logging in or signing up Lecture6 Miguel Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 711 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 30, 2007 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Data and Applications Security Developments and Directions: Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Multilevel Secure Database Management Systems January 31, and February 5, 2007 Outline: Outline What is an MLS/DBMS? Summary of Developments Challenges MLS/DBMS Designs and Prototypes Data Models and Functions Directions What is an MLS/DBMS?: What is an MLS/DBMS? Users are cleared at different security levels Data in the database is assigned different sensitivity levels--multilevel database Users share the multilevel database MLS/DBMS is the software that ensures that users only obtain information at or below their level In general, a user reads at or below his level and writes at his levelWhy MLS/DBMS?: Why MLS/DBMS? Operating systems control access to files; coarser grain of granularity Database stores relationships between data Content, Context, and Dynamic access control Traditional operating systems access control to files is not sufficient Need multilevel access control for DBMSsSummary of Developments : Summary of Developments Early Efforts 1975 – 1982; example: Hinke-Shafer approach Air Force Summer Study, 1982 Research Prototypes (Integrity Lock, SeaView, LDV, etc.); 1984 - Present Trusted Database Interpretation; published 1991 Commercial Products; 1988 - PresentAir Force Summer Study: Air Force Summer Study Air Force convened a summer study to investigate MLS/DBMS designs Then study was divided into three groups focusing on different aspects Group 1 investigated the Integrity Lock approach; Trusted subject approach and Distributed approach Group 2 investigated security for military messaging systems Group 3 focused on longer-term issues such as inference and aggregationOutcome of the Air Force Summer Study: Outcome of the Air Force Summer Study Report published in 1983 MITRE designed and developed systems based on Integrity Lock and Trust subject architectures 1984 - 1986 Rome Air Development Center (RADC, now Air Force Research Lab) funded efforts to examine long-term approaches; example: SeaView and LDV both intended to be A1 systems RADC also funded efforts to examine the distributed approach Several prototypes and products followedTDI: TDI Trusted Database Interpretation is the Interpretation of the Trusted Computer Systems Evaluation criteria to evaluate commercial products Classes C1, C2, B1, B2, B3, A1 and Beyond TCB (Trusted Computing Base Subsetting) for MAC, DAC, etc. (mandatory access control, discretionary access control) Companion documents for Inference and Aggregation, Auditing, etc. Taxonomy for MLS/DBMSs: Taxonomy for MLS/DBMSs Integrity Lock Architecture: Trusted Filter; Untrusted Back-end, Untrusted Front-end. Checksum is computed by the filter based on data content and security level. Checksum recomputed when data is retrieved. Operating Systems Providing Access Control/ Single Kernel: Multilevel data is partitioned into single level files. Operating system controls access to the filed Extended Kernel: Kernel extensions for functions such as inference and aggregation and constraint processing Trusted Subject: DBMS provides access control to its own data such as relations, tuples and attributes Distributed: Data is partitioned according to security levels; In the partitioned approach, data is not replicated and there is one DBMS per level. In the replicated approach lower level data is replicated at the higher level databasesIntegrity Lock: Integrity Lock Operating System Providing Mandatory Access Control: Operating System Providing Mandatory Access Control Extended Kernel: Extended Kernel Trusted Subject : Trusted Subject Distributed Approach - I: Distributed Approach - I Distributed Approach II: Distributed Approach II Overview of MLS/DBMS Designs: Overview of MLS/DBMS Designs Hinke-Schaefer (SDC Corporation) Introduced operating system providing mandatory access control Integrity Lock Prototypes: Two Prototypes developed at MITRE using Ingres and Mistress relational database systems SeaView: Funded by Rome Air Development Center (RADC) (now Air Force Rome Laboratory) and used operating system providing mandatory access control and introduced polyinstation Lock Data Views (LDV) : Extended kernel approach developed by Honeywell and funded by RADC and investigated inference and aggregationOverview of MLS/DBMS Designs (Concluded): Overview of MLS/DBMS Designs (Concluded) ASD, ASD-Views: Developed by TRW based on the Trusted subject approach. ASD Views provided access control on views SDDBMS: Effort by Unisys funded by RADC and investigated the distributed approach SINTRA: Developed by Naval Research Laboratory based on the replicated distributed approach SWORD: Designed at the Defense Research Agency in the UK and there goal was not to have polyinstantiationSome MLS/DBMS Commercial Products Developed (late 1980s, early 1990s): Some MLS/DBMS Commercial Products Developed (late 1980s, early 1990s) Oracle (Trusted ORACLE7 and beyond): Hinke-Schafer and Trusted Subject based architectures Sybase (Secure SQL Server): Trusted subject ARC Professional Services Group (TRUDATA/SQLSentry): Integrity Lock Informix (Informix-On-LineSecure): Trusted Subject Digital Equipment Corporation (SERdb) (this group is now part of Oracle Corp): Trusted Subject InfoSystems Technology Inc. (Trusted RUBIX): Trusted Subject Teradata (DBC/1012): Secure Database Machine Ingres (Ingres Intelligent Database): Trusted SubjectSome Challenges: Inference Problem: Some Challenges: Inference Problem Inference is the process of forming conclusions from premises If the conclusions are unauthorized, it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified Association problem: attributes A and B taken together is Secret - individually they are UnclassifiedSome Challenges: Polyinstantiation: Some Challenges: Polyinstantiation Mechanism to avoid certain signaling channels Also supports cover stories Example: John and James have different salaries at different levelsSome Challenges: Covert Channel: Some Challenges: Covert Channel Database transactions manipulate data locks and covertly pass information Two transactions T1 and T2; T1 operates at Secret level and T2 operates at Unclassified level Relation R is classified at Unclassified level T1 obtains read lock on R and T2 obtains write lock on R T1 and T2 can manipulate when they request locks and signal one bit information for each attempt and over time T1 could covertly send sensitive information to T1Overview of MLS/DBMS Designs: Overview of MLS/DBMS Designs Hinke-Schaefer (SDC Corporation) Introduced operating system providing mandatory access control Integrity Lock Prototypes: Two Prototypes developed at MITRE using Ingres and Mistress relational database systems SeaView: Funded by Rome Air Development Center (RADC) (now Air Force Rome Laboratory) and used operating system providing mandatory access control and introduced polyinstation Lock Data Views (LDV) : Extended kernel approach developed by Honeywell and funded by RADC and investigated inference and aggregationOverview of MLS/DBMS Designs (Concluded): Overview of MLS/DBMS Designs (Concluded) ASD, ASD-Views: Developed by TRW based on the Trusted subject approach. ASD Views provided access control on views SDDBMS: Effort by Unisys funded by RADC and investigated the distributed approach SINTRA: Developed by Naval Research Laboratory based on the replicated distributed approach SWORD: Designed at the Defense Research Agency in the UK and there goal was not to have polyinstantiationSome MLS/DBMS Commercial Products Developed (late 1980s, early 1990s): Some MLS/DBMS Commercial Products Developed (late 1980s, early 1990s) Oracle (Trusted ORACLE7 and beyond): Hinke-Schafer and Trusted Subject based architectures Sybase (Secure SQL Server): Trusted subject ARC Professional Services Group (TRUDATA/SQLSentry): Integrity Lock Informix (Informix-On-LineSecure): Trusted Subject Digital Equipment Corporation (SERdb) (this group is now part of Oracle Corp): Trusted Subject InfoSystems Technology Inc. (Trusted RUBIX): Trusted Subject Teradata (DBC/1012): Secure Database Machine Ingres (Ingres Intelligent Database): Trusted SubjectSome Challenges: Inference Problem: Some Challenges: Inference Problem Inference is the process of forming conclusions from premises If the conclusions are unauthorized, it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified Association problem: attributes A and B taken together is Secret - individually they are UnclassifiedSome Challenges: Polyinstantiation: Some Challenges: Polyinstantiation Mechanism to avoid certain signaling channels Also supports cover stories Example: John and James have different salaries at different levelsSome Challenges: Covert Channel: Some Challenges: Covert Channel Database transactions manipulate data locks and covertly pass information Two transactions T1 and T2; T1 operates at Secret level and T2 operates at Unclassified level Relation R is classified at Unclassified level T1 obtains read lock on R and T2 obtains write lock on R T1 and T2 can manipulate when they request locks and signal one bit information for each attempt and over time T1 could covertly send sensitive information to T1Multilevel Secure Data Model: Classifying Databases: Multilevel Secure Data Model: Classifying Databases Multilevel Secure Data Model: Classifying Relations: Multilevel Secure Data Model: Classifying Relations Multilevel Secure Data Model: Classifying Attributes/Columns: Multilevel Secure Data Model: Classifying Attributes/Columns Multilevel Secure Data Model: Classifying Tuples/Rows: Multilevel Secure Data Model: Classifying Tuples/Rows Multilevel Secure Data Model: Classifying Elements: Multilevel Secure Data Model: Classifying Elements Multilevel Secure Data Model: Classifying Views: Multilevel Secure Data Model: Classifying Views Multilevel Secure Data Model: Classifying Metadata: Multilevel Secure Data Model: Classifying Metadata MLS/DBMS Functions Overview: MLS/DBMS Functions Overview MLS/DBMS Functions Secure Query Processing: MLS/DBMS Functions Secure Query Processing MLS/DBMS Functions Secure Transaction Management: MLS/DBMS Functions Secure Transaction Management MLS/DBMS Functions Secure Integrity Management: MLS/DBMS Functions Secure Integrity Management Status and Directions: Status and Directions MLS/DBMSs have been designed and developed for various kinds of database systems including object systems, deductive systems and distributed systems Provides an approach to host secure applications Can use the principles to design privacy preserving database systems Challenge is to host emerging secure applications including e-commerce and biometrics systems You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Lecture6 Miguel Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 711 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 30, 2007 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Data and Applications Security Developments and Directions: Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Multilevel Secure Database Management Systems January 31, and February 5, 2007 Outline: Outline What is an MLS/DBMS? Summary of Developments Challenges MLS/DBMS Designs and Prototypes Data Models and Functions Directions What is an MLS/DBMS?: What is an MLS/DBMS? Users are cleared at different security levels Data in the database is assigned different sensitivity levels--multilevel database Users share the multilevel database MLS/DBMS is the software that ensures that users only obtain information at or below their level In general, a user reads at or below his level and writes at his levelWhy MLS/DBMS?: Why MLS/DBMS? Operating systems control access to files; coarser grain of granularity Database stores relationships between data Content, Context, and Dynamic access control Traditional operating systems access control to files is not sufficient Need multilevel access control for DBMSsSummary of Developments : Summary of Developments Early Efforts 1975 – 1982; example: Hinke-Shafer approach Air Force Summer Study, 1982 Research Prototypes (Integrity Lock, SeaView, LDV, etc.); 1984 - Present Trusted Database Interpretation; published 1991 Commercial Products; 1988 - PresentAir Force Summer Study: Air Force Summer Study Air Force convened a summer study to investigate MLS/DBMS designs Then study was divided into three groups focusing on different aspects Group 1 investigated the Integrity Lock approach; Trusted subject approach and Distributed approach Group 2 investigated security for military messaging systems Group 3 focused on longer-term issues such as inference and aggregationOutcome of the Air Force Summer Study: Outcome of the Air Force Summer Study Report published in 1983 MITRE designed and developed systems based on Integrity Lock and Trust subject architectures 1984 - 1986 Rome Air Development Center (RADC, now Air Force Research Lab) funded efforts to examine long-term approaches; example: SeaView and LDV both intended to be A1 systems RADC also funded efforts to examine the distributed approach Several prototypes and products followedTDI: TDI Trusted Database Interpretation is the Interpretation of the Trusted Computer Systems Evaluation criteria to evaluate commercial products Classes C1, C2, B1, B2, B3, A1 and Beyond TCB (Trusted Computing Base Subsetting) for MAC, DAC, etc. (mandatory access control, discretionary access control) Companion documents for Inference and Aggregation, Auditing, etc. Taxonomy for MLS/DBMSs: Taxonomy for MLS/DBMSs Integrity Lock Architecture: Trusted Filter; Untrusted Back-end, Untrusted Front-end. Checksum is computed by the filter based on data content and security level. Checksum recomputed when data is retrieved. Operating Systems Providing Access Control/ Single Kernel: Multilevel data is partitioned into single level files. Operating system controls access to the filed Extended Kernel: Kernel extensions for functions such as inference and aggregation and constraint processing Trusted Subject: DBMS provides access control to its own data such as relations, tuples and attributes Distributed: Data is partitioned according to security levels; In the partitioned approach, data is not replicated and there is one DBMS per level. In the replicated approach lower level data is replicated at the higher level databasesIntegrity Lock: Integrity Lock Operating System Providing Mandatory Access Control: Operating System Providing Mandatory Access Control Extended Kernel: Extended Kernel Trusted Subject : Trusted Subject Distributed Approach - I: Distributed Approach - I Distributed Approach II: Distributed Approach II Overview of MLS/DBMS Designs: Overview of MLS/DBMS Designs Hinke-Schaefer (SDC Corporation) Introduced operating system providing mandatory access control Integrity Lock Prototypes: Two Prototypes developed at MITRE using Ingres and Mistress relational database systems SeaView: Funded by Rome Air Development Center (RADC) (now Air Force Rome Laboratory) and used operating system providing mandatory access control and introduced polyinstation Lock Data Views (LDV) : Extended kernel approach developed by Honeywell and funded by RADC and investigated inference and aggregationOverview of MLS/DBMS Designs (Concluded): Overview of MLS/DBMS Designs (Concluded) ASD, ASD-Views: Developed by TRW based on the Trusted subject approach. ASD Views provided access control on views SDDBMS: Effort by Unisys funded by RADC and investigated the distributed approach SINTRA: Developed by Naval Research Laboratory based on the replicated distributed approach SWORD: Designed at the Defense Research Agency in the UK and there goal was not to have polyinstantiationSome MLS/DBMS Commercial Products Developed (late 1980s, early 1990s): Some MLS/DBMS Commercial Products Developed (late 1980s, early 1990s) Oracle (Trusted ORACLE7 and beyond): Hinke-Schafer and Trusted Subject based architectures Sybase (Secure SQL Server): Trusted subject ARC Professional Services Group (TRUDATA/SQLSentry): Integrity Lock Informix (Informix-On-LineSecure): Trusted Subject Digital Equipment Corporation (SERdb) (this group is now part of Oracle Corp): Trusted Subject InfoSystems Technology Inc. (Trusted RUBIX): Trusted Subject Teradata (DBC/1012): Secure Database Machine Ingres (Ingres Intelligent Database): Trusted SubjectSome Challenges: Inference Problem: Some Challenges: Inference Problem Inference is the process of forming conclusions from premises If the conclusions are unauthorized, it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified Association problem: attributes A and B taken together is Secret - individually they are UnclassifiedSome Challenges: Polyinstantiation: Some Challenges: Polyinstantiation Mechanism to avoid certain signaling channels Also supports cover stories Example: John and James have different salaries at different levelsSome Challenges: Covert Channel: Some Challenges: Covert Channel Database transactions manipulate data locks and covertly pass information Two transactions T1 and T2; T1 operates at Secret level and T2 operates at Unclassified level Relation R is classified at Unclassified level T1 obtains read lock on R and T2 obtains write lock on R T1 and T2 can manipulate when they request locks and signal one bit information for each attempt and over time T1 could covertly send sensitive information to T1Overview of MLS/DBMS Designs: Overview of MLS/DBMS Designs Hinke-Schaefer (SDC Corporation) Introduced operating system providing mandatory access control Integrity Lock Prototypes: Two Prototypes developed at MITRE using Ingres and Mistress relational database systems SeaView: Funded by Rome Air Development Center (RADC) (now Air Force Rome Laboratory) and used operating system providing mandatory access control and introduced polyinstation Lock Data Views (LDV) : Extended kernel approach developed by Honeywell and funded by RADC and investigated inference and aggregationOverview of MLS/DBMS Designs (Concluded): Overview of MLS/DBMS Designs (Concluded) ASD, ASD-Views: Developed by TRW based on the Trusted subject approach. ASD Views provided access control on views SDDBMS: Effort by Unisys funded by RADC and investigated the distributed approach SINTRA: Developed by Naval Research Laboratory based on the replicated distributed approach SWORD: Designed at the Defense Research Agency in the UK and there goal was not to have polyinstantiationSome MLS/DBMS Commercial Products Developed (late 1980s, early 1990s): Some MLS/DBMS Commercial Products Developed (late 1980s, early 1990s) Oracle (Trusted ORACLE7 and beyond): Hinke-Schafer and Trusted Subject based architectures Sybase (Secure SQL Server): Trusted subject ARC Professional Services Group (TRUDATA/SQLSentry): Integrity Lock Informix (Informix-On-LineSecure): Trusted Subject Digital Equipment Corporation (SERdb) (this group is now part of Oracle Corp): Trusted Subject InfoSystems Technology Inc. (Trusted RUBIX): Trusted Subject Teradata (DBC/1012): Secure Database Machine Ingres (Ingres Intelligent Database): Trusted SubjectSome Challenges: Inference Problem: Some Challenges: Inference Problem Inference is the process of forming conclusions from premises If the conclusions are unauthorized, it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified Association problem: attributes A and B taken together is Secret - individually they are UnclassifiedSome Challenges: Polyinstantiation: Some Challenges: Polyinstantiation Mechanism to avoid certain signaling channels Also supports cover stories Example: John and James have different salaries at different levelsSome Challenges: Covert Channel: Some Challenges: Covert Channel Database transactions manipulate data locks and covertly pass information Two transactions T1 and T2; T1 operates at Secret level and T2 operates at Unclassified level Relation R is classified at Unclassified level T1 obtains read lock on R and T2 obtains write lock on R T1 and T2 can manipulate when they request locks and signal one bit information for each attempt and over time T1 could covertly send sensitive information to T1Multilevel Secure Data Model: Classifying Databases: Multilevel Secure Data Model: Classifying Databases Multilevel Secure Data Model: Classifying Relations: Multilevel Secure Data Model: Classifying Relations Multilevel Secure Data Model: Classifying Attributes/Columns: Multilevel Secure Data Model: Classifying Attributes/Columns Multilevel Secure Data Model: Classifying Tuples/Rows: Multilevel Secure Data Model: Classifying Tuples/Rows Multilevel Secure Data Model: Classifying Elements: Multilevel Secure Data Model: Classifying Elements Multilevel Secure Data Model: Classifying Views: Multilevel Secure Data Model: Classifying Views Multilevel Secure Data Model: Classifying Metadata: Multilevel Secure Data Model: Classifying Metadata MLS/DBMS Functions Overview: MLS/DBMS Functions Overview MLS/DBMS Functions Secure Query Processing: MLS/DBMS Functions Secure Query Processing MLS/DBMS Functions Secure Transaction Management: MLS/DBMS Functions Secure Transaction Management MLS/DBMS Functions Secure Integrity Management: MLS/DBMS Functions Secure Integrity Management Status and Directions: Status and Directions MLS/DBMSs have been designed and developed for various kinds of database systems including object systems, deductive systems and distributed systems Provides an approach to host secure applications Can use the principles to design privacy preserving database systems Challenge is to host emerging secure applications including e-commerce and biometrics systems