn,TC) where Ci=C ∀ Ai ∈ X, Ci left unchanged for Ai ∉ X Application to ER: - SiC(Is Assigned to,{Function},S) - assigns property Function of relationship “Is Assigned to” to a classification of secret.Slide17: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER Diagram – classifying properties of security objectsObject Classification Constraints – Content-based Constraints: Object Classification Constraints – Content-based Constraints Let Ai be an attribute of security object O with domain Di, let P be a predicate defined on Ai and let X ⊆ {Ai,…,An} CbC (O(X), P: Ai θ a) = C or CbC (O(X), P: Ai θ Aj) = C (θ ∈ {=,≠,<,>,≤,≥}, a ∈ Di, i ≠ j, C ∈ SL) For any instance o of security object O(A1,…,An) for which a predicate evaluates into true the transformation into o(a1,c1,…,an,cn,tc) is performed Classifications are assigned in a way that ci = C in the case Ai ∈ X, ci left unchanged otherwise Application to ER: - CbC (Employee, {SSN, Name}, Salary, ‘≥’, ‘100’, Co)) - represents the semantic that properties SSN and Name of employees with a salary ≥ 100 are treated as confidential informationSlide19: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to P (0,N) (0,M) ER Diagram – classifying properties of security objectsObject Classification Constraints – Complex Constraints: Object Classification Constraints – Complex Constraints Let O, O’ be two security objects and the existence of an instance o of O is dependent on the existence of a corresponding occurrence o’ of O’ where the k values of the identifying property K’ of o’ are identical to k values of attributes of o (foreign key) Let P(O’) be a valid predicate defined on o’ and let X ⊆ {A1,…,An} be an attribute set of O CoC (O(X), P(O’)) = C (C ∈ SL) For every instance o of security object O(A1,…,An) for which a predicate evaluates into true in the related object o’ of O’ the transformation into o(a1,c1,…,an,cn,tc) is performed Classifications are assigned in a way that ci = C in the case Ai ∈ X, ci left unchanged otherwise Slide21: Object Classification Constraints – Complex Constraints (con’t) Application to ER: - CoC (Is Assigned to, {SSN}, Project, Subject, ‘=‘, ‘Research’, S) - individual assignment data (SSN) is regarded as secret information in the case the assignment refers to a project with Subject = ‘Research’Slide22: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to P P (0,N) (0,M) ER Diagram – classifying properties of security objectsSlide23: Object Classification Constraints – Level-based Constraints Let level (Ai) be a function that returns the classification ci of the value of attribute Ai in object o(a1,c1,…,an,cn,tc) of a multilevel security object Om Let X be a set of attributes of Om such that X ⊆ {A1,…,An} LbC (O(X)) = level (Ai) Result for every object o(a1,c1,…,an,cn,tc) to the assignment cj = ci in the case Aj ∈ X Application to ER: - LbC (Project, {Client}, Subject) - states that property Client of security object Project must always have the same classification as the property Subject of the Project Slide24: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to P P (0,N) (0,M) ER Diagram – classifying properties of security objectsSlide25: Query Result Classification Constraints – Association-based Constraints Let O (A1,…An) be a security object with identifying property K Let X (X ⊆ {A1,…,An} (K ⋂ X = {}) be a set of attributes of O AbC (O (K,X)) = C (C ∈ SL) Results in the assignment of security level C to the retrieval result of each query that takes X together with identifying property K Application to ER: - AbC (Employee, {Salary}, Co) - the salary of an individual person is confidential - the value of salaries without the information which employee gets what salary is unclassifiedSlide26: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER Diagram – classifying query results [Co]Slide27: Query Result Classification Constraints – Aggregation Constraints Let count(O) be a function that returns the number of instances referenced by a particular query and belonging to security object O (A1,…,An) Let X (X ⊆ {A1,…,An}) be sensitive attributes of O AgC (O, (X, count(O) > n = C (C ∈ SL, n ∈ N) Result into the classification C for the retrieval result of a query in the case count(O) > n, i.e. the number of instances of O referenced by a query accessing properties X exceeds the value n Slide28: Query Result Classification Constraints – Aggregation Constraints (con’t) Application to ER: - AgC (Is Assigned to, {Title}, ‘3’, S) - the information which employee is assigned to what projects is regarded as unclassified - aggregating all assignments for a certain project and thereby inferring which team is responsible for what project is considered secretSlide29: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER Diagram – classifying query results [Co] 3Slide30: Query Result Classification Constraints – Inference Constraints Let PO be the set of multilevel objects involved in a potential logical inference Let O, O’ be two particular objects from PO with corresponding multilevel representation O (A1,C1,…,An,Cn,TC) and O’ (A’1,C’1,…,A’n,C’n,TC’) Let X ⊆ {A1,…,An} and Y ⊆ {A’1,…,A’n}) IfC (O(X), O’(Y)) = C Results into the assignment of security level C to the retrieval result of each query that takes Y together with the properties in XSlide31: Query Result Classification Constraints – Inference Constraints (con’t) Application to ER: - IfC (Employee, {Dep}, Project, {Subject}, Co) - consider the situation where the information which employee is assigned to what projects is considered as confidential - from having access to the department an employee works for and to the subject of a project, users may infer which department may be responsible for the project and thus may conclude which employee are involvedSlide32: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER Diagram – classifying query results X [Co] 3Slide33: QUESTION? You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
215 security projectpresentation Gabir Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 388 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: September 28, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: kostro (14 month(s) ago) cn u plz allow t his slides to be downloaded Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Slide1: Database Security and Authorization By Yazmin Escoto Rodriguez Christine TannuwidjajaMain Types of Security:: Main Types of Security: Enforce security of portions of a database against unauthorized access - Database Security and Authorization Subsystem Prevent unauthorized persons from accessing the system itself - Access Control Control the access to statistical databases - Statistical Database Security Protect sensitive data that is being transmitted via some type of communications - Data EncryptionDatabase Security and Authorization Subsystem : Database Security and Authorization Subsystem Discretionary Security Mechanisms - concerned with defining, modeling, and enforcing access to information Mandatory Security Mechanisms for Multilevel Security - requires that data items and users are assigned to certain security labels Mandatory Access Control : Mandatory Access Control Elements: OBJECTS CLASSIFICATIONS --class(o)-- SUBJECTS CLEARANCE --clear(s)-- Levels: Top Secret, Secret, Confidential, Unclassified Mandatory Access Control : Mandatory Access Control Rules: Simple Property: subject s is allowed to read data item d if clear(s) ≥ class(d) *-property: subject s is allowed to write data item d if clear(s) ≤ class(d) Simple Property protects information from unauthorized access *-property protects data from contamination or unauthorized modificationMultilevel Security Databases- example: Multilevel Security Databases- example Set up: we have: - subject x with clear(x) = TS - subject y with clear(y) = S - subject z with clear(z) = U Multilevel Security Databases- example: Multilevel Security Databases- example Slide8: Multilevel Security Databases- example Multilevel Security Databases- example: Multilevel Security Databases- example subject z wants to insert the next tuple < Silver, LP, Omaha> Polyinstantiation : the existence of multiple data objects with the same key Multilevel Security Databases- example: Multilevel Security Databases- example subject z wants to replace the null values with certain data items < Markov Chain, New Jersey> Security Relevant Knowledge: Security Relevant Knowledge Entity Relationship -- describes the structural part of the database Data Flow Diagram -- represents the functions the system should perform Classification Constraints To assign to security classifications concepts of schemas: ones that classify items ones that classify query resultsSystem Object: System Object What is it? Entity type Specialization type Relationship type In security it is the target of protection Notation O(A1..,An) - Ai (i=1..N) is an attribute and is defined over domain Di Has an identity property (key attributes) A ⊆ (A1,..,An)Multilevel Secure Application: Multilevel Secure Application MAJOR QUESTION: Which way should the attributes and occurrences of O be assigned to proper security classifications? CLASSIFICATION RESULT: Security object O multilevel security object Om Performed by means of security constraintsGraphical Extensions to the ER: Graphical Extensions to the ER N X P (U) (Co) (S) [U..S] [Co..TS] (TS) Secrecy Levels Ranges of Secrecy Levels Aggregation leading to TS (N..constant) Inference leading to Co Evaluation of predicate P Security dependency Slide15: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER DiagramObject Classification Constraints – Simple Constraints: Object Classification Constraints – Simple Constraints Let X be a set of attributes of security object O (X ⊆ {A1,…,An}) SiC (O(X))=C, (C ∈ SL) Results in a multilevel object Om(A1, C1,…, An, Cn,TC) where Ci=C ∀ Ai ∈ X, Ci left unchanged for Ai ∉ X Application to ER: - SiC(Is Assigned to,{Function},S) - assigns property Function of relationship “Is Assigned to” to a classification of secret.Slide17: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER Diagram – classifying properties of security objectsObject Classification Constraints – Content-based Constraints: Object Classification Constraints – Content-based Constraints Let Ai be an attribute of security object O with domain Di, let P be a predicate defined on Ai and let X ⊆ {Ai,…,An} CbC (O(X), P: Ai θ a) = C or CbC (O(X), P: Ai θ Aj) = C (θ ∈ {=,≠,<,>,≤,≥}, a ∈ Di, i ≠ j, C ∈ SL) For any instance o of security object O(A1,…,An) for which a predicate evaluates into true the transformation into o(a1,c1,…,an,cn,tc) is performed Classifications are assigned in a way that ci = C in the case Ai ∈ X, ci left unchanged otherwise Application to ER: - CbC (Employee, {SSN, Name}, Salary, ‘≥’, ‘100’, Co)) - represents the semantic that properties SSN and Name of employees with a salary ≥ 100 are treated as confidential informationSlide19: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to P (0,N) (0,M) ER Diagram – classifying properties of security objectsObject Classification Constraints – Complex Constraints: Object Classification Constraints – Complex Constraints Let O, O’ be two security objects and the existence of an instance o of O is dependent on the existence of a corresponding occurrence o’ of O’ where the k values of the identifying property K’ of o’ are identical to k values of attributes of o (foreign key) Let P(O’) be a valid predicate defined on o’ and let X ⊆ {A1,…,An} be an attribute set of O CoC (O(X), P(O’)) = C (C ∈ SL) For every instance o of security object O(A1,…,An) for which a predicate evaluates into true in the related object o’ of O’ the transformation into o(a1,c1,…,an,cn,tc) is performed Classifications are assigned in a way that ci = C in the case Ai ∈ X, ci left unchanged otherwise Slide21: Object Classification Constraints – Complex Constraints (con’t) Application to ER: - CoC (Is Assigned to, {SSN}, Project, Subject, ‘=‘, ‘Research’, S) - individual assignment data (SSN) is regarded as secret information in the case the assignment refers to a project with Subject = ‘Research’Slide22: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to P P (0,N) (0,M) ER Diagram – classifying properties of security objectsSlide23: Object Classification Constraints – Level-based Constraints Let level (Ai) be a function that returns the classification ci of the value of attribute Ai in object o(a1,c1,…,an,cn,tc) of a multilevel security object Om Let X be a set of attributes of Om such that X ⊆ {A1,…,An} LbC (O(X)) = level (Ai) Result for every object o(a1,c1,…,an,cn,tc) to the assignment cj = ci in the case Aj ∈ X Application to ER: - LbC (Project, {Client}, Subject) - states that property Client of security object Project must always have the same classification as the property Subject of the Project Slide24: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to P P (0,N) (0,M) ER Diagram – classifying properties of security objectsSlide25: Query Result Classification Constraints – Association-based Constraints Let O (A1,…An) be a security object with identifying property K Let X (X ⊆ {A1,…,An} (K ⋂ X = {}) be a set of attributes of O AbC (O (K,X)) = C (C ∈ SL) Results in the assignment of security level C to the retrieval result of each query that takes X together with identifying property K Application to ER: - AbC (Employee, {Salary}, Co) - the salary of an individual person is confidential - the value of salaries without the information which employee gets what salary is unclassifiedSlide26: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER Diagram – classifying query results [Co]Slide27: Query Result Classification Constraints – Aggregation Constraints Let count(O) be a function that returns the number of instances referenced by a particular query and belonging to security object O (A1,…,An) Let X (X ⊆ {A1,…,An}) be sensitive attributes of O AgC (O, (X, count(O) > n = C (C ∈ SL, n ∈ N) Result into the classification C for the retrieval result of a query in the case count(O) > n, i.e. the number of instances of O referenced by a query accessing properties X exceeds the value n Slide28: Query Result Classification Constraints – Aggregation Constraints (con’t) Application to ER: - AgC (Is Assigned to, {Title}, ‘3’, S) - the information which employee is assigned to what projects is regarded as unclassified - aggregating all assignments for a certain project and thereby inferring which team is responsible for what project is considered secretSlide29: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER Diagram – classifying query results [Co] 3Slide30: Query Result Classification Constraints – Inference Constraints Let PO be the set of multilevel objects involved in a potential logical inference Let O, O’ be two particular objects from PO with corresponding multilevel representation O (A1,C1,…,An,Cn,TC) and O’ (A’1,C’1,…,A’n,C’n,TC’) Let X ⊆ {A1,…,An} and Y ⊆ {A’1,…,A’n}) IfC (O(X), O’(Y)) = C Results into the assignment of security level C to the retrieval result of each query that takes Y together with the properties in XSlide31: Query Result Classification Constraints – Inference Constraints (con’t) Application to ER: - IfC (Employee, {Dep}, Project, {Subject}, Co) - consider the situation where the information which employee is assigned to what projects is considered as confidential - from having access to the department an employee works for and to the subject of a project, users may infer which department may be responsible for the project and thus may conclude which employee are involvedSlide32: SSN Name Dep Salary Title Title Function SSN Date Client Subject Employee Project Is Assigned to (0,N) (0,M) ER Diagram – classifying query results X [Co] 3Slide33: QUESTION?