Database Security. Professor Sushil Jajodia George Mason University
|
|
- Polly Powers
- 5 years ago
- Views:
Transcription
1 Database Security Professor Sushil Jajodia Geore Mason University Discretionary Access Controls Users can protect what they own. The owner may rant access to others. The owner may define the type of access (read/write/execute) iven to others. Pae 1
2 Access Control Mechanisms Identification and Authentication (I&A) Security throuh Views Stored Procedures Grant and Revoke Query Modification Identification and Authentication I&A provided by DBMS can be distinct from I&A provided by the underlyin OS For example, in SQL/DS, CONNECT <user> IDENTIFIED BY <password> Pae 2
3 Security Throuh Views EMP NAME DEPT SALARY MANAGER Smith Toy 10,000 Jones Jones Toy 15,000 Baker Baker Admin 40,000 Hardin Adams Candy 20,000 Hardin Hardin Admin 50,000 None Example CREATE VIEW TOY_DEPT AS SELECT NAME, SALARY, MANAGER FROM EMP WHERE DEPT = 'Toy' TOY_DEPT NAME SALARY MANAGER Smith 10,000 Jones Jones 15,000 Baker Pae 3
4 Example CREATE VIEW TOY_EMP_MGR AS SELECT EMP, MANAGER FROM EMP WHERE DEPT = 'Toy' TOY_EMP_MGR NAME Smith Jones MANAGER Jones Baker Example CREATE VIEW AVSAL(DEPT, AVG) AS SELECT DEPT, AVG(SALARY) FROM EMP GROUP BY DEPT Pae 4
5 Stored Procedures Some systems allow for compilin a proram first and then executin it later. The user who compiles a proram becomes the owner of the proram, and ives others execute privilee usin the RUN command GRANT RUN ON proram_a TO JAJODIA Suppose proram_a needs to access the relation EMP. Jajodia can execute proram_a even thouh he does not have permission to access EMP The Grant Command GRANT <privilee> ON <relation> TO <users> [WITH GRANT OPTION] GRANT SELECT ON EMP TO JAJODIA GRANT SELECT ON EMP TO JAJODIA WITH GRANT OPTION GRANT SELECT, UPDATE(SALARY) ON EMP TO JIM, JILL GRANT ALL PRIVILEGES ON EMP TO SMITH GRANT SELECT(NAME,DEPT) ON EMP TO PUBLIC The GRANT command applies to base relations as well as views Pae 5
6 The Revoke Command REVOKE <privilees> [ON <relations>] FROM <users> REVOKE SELECT ON EMP FROM JAJODIA REVOKE UPDATE ON EMP FROM SMITH REVOKE RESOURCE FROM ABRAMS REVOKE DBA FROM SMITH CASCADE Timestamped Authorizations 10 B E A D 20 C F Pae 6
7 Cascadin Revocation Grant sequence: A B C D B revokes privilee from C : A 10 B Timestamps Make a Difference 10 B E A D 20 C F Pae 7
8 Timestamps Make a Difference 10 B E A D 20 C F Nontimestamped Authorizations B E A D C F Pae 8
9 Cascadin Revocation Grant sequence: A B C D B revokes privilee from C : A B Revoke Operation Under Nontimestamped Model B E A D C F Pae 9
10 Query Modification JAJODIA: GRANT SELECT ON EMP TO THOMAS WHERE SALARY < THOMAS: SELECT * FROM EMP DBMS: SELECT * FROM EMP WHERE SALARY < Note: Note: Althouh we we can can accomplish this this throuh views, there there are are sinificant differences Limitations Many views cannot be updated Neative authorization is not possible It is enerally difficult to determine who has access to what (THE SAFETY PROBLEM) Cannot withstand sophisticated attacks Pae 10
11 MODES OF OPERATION SYSTEM HIGH MULTILEVEL SYSTEM HIGH DBMS'S All users are cleared to the hihest level of data stored in the database All outoin data below system hih must be scrutinized manually by a qualified human uard prior to its release Pae 11
12 SYSTEM HIGH DBMS'S DATA PEOPLE HIGH LOW HIGH SECURITY PERIMETER SYSTEM HIGH DBMS'S DATA PEOPLE HIGH LOW LOW GUARD HIGH SECURITY PERIMETER Pae 12
13 SYSTEM HIGH DBMS'S ADVANTAGES Existin DBMS's can be used with no chane DISADVANTAGES Cost of clearance procedure investiation costs opportunity costs Increased security risk due to more people bein cleared at hiher levels Manual review of low data released from the system costly, slow does a "human in the loop" make it secure? Multilevel Secure Relational Model: Issues Granularity of Protection - In operatin systems, protected objects are files. - In databases, there are several possibilities: relations, attributes, tuples, data elements. Which of these should a DBMS implement? Relation level is easier to implement, but may be too inflexible. Data element level aravates many problems (such as polyinstantiation). Pae 13
14 Relation-Level Granularity A SECRET USER SEES: Starship Objective Destination Enterprise Exploration Talos Voyaer Spyin Mars AN UNCLASSIFIED USER SEES: Starship Objective Destination Enterprise Exploration Talos Voyaer Exploration Talos It It is is difficult to to relate the the two two instances. If If the the U-user chanes the the destination of of Enterprise to to Mars, should a chane be be made to to the the Secret instance as as well? Attribute-Level Granularity A SECRET USER SEES: Starship U Objective C Destination S Enterprise Exploration Talos Voyaer Spyin Mars Values for for each attribute are are all all visible at at some level (and above). We We cannot model an an application where some starships, but but not not all, all, are are unclassified. Pae 14
15 Tuple-Level Granularity A SECRET USER SEES: Starship Objective Destination TL Enterprise Exploration Talos U Voyaer Spyin Mars S AN UNCLASSIFIED USER SEES: Starship Objective Destination TL Enterprise Exploration Talos U We We cannot model an an application where the the destination of of Enterprise is is Secret and, therefore, invisible to to U- U- user Element-Level Granularity A SECRET USER SEES: Starship Objective Destination Enterprise U Exploration U Talos U Voyaer U Spyin S Mars S AN UNCLASSIFIED USER SEES: Starship Objective Destination Enterprise U Exploration U Talos U Voyaer U Null U Null U We We have maximum modelin flexibility, but but we we compound the the polyinstantiation problem. Pae 15
16 Write Ups Althouh BLP permits write ups, DBMSs ususally permit a subject to write at its level only Usually a subject requires special privilees to be able to write up Trusted Subjects Not all subjects abide by the two BLP restrictions. Some subjects (called trusted subject) have special privilees that permit them to bypass certain MAC controls For example,trusted Oracle permits these special privilees: READUP which allows subjects to read data at hiher access classes WRITEUP which allows subjects to write data at hiher access classes WRITEDOWN which allows subjects to write data at lower access classes Pae 16
17 Polyinstantiation What is polyinstantiation? How does polyinstantiation occur? Primary Key in Classical Relations X is a primary key of a relation scheme R if any relation r for R at all times satisfies: Uniqueness Property r does not contain two distinct tuples with the same values for X. Minimality Property No proper subset Y of X satisfies the uniqueness property. Pae 17
18 Example Allowed: Starship Objective Destination Enterprise Exploration Talos Voyaer Exploration Talos Not Allowed: Starship Objective Destination Enterprise Exploration Talos Enterprise Spyin Mars Polyinstantiation with Tuple Labelin S-instance: Starship Objective Destination TL Enterprise Exploration Talos U Enterprise Spyin Mars S Questions: How many starships are there? What are the real objective and destination of Enterprise? Pae 18
19 Polyinstantiation Due to Low Users S-instance: Starship Objective Destination Enterprise Exploration Talos U Voyaer Spyin Mars S U-instance: Starship Objective Destination Enterprise Exploration Talos U U-user: Insert (Voyaer, Exploration, Mars). Refuse Update Downward covert channel Accept Update: 1) Overwrite hih data May lead to serious interity problems 2) Do not overwrite hih data Show the hih user both tuples The 2nd option leads to entity polyinstantiation Polyinstantiation Due to Hih Users U-instance: Starship Objective Destination Enterprise Exploration Talos U S-user: Insert (Enterprise, Exploration, Mars). Refuse Update Denial of Service Accept Update Tuple Polyinstantiation Pae 19
20 References S. Jajodia, R. S. Sandhu, B. T. Blaustein, Solutions to the Polyinstantiation Problem, In Information Security: An Interated Collection of Essays, M. Abrams, S. Jajodia, H. Podell, eds., IEEE Computer Society, Evaluated DBMS Products Sybase SQL and SQL Secure Servers Evaluations in process (March 20, 1995) with two candidate classes SQL Server--C2; SQL Secure Server--B1 INFORMIX-OnLine/Secure TCSEC C2/B1 RAMP November 1994, ITSEC E3 April 1995 Oracle7/Trusted Oracle7 TCSEC C2/B1 April 1994, ITSEC E3 September 1994 Pae 20
21 Evaluated DBMS Products INGRES/Enhanced Security ITSEC E3 May 1993 Provides ANSI DAC & MAC Open INGRES/Intellient Database In ITSEC evaluation at E3 Provides ANSI DAC ADABASE ITSEC E1 May 1993 Only on VAX/VMS 5.4 and above [Trusted] Oracle7 EVALUATED PRODUCT: [Trusted] Oracle7 VENDOR: Oracle Corporation RELEASE: with the Procedural Option DATE: 5 April 1994 TCSEC EVALUATION CLASS: [B1]/C2 ITSEC EVALUATION: E3 OS PLATFORM: HP-UX BLS Anticipated that ports to additional platforms will be evaluated under RAMP Pae 21
22 Trusted Oracle Version 7.0 Trusted Oracle can be confiured in DBMS MAC mode OS MAC mode TCB in Trusted Oracle is layered into two TCBs: OS TCB DBMS TCB The way MAC is enforced depends on the mode In DBMS MAC mode, DBMS TCB is responsible for labelin DBMS objects and enforcin MAC on DBMS objects In OS MAC mode, OS TCB is responsible for labelin DBMS objects and enforcin MAC on DBMS objects DBMS MAC Mode Architecture MAC is enforced throuh a trusted subject architecture DBMS runs as a trusted subject with OS MAC privilees OS TCB enforces MAC only on OS storae objects and DAC on OS named objects DBMS TCB enforces MAC on database storae objects (tuples of a relation) and DAC on database named objects (tables and views) Pae 22
23 Polyinstantiation in DBMS MAC Mode Two types of interity constraints can be specified on tables UNIQUE key interity constraint ensures that each value in a column or a set of columns is unique PRIMARY key interity constraint ensures, in addition to uniqueness, ensures that the values are not null Different Options for Enforcin Uniqueness Enforce these constraints (hence no polyinstantiation) and audit the covert channel Audit all insertions (successful and unsuccessful) Audit all SQL statements that return an Oracle messae because the specified structure or object already exists Make the rowlabel column part of the unique key (hence no covert channel) Thus, the table will have polyinstantiation. If it is necessary to maintain uniqueness, you must periodically eliminate the duplicate values. Use a sinle, multilevel sequence as a default value for the unique or primary key column (note that this sequence may introduce a covert channel) Use a separate sequence at each security label as a default value for the unique or primary key column Pae 23
24 Advantaes of DBMS MAC Mode Ease of administration Simpler multilevel application development Ability to enforce data interity across multiple levels Superior performance when applications require data at several levels simultaneously OS MAC Mode Architecture There is a separate database for each security level There is communication between these databases so users at hiher levels can read data at lower levels In OS MAC mode, MAC is enforced throuh a kernelized (aka TCB subset) architecture A database named object is stored as one or more sinle-level OS files OS TCB is responsible for labelin these OS files and enforcin MAC and DAC on them DBMS subjects must comply with the OS security policy DBMS TCB is responsible for DAC on database named objects Pae 24
25 Polyinstantiation in OS MAC Mode It is not possible to define multilevel UNIQUE or PRIMARY key interity constraints (since OS MAC mode prohibits the ability to read rows at hiher security labels) Thus, the only option is to use sequences Advantaes of OS MAC Mode Can be as secure as the underlyin OS with respect to the MAC Sinle level applications do not suffer from any performance penalty Will also perform well if the number of data levels is small Archival and storae media are sinle-level Pae 25
26 [Trusted] Oracle7 Audit Employs OS I&A mechanism Provides a hihly confiurable set of auditin capabilities Ability to selectively audit very specific operations Application specific auditin implemented usin Oracle7 triers Oracle (Unevaluated) Security Features Secure Network Services Add-on packae to Oracle SQL Net connectivity software Provides comprehensive, reliable and transparent data security Based on technoloy licensed from RSA Data Security, Inc. Adds full datastream encryption and interity checkin Announced May 2, 1995: Areements with Banyan Systems Inc., Bull Worldwide Information Systems, CyberSAFE Corporation, ICL Enterprises, Identix and Security Dynamics Centralized authentication servers based on Kerberos and SESAME SecurID Card Sinle sin-on to heteroeneous environments Finerprint identity verification Pae 26
Database Security Overview. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Database Security Overview Murat Kantarcioglu Topics The access control model of System R Extensions to the System R model Views and content-based
More informationFOREWARD. Keith F. Brewster May 1996 Acting Chief, Partnerships and Processes
NCSC TECHNICAL REPORT - 005 Volume 5/5 Library No. S-243,039 FOREWARD This report is the fifth of five companion documents to the Trusted Database Management System interpretation of the Trusted Computer
More informationMultilevel relations: Schema and multiple instances based on each access class. A multilevel relation consists of two parts:
The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application of mandatory policies in relational database systems. Based on the sec classifications introduced in BLP. It extends the
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationAccess Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationAccess Control. Protects against accidental and malicious threats by
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationInstructor: Jinze Liu. Fall 2008
Instructor: Jinze Liu Fall 2008 http://www.securityfocus.com/news/11455 Jinze Liu @ University of Kentucky 9/22/2008 2 Source: http://www.gocsi.com/ Database Security - Farkas 3 Almost all corporate/organizational
More informationCOSC 304 Introduction to Database Systems. Views and Security. Dr. Ramon Lawrence University of British Columbia Okanagan
COSC 304 Introduction to Database Systems Views and Security Dr. Ramon Lawrence University of British Columbia Okanagan ramon.lawrence@ubc.ca Views A view is a named query that is defined in the database.
More informationMandatory Access Control
Mandatory Access Control 1 DAC and Trojan Horse Brown: read, write Employee Brown Read Employee REJECTED! Black is not allowed To access Employee Black, Brown: read, write Black s Employee Black 2 1 DAC
More informationDATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security
DATABASE SECURITY AND PRIVACY Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security Database Security Protect Sensitive Data from Unauthorized
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationCSC 405 Introduction to Computer Security
S 405 Introduction to omputer Security Topic 6. atabase Security S 405 r. Peng Ning 1 genda iscretionary access control in MS Mandatory access control and multi-level databases atabase inference control
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationDatabase Security Lecture 10
Database Security Lecture 10 Database security Grant-Revoke Model Elisa Bertino bertino@cs.purdue.edu Access Control in Commercial DBMSs Most commercial systems adopt DAC Current discretionary authorization
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication, Authorization, Audit AAA
More informationViews. COSC 304 Introduction to Database Systems. Views and Security. Creating Views. Views Example. Removing Views.
COSC 304 Introduction to Database Systems Views and Security Dr. Ramon Lawrence University of British Columbia Okanagan ramon.lawrence@ubc.ca Views A view is a named query that is defined in the database.
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 2 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication Ravi Sandhu 2 Authentication,
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationDatabase Management System 9
Database Management System 9 School of Computer Engineering, KIIT University 9.1 Relational data model is the primary data model for commercial data- processing applications A relational database consists
More informationThe Relational Model. Why Study the Relational Model? Relational Database: Definitions
The Relational Model Database Management Systems, R. Ramakrishnan and J. Gehrke 1 Why Study the Relational Model? Most widely used model. Vendors: IBM, Microsoft, Oracle, Sybase, etc. Legacy systems in
More informationHIPAA Privacy and Security. Richard Wark Product Technologist - Security Technologies
HIPAA Privacy and Security Richard Wark Product Technologist - Security Technologies Nothing is more private than someone's medical or psychiatric records. And, therefore, if we are to make freedom fully
More informationINSE 6160 Database Security and Privacy
INSE 6160 Database Security and Privacy Discretionary Access Control in DBMS Prof. Lingyu Wang 1 Outline Grant Revoke Model Meta-Policy and FAF Security By Views 2 Grant-Revoke Grant-Revoke Model (Griffith&Wade
More informationCS419 Spring Computer Security. Vinod Ganapathy Lecture 15. Chapter 5: Database security
CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 15 Chapter 5: Database security Database Security Relational Databases constructed from tables of data each column holds a particular type of
More informationMULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE
MULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE CHAPTER 8 Addressing security demands under fixed budgets and deadline constraints are becoming extremely challenging, time consuming and resource
More informationCCM 4350 Week 22. Security Architecture and Engineering. Dr A. Lasebae School of Science and Technology CCM4350 1
CCM 4350 Week 22 Security Architecture and Engineering Dr A. Lasebae School of Science and Technology CCM4350 1 Security Evaluation CCM4350 2 Security Evaluation How do you get assurance that your computer
More informationUnit 5.2b - Security 1. Security. Unit 5.2b
Security Unit 5.2b Unit 5.2b - Security 1 Security Database Security involves protection against: unauthorised disclosures alteration destruction The protection which security gives is usually directed
More informationComputer Security. Access control. 5 October 2017
Computer Security Access control 5 October 2017 Policy and mechanism A security policy is a statement of what is, and what is not, allowed. A security mechanism is a method, tool or procedure for enforcing
More informationCHAPTER 5 SECURITY ADVANCED DATABASE SYSTEMS. Assist. Prof. Dr. Volkan TUNALI
CHAPTER 5 SECURITY ADVANCED DATABASE SYSTEMS Assist. Prof. Dr. Volkan TUNALI Topics 2 Introduction Discretionary Access Control Mandatory Access Control Statistical Databases Data Encryption SQL Facilities
More informationLecture 15 Designing Trusted Operating Systems
Lecture 15 Designing Trusted Operating Systems Thierry Sans 15-349: Introduction to Computer and Network Security Anatomy of an operating system Concept of Kernel Definition Component that provides an
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 5 Database Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Database Security 2 Relational Databases constructed
More informationq Ø v v v v v v v v IBM - 2
4 q Ø v v v v v v v v 2007 - -IBM - 2 Ø Ø security integrity 2007 - -IBM - 3 4.1 4.1.1 4.1.2 4.1.3 4.1.4 SQL 2007 - -IBM - 4 4.1.1 Ø database security v v DBMS v v v secure database trusted database 2007
More informationChapter 18: Evaluating Systems
Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation Criteria FIPS 140 Common Criteria SSE-CMM Slide #18-1 Overview Goals Why evaluate? Evaluation criteria TCSEC (aka Orange Book) FIPS
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationA Flexible Integration Strategy for In-Car Telematics Systems
A Flexible Interation Stratey for In-Car Telematics Systems Thomas Bauer Jens Herrmann Peter Liesmeyer Christopher Robinson-Mallett University of Potsdam Hasso-Plattner-Institute thomas.bauer @hpi.uni-potsdam.de
More informationRelational Data Structure and Concepts. Structured Query Language (Part 1) The Entity Integrity Rules. Relational Data Structure and Concepts
Relational Data Structure and Concepts Structured Query Language (Part 1) Two-dimensional tables whose attributes values are atomic. At every row-and-column position within the table, there always exists
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationForeScout CounterACT. Configuration Guide. Version 4.3
ForeScout CounterACT Authentication Module: RADIUS Plugin Version 4.3 Table of Contents Overview... 4 Understanding the 802.1X Protocol... 4 About the CounterACT RADIUS Plugin... 6 IPv6 Support... 7 About
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More informationDatabase Systems ( 資料庫系統 )
Database Systems ( 資料庫系統 ) 9.28.2011 Lecture #3 1 Course Administration Please download HW #1 from course homepage It is due 10/12/2011. This lecture: R&G Chapter 3 Next week reading: R&G Chapter 41~ 4.1
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationThe Relational Model. Chapter 3
The Relational Model Chapter 3 Why Study the Relational Model? Most widely used model. Systems: IBM DB2, Informix, Microsoft (Access and SQL Server), Oracle, Sybase, MySQL, etc. Legacy systems in older
More informationNetworks and security Data bases
Networks and security Data bases Networks Concepts Threats Controls Firewalls Protocols A protocol abstracts the communication to a higher level. A layered architecture, a so called protocol stack is used:
More informationA7-R3: INTRODUCTION TO DATABASE MANAGEMENT SYSTEMS
A7-R3: INTRODUCTION TO DATABASE MANAGEMENT SYSTEMS NOTE: 1. There are TWO PARTS in this Module/Paper. PART ONE contains FOUR questions and PART TWO contains FIVE questions. 2. PART ONE is to be answered
More informationDatabase Security. Authentification: verifying the id of a user. Authorization: checking the access privileges
Database Security Security Tasks Authentification: verifying the id of a user Authorization: checking the access privileges Auditing: looking for violations (in the past) 1 Data Security Dorothy Denning,
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationThe Relational Model. Chapter 3. Database Management Systems, R. Ramakrishnan and J. Gehrke 1
The Relational Model Chapter 3 Database Management Systems, R. Ramakrishnan and J. Gehrke 1 Why Study the Relational Model? Most widely used model. Vendors: IBM, Informix, Microsoft, Oracle, Sybase, etc.
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationCore Role Based Access Control (RBAC) mechanism for MySQL
Core Role Based Access Control (RBAC) mechanism for MySQL by Ian Molloy Radu Dondera Umang Sharan CS541 Project Report Under the Guidance of Prof. Elisa Bertino With the Department of Computer Science
More informationSecure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM
Secure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM Rohini Vidhate, V. D. Shinde Abstract With the rapid developments occurring in cloud computing and services, there has been
More informationEnhanced OpenID Protocol in Identity Management
Enhanced OpenID Protocol in Identity Management Ronak R. Patel 1, Bhavesh Oza 2 1 PG Student, Department of Computer Engg, L.D.College of Engineering, Gujarat Technological University, Ahmedabad 2 Associate
More informationForescout. Configuration Guide. Version 4.4
Forescout Version 4.4 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationDistributed KIDS Labs 1
Distributed Databases @ KIDS Labs 1 Distributed Database System A distributed database system consists of loosely coupled sites that share no physical component Appears to user as a single system Database
More informationIBM Security Identity Manager Version Planning Topics IBM
IBM Security Identity Manager Version 7.0.1 Planning Topics IBM IBM Security Identity Manager Version 7.0.1 Planning Topics IBM ii IBM Security Identity Manager Version 7.0.1: Planning Topics Table of
More informationEbook : Overview of application development. All code from the application series books listed at:
Ebook : Overview of application development. All code from the application series books listed at: http://www.vkinfotek.com with permission. Publishers: VK Publishers Established: 2001 Type of books: Develop
More informationThe Relational Model. Chapter 3. Comp 521 Files and Databases Fall
The Relational Model Chapter 3 Comp 521 Files and Databases Fall 2014 1 Why the Relational Model? Most widely used model by industry. IBM, Informix, Microsoft, Oracle, Sybase, MySQL, Postgres, Sqlite,
More informationAn Oracle White Paper September Security and the Oracle Database Cloud Service
An Oracle White Paper September 2012 Security and the Oracle Database Cloud Service 1 Table of Contents Overview... 3 Security architecture... 4 User areas... 4 Accounts... 4 Identity Domains... 4 Database
More informationDATABASE DEVELOPMENT (H4)
IMIS HIGHER DIPLOMA QUALIFICATIONS DATABASE DEVELOPMENT (H4) Friday 3 rd June 2016 10:00hrs 13:00hrs DURATION: 3 HOURS Candidates should answer ALL the questions in Part A and THREE of the five questions
More informationProgramming the Database
Programming the Database Today s Lecture 1. Stored Procedures 2. Functions BBM471 Database Management Systems Dr. Fuat Akal akal@hacettepe.edu.tr 3. Cursors 4. Triggers 5. Dynamic SQL 2 Stored Procedures
More informationCS 161 Multilevel & Database Security. Military models of security
CS 161 Multilevel & Database Security 3 October 26 CS 161 3 October 26 Military models of security Need to know Three models of security Classification unclassified, classified, secret, top secret Compartmentalization
More informationUnix, History
Operating systems Examples from Unix, VMS, Windows NT on user authentication, memory protection and file and object protection. Trusted Operating Systems, example from PitBull Unix, History Unix, History
More informationRelational Databases BORROWED WITH MINOR ADAPTATION FROM PROF. CHRISTOS FALOUTSOS, CMU /615
Relational Databases BORROWED WITH MINOR ADAPTATION FROM PROF. CHRISTOS FALOUTSOS, CMU 15-415/615 Roadmap 3 Introduction Integrity constraints (IC) Enforcing IC Querying Relational Data ER to tables Intro
More informationData about data is database Select correct option: True False Partially True None of the Above
Within a table, each primary key value. is a minimal super key is always the first field in each table must be numeric must be unique Foreign Key is A field in a table that matches a key field in another
More informationChapter 10 Advanced topics in relational databases
Chapter 10 Advanced topics in relational databases Security and user authorization in SQL Recursion in SQL Object-relational model 1. User-defined types in SQL 2. Operations on object-relational data Online
More informationThe Relational Model. Roadmap. Relational Database: Definitions. Why Study the Relational Model? Relational database: a set of relations
The Relational Model CMU SCS 15-415/615 C. Faloutsos A. Pavlo Lecture #3 R & G, Chap. 3 Roadmap Introduction Integrity constraints (IC) Enforcing IC Querying Relational Data ER to tables Intro to Views
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationB.H.GARDI COLLEGE OF MASTER OF COMPUTER APPLICATION. Ch. 1 :- Introduction Database Management System - 1
Basic Concepts :- 1. What is Data? Data is a collection of facts from which conclusion may be drawn. In computer science, data is anything in a form suitable for use with a computer. Data is often distinguished
More informationThe Relational Model. Chapter 3. Comp 521 Files and Databases Fall
The Relational Model Chapter 3 Comp 521 Files and Databases Fall 2012 1 Why Study the Relational Model? Most widely used model by industry. IBM, Informix, Microsoft, Oracle, Sybase, etc. It is simple,
More informationAccess Control (slides based Ch. 4 Gollmann)
Access Control (slides based Ch. 4 Gollmann) Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their
More informationCourse Outline and Objectives: Database Programming with SQL
Introduction to Computer Science and Business Course Outline and Objectives: Database Programming with SQL This is the second portion of the Database Design and Programming with SQL course. In this portion,
More informationU1. Data Base Management System (DBMS) Unit -1. MCA 203, Data Base Management System
Data Base Management System (DBMS) Unit -1 New Delhi-63,By Vaibhav Singhal, Asst. Professor U2.1 1 Data Base Management System Data: Data is the basic raw,fact and figures Ex: a name, a digit, a picture
More informationAbout Database Adapters
About Database Adapters Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 820 5069 07/08/08 Copyright 2007 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationAccess control. Frank Piessens KATHOLIEKE UNIVERSITEIT LEUVEN
Access control Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2010 1 Overview Introduction: Lampson s model for access control Classical Access Control Models Discretionary Access Control (DAC)
More informationSecurity System and COntrol 1
Security System and COntrol 1 Security Management By: Joseph Ronald Canedo It is a Risky World Vulnerabilities Security objectives: Prevent attacks Detect attacks Recover from attacks Attacks: against
More informationCHAPTER 8 FIREWALLS. Firewall Design Principles
CHAPTER 8 FIREWALLS Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world
More informationDion Model. Objects and their classification
Dion Model (1981) Proposed as a mandatory policy which protects the secrecy and integrity together. Combines the principles of the BLP and Biba models (strict consistency policy) No discretionary policy
More informationIntroduction to Relational Databases. Introduction to Relational Databases cont: Introduction to Relational Databases cont: Relational Data structure
Databases databases Terminology of relational model Properties of database relations. Relational Keys. Meaning of entity integrity and referential integrity. Purpose and advantages of views. The relational
More informationRelational data model
Relational data model Iztok Savnik FAMNIT, 18/19 Why Study the Relational Model? Most widely used model. Vendors: IBM, Informix, Microsoft, Oracle, Sybase, etc. Legacy systems in older models E.G., IBM
More informationPhysical Design of Relational Databases
Physical Design of Relational Databases Chapter 8 Class 06: Physical Design of Relational Databases 1 Physical Database Design After completion of logical database design, the next phase is the design
More informationDatabase Management Systems. Chapter 3 Part 1
Database Management Systems Chapter 3 Part 1 The Relational Model Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke 1 Why Study the Relational Model? Most widely used model. Vendors: IBM,
More informationReal Application Security Administration
Oracle Database Real Application Security Administration Console (RASADM) User s Guide 12c Release 2 (12.2) E85615-01 June 2017 Real Application Security Administration Oracle Database Real Application
More informationRBAC: Motivations. Users: Permissions:
Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,
More informationDatabase Applications (15-415)
Database Applications (15-415) The Relational Model Lecture 3, January 18, 2015 Mohammad Hammoud Today Last Session: The entity relationship (ER) model Today s Session: ER model (Cont d): conceptual design
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationCOMP 430 Intro. to Database Systems. Encapsulating SQL code
COMP 430 Intro. to Database Systems Encapsulating SQL code Want to bundle SQL into code blocks Like in every other language Encapsulation Abstraction Code reuse Maintenance DB- or application-level? DB:
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationDatabase access control, activity monitoring and real time protection
Omega Core Audit Whitepaper 2.8 Whitepaper Omega Core Audit For Oracle Database July, 2016 Database access control, activity monitoring and real time protection Introduction The database is usually the
More informationSupporting Policies and Functions
Essay 13 Supporting Policies and Functions Marshall D. Abrams and Harold J. Podell The major policy objective, to protect information assets against specific harm, usually requires additional policies
More informationMission Families: a cost effective approach to Mission Control System development
Mission Families: a cost effective approach to Mission Control System development Damiano Guerrucci, Vemund Reestad, Mario Merri, Pierpaolo Emanuelli European Space Aency (ESA) European Space Operations
More informationEXPRESSING AN INFORMATION SECURITY POLICY WITHIN A SECURITY SIMULATION GAME
EXPRESSING AN INFORMATION SECURITY POLICY WITHIN A SECURITY SIMULATION GAME Cynthia E. Irvine and Michael F. Thompson Naval Postgraduate School Abstract: Key words: The Center for the Information Systems
More informationSurvey of Oracle Database
Survey of Oracle Database About Oracle: Oracle Corporation is the largest software company whose primary business is database products. Oracle database (Oracle DB) is a relational database management system
More informationChapter 14: Protection. Operating System Concepts 9 th Edition
Chapter 14: Protection Silberschatz, Galvin and Gagne 2013 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access
More informationx y x mod p g y mod p K= g xy mod p Alice Eve Bob g g x mod p x mod p g y y mod p y mod p K1= g mod p K2= g mod p
6.857 Computer and Network Security Fall Term, 1997 Lecture 15 : October 23rd, 1997 Lecturer: Ron Rivest Scribe: Ben Adida 1 Topics Covered An Active Attack on RSA smart cards Secure Channels over Insecure
More informationIntroduction to Data Management. Lecture #4 (E-R Relational Translation)
Introduction to Data Management Lecture #4 (E-R Relational Translation) Instructor: Mike Carey mjcarey@ics.uci.edu Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke 1 Announcements v Today
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationAn Introduction to Databases and Database Management Systems.
An Introduction to Databases and Database Management Systems. Introduction An important aspect of most every business is record keeping. In our information society, this has become an important aspect
More information