CSC 474/574 Information Systems Security

Transcription

1 omputer cience 474/574 Information ystems ecurity Topic 7.1: DA and MA in Databases 474/574 Dr. Peng Ning 1 Outline DA in DBM Grant and revoke View MA in DBM omputer cience 474/574 Dr. Peng Ning 2 1

2 DA in DBM Based on Granting and Revoking of privileges. Types of Discretionary Privileges Account level privileges Independent of database content Example: GRANT REATETAB TO Alice; Relation level privileges Based on Access Matrix Model Related to the database content Our focus omputer cience 474/574 Dr. Peng Ning 3 DA in DBM (ont d) Relation level privileges Each relation is assigned an owner account. The owner of a relation can give privileges on the relation to other users (grant). The privileges may be further propagated. The owner can take back privileges (revoke). omputer cience 474/574 Dr. Peng Ning 4 2

3 Examples GRANT INERT, DELETE ON EMPLOYEE, DEPARTMENT TO Alice GRANT ELET ON EMPLOYEE TO BOB WITH GRANT OPTION REVOKE ELET ON EMPLOYEE FROM Bob GRANT ELET ON EMPLOYEE(ALARY) TO Bob omputer cience 474/574 Dr. Peng Ning 5 View View mechanism Restrict access only to selected attributes and tuples. Example: REATE VIEW Researchers A ELET Name, Bdate, Address FROM Employee WHERE Department= Research GRANT ELET ON Researchers TO Bob omputer cience 474/574 Dr. Peng Ning 6 3

4 MA in DBM Attribute values and tuples are considered as objects. Each attribute A is associated with a classification attribute (the label) In some models, a tuple classification attribute T is added to the relation. Example: Employee (N, Name,alary, Performance) Employee (N, N, Name, Name, alary, alary, Performance, Performance, T) uch a relation is called a multi-level relation. omputer cience 474/574 Dr. Peng Ning 7 Employee N Name N alary Performance P T mith Fair Brown Good Employee (What class users see) N Name N mith alary Performance P T Brown Good Employee (What class users see) N Name N alary Performance P T mith omputer cience 474/574 Dr. Peng Ning 8 4

5 MA in DBM (ont d) Employee (N, N, Name, Name, BDate, BDate, alary, alary, T) Primary key: The set of attributes that can uniquely identify each tuple. Apparent key: The set of attributes that would have formed the primary key in a regular (single-level) relation. omputer cience 474/574 Dr. Peng Ning 9 Polyinstantiation everal tuples can have the same apparent key value but have different attribute values for users at different classification levels. hipid M T T omputer cience 474/574 Dr. Peng Ning 10 5

6 Is this possible? hipid M T T What could be the real key? omputer cience 474/574 Dr. Peng Ning 11 What if? hipid M T T explore What could be the real key? omputer cience 474/574 Dr. Peng Ning 12 6

7 hipid M T T lass user sees hipid M T T lass user: PDATE ET =, = WHERE hipid = omputer cience 474/574 Dr. Peng Ning 13 After pdate hipid M T T What should be returned to a class user? How about a class user? What is the general method? omputer cience 474/574 Dr. Peng Ning 14 7

8 hipid M T T What to return to lass user? omputer cience 474/574 Dr. Peng Ning 15 hipid M T T What to return to lass user? omputer cience 474/574 Dr. Peng Ning 16 8

9 Integrity onstraints for Multi-level relations Entity integrity All attributes that are members of the apparent key must not be null and must have the same security class. All other attribute values in the tuple must have a security class greater than or equal to that of the apparent key Purpose: make the retrieved information meaningful. integrity If a tuple value at some security level can be derived from a higher-level tuple, then it s sufficient to store the higherlevel tuple. Purpose: Reduce redundancy omputer cience 474/574 Dr. Peng Ning 17 9