Outline Database Security: Research � Motivation and Practice � Access Control � Multilevel Relational Data Model � Concurrency and Object Oriented Elisa Bertino, Sushil Jajodia and issues Pierangela Samarati � Conclusions Presented By: Mike Wood Protection System Why not just a firewall? Components � Authentication � Not immune to penetration � confirm user identity � Insider attacks � Access Control � Protect resources based on user identity � Defense-In-Depth - a security design � Encryption principle � Communication and data privacy / integrity � All non-trivial, but focus on AC Outline Access Control � Motivation � Subjects == users � Access Control � Objects == resources � Multilevel Relational Data Model � Files, tables, subjects � Concurrency and Object Oriented issues � AC governs a subject’s access to objects � Conclusions 1
Discretionary Access Control DAC extensions � Users grant authorizations to other � Groups - similar to roles users for access to objects � Non cascading revoke � Centralized � Negative authorizations � Ownership based � Enriched semantics for auth. override � Decentralized � Strong overrides weak � Key advantage: flexibility � Specific weak overrides general weak � Key disadvantage: flexibility Mandatory Access Control MAC - categories � Ordered classes � Example categories = { Ace, Bar } � Top Secret > Secret > Confidential … � Subjects and objects assigned a class � No read-up � Subject can only read objects of the same or lower class � No write-down � Subject can only write objects of the same or higher class Group discussion Outline 1. As explained in the paper access classes � Motivation can be associated to: � Access Control � a relation as a whole � Multilevel Relational Data Model � individual tuples � individual attributes � Concurrency and Object Oriented � individual elements(attribute values ) issues � If you were to choose what kind of association would you choose and what are � Conclusions some of the factors that will influence your choice? 2
Multilevel Relational Model Multilevel Relation Example � Idea: use MAC for AC on data � Attribute and tuple granularity � Assign a class to the tuple and each attribute in the tuple Attribute Tuple Classifications Classification Multilevel Relation Constraints Polyinstantiation � Problem: tuples with same key data, but � No access to a value: appear as NULL different classifications � Entity integrity � Solution: keep multiple instances � Attributes for PK must be uniformly classified � Non-key attribute classification must dominate key attribute classification High tuple Low tuple Invisible Polyinstantiation Visible Polyinstantiation � Low inserts a tuple � High inserts a tuple � Visible b/c High can read Low tuples � Avoids signaling channels � High blocks Low � Avoids denial of service � Avoids integrity issue � Low blocks High � Low deletes High � Avoids signaling channel � High deletes Low 3
Group Discussion Outline � Motivation 2.The assignments of access classes to � Access Control attributes values introduces the notion of multilevel relations . � Multilevel Relational Data Model The question is � Concurrency and Object Oriented � Why would people want multilevel relations or issues polyinstantiations? � Conclusions � Can you name a scenario in which they would work particularly well or poorly? Concurrency Issues Discussion � The paper introduced different and quite � Signaling channels with co-operative sophisticated authorization models (negative transactions authorization, temporal authorization, or � High transaction modulates abort of Low authorization with exceptions). transaction � My question is how feasible is to implement � delay time = signal such models in the industry? What are some techniques that might help to reduce the cost of those algorithms? Discussion Object Oriented Issues � As discussed, OODB is dead, so who Although lots of work in security is done we all have witnessed how vulnerable the databases and especially web-databases cares… are to malicious attackers. (example recently hackers accessing over 8 million credit card numbers) Why is that happening ? � - Is it because the database systems are not secure enough, � - Is it because the people administrating db are not capable � enough to implement security practices. -or is it because of a lack of collaboration between different � parts in the process. 4
Outline Conclusions & Future Work � Motivation � No real wrap up � Access Control � Multilevel Relational Data Model � Future work � Temporal constraints � Concurrency and Object Oriented issues � RBAC and Separation of Duty � Derived authorizations � Conclusions � Administration and audit tools 5
Recommend
More recommend
