Research report

gunnala

Ch07Databases.pptx

Home >Computer Science homework help >Research report

Security in Computing, Fifth Edition

Chapter 7: Databases

Objectives for Chapter 7

Basic database terminology and concepts

Security requirements for databases

Implementing access controls in databases

Protecting sensitive data

Data mining and big data

Database Terms

Database (DB)

Database administrator (DBA)

Database management system (DBMS)

Table

Record

Field/element

Schema

Subschema

Attribute

Relation

Database: A collection of data and a set of rules that organize the data by specifying certain relationships among the data

Database administrator: Person who defines the rules that organize the data and controls who should have access to what parts of the data

Database management system: The system through which users interact with the database

Record: One related group of data

Field/element: Elementary data items that make up a record (e.g., name, address, city)

Schema: Logical structure of a database

Subschema: The portion of a database a given user has access to

Attribute: A column in a database

Relation: A set of database columns

Database Terms

DB: A collection of data and a set of rules that organize the data by specifying certain relationships among the data

DBA: Person who defines the rules that organize the data and controls who should have access to what parts of the data

DBMS: The system through which users interact with the database

Table: A collection of records

Record: One related group of data

Field/element: Elementary data items that make up a record (e.g., name, address, city)

Schema: Logical structure of a database

Subschema: The portion of a database a given user has access to

Attribute: A column in a database

Relation: A set of database columns

Database Example

A database with three tables

Database Example

A database with three tables

Schema Example

The schema of the database from the previous slide

Queries

A query is a command that tells the database to retrieve, modify, add, or delete a field or record

The most common database query language is SQL

Example SQL Query

SELECT ZIP=‘43210’

Where do we find databases?

This is a good time to encourage students to think about places databases are commonly used and all the purposes they may be used for. Examples such as banks, large retailers, and law enforcement quickly make clear why all of these requirements are critically important. We’ve already discussed many of the ways these requirements are achieved in previous chapters, but the remainder of this chapter covers special considerations for databases.

Where do we find databases?

Purpose and Use

Where do we find databases?

Purpose and Use

CIA

Reliability and Integrity

Reliability: in the context of databases, reliability is the ability to run for long periods without failing

Database integrity: concern that the database as a whole is protected against damage

Element integrity: concern that the value of a specific data element is written or changed only by authorized users

Element accuracy: concern that only correct values are written into the elements of a database

Two-Phase Update (2PC)

Phase 1: Intent

DBMS does everything it can, other than making changes to the database, to prepare for the update

Collects records, opens files, locks out users, makes calculations

DBMS checks commit flag to the database

Phase 2: Commit

DBS sets commit flag in the database

DBMS completes all write operations

DBMS removes the commit flag

If the DBMS fails during either phase 1 or phase 2, it can be restarted and repeat that phase without causing harm

Solution to the concern that the database system would fail in the middle of an update, leaving the database in a partially updated and inconsistent state.

Other Database Security Concerns

Error detection and correction codes to protect data integrity

For recovery purposes, a database can maintain a change log, allowing it to repeat changes as necessary when recovering from failure

Databases use locks and atomic operations to maintain consistency

Writes are treated as atomic operations (atomicity = all or nothing)

Records are locked during write so they cannot be read in a partially updated state

Sensitive Data (Confidentiality)

Inherently sensitive

Passwords, locations of weapons

From a sensitive source

Confidential informant

Declared sensitive

Classified document, name of an anonymous donor

Part of a sensitive attribute or record

Salary attribute in an employment database

Sensitive in relation to previously disclosed information

An encrypted file combined with the password to open it

Types of Disclosures

Exact data (payroll)

Bounds (protect or present)

Negative result (not 0 or not honors)

Existence

Probable value (management survey)

Direct inference

Inference by arithmetic

Aggregation

Hidden data attributes

File tags

Geotags

It is important to understand both the range of possible contents of each attribute and the data available to potential attackers in order to apply the appropriate protection mechanisms.

Keeping records from being dumped out of the database is not sufficient to actually prevent disclosure. There are many ways to deduce the content of a database listed on this slide, and all of them must be considered when protecting sensitive database information. It is important to understand both the range of possible contents of each attribute and the data available to potential attackers in order to apply the appropriate protection mechanisms.

Preventing Disclosure

Suppress obviously sensitive information – restricts usefulness of database

Keep track of what each user knows based on past queries – expensive and not fool proof

Disguise the data – exact value hard to discern

Security vs. Precision

Precise, complete, and consistent responses to queries against sensitive information make it more likely that the sensitive information will be disclosed.

Suppression Techniques

Limited response suppression

Eliminates certain low-frequency elements from being displayed

Combined results

Ranges, rounding, sums, averages

Random sample

Blocking small sample sizes

Random data perturbation

Randomly add or subtract a small error value to/from actual values

Swapping

Randomly swapping values for individual records while keeping statistical results the same

Less complex data makes for simpler inference and therefore is more likely to require suppression. The disclosure prevention must be balanced against the database requirements, as the loss of precision and completeness may make the database unusable.

Data Mining

Data mining uses statistics, machine learning, mathematical models, pattern recognition, and other techniques to discover patterns and relations on large datasets

The size and value of the datasets present an important security and privacy challenge, as the consequences of disclosure are naturally high

Data Mining Challenges

Correcting mistakes in data

Preserving privacy

Granular access control

Secure data storage

Transaction logs

Real-time security monitoring

These remain open challenges, though some are partially solved or are solved in certain data mining packages. Access control, for instance, can often be performed in a coarse way. Correcting mistakes is a problem because data is often moved to more databases before the original database can be corrected—if the need for correction is ever discovered. Data storage is an issue because data may be collected globally and through cloud providers, where security details are largely unknown to users. As data mining platforms evolve, these features will mature.

Summary

Database security requirements include:

Physical integrity

Logical integrity

Element integrity

Auditability

Access control

User authentication

Availability

There are many subtle ways for sensitive data to be inadvertently disclosed, and there is no single answer for prevention

Research report

image2.png

image3.emf

image4.png

image5.png

image6.emf