DATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security
|
|
- Prosper Terry
- 6 years ago
- Views:
Transcription
1 DATABASE SECURITY AND PRIVACY Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security
2 Database Security Protect Sensitive Data from Unauthorized disclosure Unauthorized modification Denial of service attacks
3 Protection of Data Confidentiality Access control which data users can access Information flow control what users can do with the accessed data
4 Access Control Subject: active entity that requests access to an object - e.g., user or program Object: passive entity accessed by a subject - e.g., record, relation, file Access right (privileges): how a subject is allowed to access an object - e.g., subject s can read object o
5 Access Control Ensures that all direct accesses to object are authorized Protects against accidental and malicious threats by regulating the read, write and execution of data and programs
6 Protection Object Database Relation Record Attribute Element Advantages vs. disadvantages of supporting different granularity levels
7 Access Control Policies Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC)
8 Discretionary Access Control (DAC) For each subject access right to the objects are defined (subject, object, +/- access mode) (Black, Employee-relation, read) User based Grant and Revoke Problems: - Propagation of access rights - Revocation of propagated access rights
9 DAC by Grant and Revoke GRANT SELECT ON Employee TO Black WITH GRANT OPTION? Brown revokes grant given to Black Brown (owner) GRANT UPDATE(Salary) ON Employee TO White Black GRANT SELECT ON Employee TO Red Red? Brown does not want Red to access the Employee relation White
10 DAC Restricts access to objects based solely on the identity of users who are trying to access them. Individuals Resources Server 1 Server 2 Server 3 Application Access List Name Access Tom Yes John No Cindy Yes
11 Quick SQL Review Creating tables: create table table_name ( column1 type1, column2 type2,... ); Deleting tables: drop table table_name; 11
12 Quick SQL Review Types: int float date char(size) Always delimited by single quote (apostrophe) Use two single quotes to represent the apostrophe character varchar(size) (varchar2 in Oracle) text (long in Oracle) 12
13 Quick SQL Review Querying tables: select column1, column2 from table_name; or select * from table_name; Conditions: select columns from table_name where condition; 13
14 Quick SQL Review Inserting new rows: insert into table_name values (value1, value2); or insert into table_name set column1=value1, column2=value2,...; Updating rows: update table_name set column1=value1 where condition; 14
15 Quick SQL Review Deleting rows: delete from table_name where condition; Set values in conditions: select * from table_name where column in (select_statement); or select * from table_name where column in (value1, value2,...); 15
16 Quick SQL Review Creating functions: create [or replace] function function_name (parameters) return return_type as [declare_local_variables] begin... end; / 16
17 SQL grant Syntax grant privilege_list on resource to user_list; Privileges include select, insert, etc. Resource may be a table, a database, a function, etc. User list may be individual users, or may be a user group Griffiths Wade 76 17
18 Example Application Alice owns a database table of company employees: name varchar(50), ssn int, salary int, varchar(50) Some information (ssn, salary) should be confidential, others can be viewed by any employee. 18
19 Simple Access Control Rules Suppose Bob needs access to the whole table (but doesn t need to make changes): grant select on employee to bob; Suppose Carol is another employee, who should only access public information: grant select(name, ) on employee to carol; not implemented in PostgreSQL (see next slide) not implemented for select in Oracle implemented in MySQL 19
20 Creating Views Careful with definitions! A subset of the database to which a user has access, or: A virtual table created as a shortcut query of other tables View syntax: create view view_name as query_definition; Querying views is nearly identical to querying regular tables 20
21 View-Based Access Control Alternative method to grant Carol access to name and columns: create view employee_public as select name, from employee; grant select on employee_public to carol; 21
22 Row-Level Access Control Suppose we also allow employees to view their own ssn, salary: create view employee_carol as select * from employee where name='carol'; grant select on employee_carol to carol; And we allow them to update their addresses: grant update( ) on employee_carol to carol; (Or create yet another new view ) 22
23 Delegating Policy Authority grant privilege_list on resource to user_list with grant option; Allows other users to grant privileges, including with grant option privileges Copy right from Access Control lecture Can grant subset privileges too Alice: grant select on table1 to bob with grant option; Bob: grant select(column1) on table1 to carol with grant option; 23
24 SQL revoke Syntax revoke privilege_list on resource from user_list; What happens when a user is granted access from two different sources, and one is revoked? What happens when a with grant option privilege is revoked? 24
25 Griffiths-Wade Model Sequences of grant / revoke operations When a privilege is revoked, the ACLs should be indistinguishable from a sequence in which the grant never occurred. 25
26 Grants from Multiple Sources grant(alice,bob) grant(alice,carol) grant(carol,bob) revoke(alice,bob) grant(alice,bob) grant(alice,carol) grant(carol,bob) revoke(alice,bob) Bob Alice Carol 26
27 Not as Easy as it Looks! grant(alice,bob) grant(bob,carol) grant(carol,bob) revoke(alice,bob) grant(alice,bob) grant(bob,carol) grant(carol,bob) revoke(alice,bob) Bob Alice Carol 27
28 Cascading Revocations grant(alice,bob) grant(alice,carol) grant(carol,david) grant(bob,carol) revoke(alice,carol) grant(alice,bob) grant(alice,carol) grant(carol,david) grant(bob,carol) revoke(alice,carol) Alice Carol? David Bob 28
29 Meanwhile, in the Real World... Account privileges get changed all the time We don t always want to redo everything Tedious Involves other users actions SQL revoke command has two optional arguments: cascade: undoes all dependent grant commands restrict: exits with failure if there exist dependent grants Ramakrishnan Gehrke 03 29
30 User1: creates Example_Table within Example_Schema. grants SELECT WITH GRANT OPTION on Example_Table to User2. User2 grants the SELECT WITH GRANT OPTION on Example_Table to User3 User3 grants SELECT on Example_Table to the Reviewer role. >REVOKE SELECT ON EXAMPLE_TABLE FROM USER2 CASCADE
31 User1: creates Example_Table within Example_Schema. grants SELECT WITH GRANT OPTION on Example_Table to User2. User2 grants the SELECT WITH GRANT OPTION on Example_Table to User3 User3 grants SELECT on Example_Table to the Reviewer role. >REVOKE SELECT ON EXAMPLE_TABLE FROM USER2 CASCADE When the superuser or User1 executes this statement, the SELECT privilege on Example_Table is revoked from User2, User3, and the Reviewer Role. (The GRANT privilege is also revoked from User2 and User3.)
32 User1: creates Example_Table within Example_Schema. grants SELECT WITH GRANT OPTION on Example_Table to User2. User2 grants the SELECT WITH GRANT OPTION on Example_Table to User3 User3 grants SELECT on Example_Table to the Reviewer role. >REVOKE SELECT ON EXAMPLE_TABLE FROM USER2 RESTRICT Since there is depending grants, the revoke fails.
33 RBAC (Role Based Access Control Roles permit common privileges for a class of users can be specified just once by creating a corresponding role Privileges can be granted to or revoked from roles Roles can be assigned to users, and even to other roles
34 RBAC Individuals Roles Resources Role 1 Server 1 Role 2 Server 2 Role 3 Server 3 Users change frequently, Roles don t
35 Mandatory Access Control (MAC) Security label - Top-Secret, Secret, Public Objects: security classification - File 1 is Secret, File 2 is Public Subjects: security clearances - Brown is cleared to Secret, Black is cleared to Public Dominance ( ) - Top-Secret Secret Public
36 MAC Access rights: defined by comparing the security classification of the requested objects with the security clearance of the subject If access control rules are satisfied, access is permitted Otherwise access is rejected Granularity of access rights!
37 MAC Individuals Resources Server 1 Top Secret Server 2 Secret Server 3 Classified
38 MAC Single security property: a subject S is allowed a read access to an object O only if label(s) dominates label(o) Star-property: a subject S is allowed a write access to an object O only if label(o) dominates label(s) No direct flow of information from high security objects to low security objects!
39 Multilevel Security Multilevel security users at different security level, see different versions of the database Problem: different versions need to be kept consistent and coherent without downward signaling channel (covert channel)
40 Multilevel Relation Example SSN (SSN) Course (Course) Grade (Grade) S CSCE 786 S A TS S CSCE 567 S C TS Top-secret user sees all data Secret user sees Secret-View: SSN (SSN) Course (Course) Grade (Grade) S CSCE 786 S null S S CSCE 567 S null S CSCE Farkas 41
Access Control for Enterprise Apps. Dominic Duggan Stevens Ins8tute of Technology Based on material by Lars Olson and Ross Anderson
Access Control for Enterprise Apps Dominic Duggan Stevens Ins8tute of Technology Based on material by Lars Olson and Ross Anderson SQL ACCESS CONTROL 2 App vs Database Security Mul8ple users for Apps (A)
More informationInstructor: Jinze Liu. Fall 2008
Instructor: Jinze Liu Fall 2008 http://www.securityfocus.com/news/11455 Jinze Liu @ University of Kentucky 9/22/2008 2 Source: http://www.gocsi.com/ Database Security - Farkas 3 Almost all corporate/organizational
More informationAccess Control. Protects against accidental and malicious threats by
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationAccess Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationDatabase Security Overview. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Database Security Overview Murat Kantarcioglu Topics The access control model of System R Extensions to the System R model Views and content-based
More informationDatabase Security Lecture 10
Database Security Lecture 10 Database security Grant-Revoke Model Elisa Bertino bertino@cs.purdue.edu Access Control in Commercial DBMSs Most commercial systems adopt DAC Current discretionary authorization
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication, Authorization, Audit AAA
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationDers # 7. Veri Bütünlüğü Programlama ve Güvenlik. From Elmasri/Navathe textbook Ch9,26 Sciore textbook, Ch 9-10
Ders # 7 Veri Bütünlüğü Programlama ve Güvenlik From Elmasri/Navathe textbook Ch9,26 Sciore textbook, Ch 9-10 Outline: General Constraints as Assertions Triggers Security Objective: Specification of more
More informationCOSC 304 Introduction to Database Systems. Views and Security. Dr. Ramon Lawrence University of British Columbia Okanagan
COSC 304 Introduction to Database Systems Views and Security Dr. Ramon Lawrence University of British Columbia Okanagan ramon.lawrence@ubc.ca Views A view is a named query that is defined in the database.
More informationCSCE 548 Building Secure Software SQL Injection Attack
CSCE 548 Building Secure Software SQL Injection Attack Professor Lisa Luo Spring 2018 Previous class DirtyCOW is a special type of race condition problem It is related to memory mapping We learned how
More informationCS2300: File Structures and Introduction to Database Systems
CS2300: File Structures and Introduction to Database Systems Lecture 14: SQL Doug McGeehan From Theory to Practice The Entity-Relationship Model: a convenient way of representing the world. The Relational
More informationComplex Access Control. Steven M. Bellovin September 10,
Complex Access Control Steven M. Bellovin September 10, 2013 1 Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix
More informationDatabase Security. Authentification: verifying the id of a user. Authorization: checking the access privileges
Database Security Security Tasks Authentification: verifying the id of a user Authorization: checking the access privileges Auditing: looking for violations (in the past) 1 Data Security Dorothy Denning,
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationViews. COSC 304 Introduction to Database Systems. Views and Security. Creating Views. Views Example. Removing Views.
COSC 304 Introduction to Database Systems Views and Security Dr. Ramon Lawrence University of British Columbia Okanagan ramon.lawrence@ubc.ca Views A view is a named query that is defined in the database.
More informationCIS433/533 - Introduction to Computer and Network Security. Access Control
CIS433/533 - Introduction to Computer and Network Security Access Control Professor Butler Winter 2011 Computer and Information Science Trusted Computing Base The trusted computing base is the infrastructure
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 2 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication Ravi Sandhu 2 Authentication,
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationAccess Control (slides based Ch. 4 Gollmann)
Access Control (slides based Ch. 4 Gollmann) Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their
More informationCOMP 430 Intro. to Database Systems. Encapsulating SQL code
COMP 430 Intro. to Database Systems Encapsulating SQL code Want to bundle SQL into code blocks Like in every other language Encapsulation Abstraction Code reuse Maintenance DB- or application-level? DB:
More informationCSC 261/461 Database Systems Lecture 6. Fall 2017
CSC 261/461 Database Systems Lecture 6 Fall 2017 Use of WITH The WITH clause allows a user to define a table that will only be used in a particular query (not available in all SQL implementations) Used
More informationAccess Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy
Access Control: enacting a security policy Access Control COMP 435 Fall 2017 Prof. Cynthia Sturton Which users can access which resources and with which rights 2 Access Control: enacting a security policy
More informationHow to use SQL to create a database
Chapter 17 How to use SQL to create a database How to create a database CREATE DATABASE my_guitar_shop2; How to create a database only if it does not exist CREATE DATABASE IF NOT EXISTS my_guitar_shop2;
More informationSecurity Models Trusted Zones SPRING 2018: GANG WANG
Security Models Trusted Zones SPRING 2018: GANG WANG Access Control Slides credit to Ethan L. Miller and Scott A. Brandt Protection Domains Three protection domains Each lists objects with permitted operations
More informationP1L5 Access Control. Controlling Accesses to Resources
P1L5 Access Control Controlling Accesses to Resources TCB sees a request for a resource, how does it decide whether it should be granted? Authentication establishes the source of a request Authorization
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationSecurity and Authorization
Security and Authorization Sub-sets of SQL Data retrieval: SELECT Data Manipulation Language (DML): INSERT, UPDATE, DELETE Data Definition Language (DDL): CREATE, ALTER, DROP, RENAME Transaction control:
More informationSQL DATA DEFINITION LANGUAGE
9/27/16 DATABASE SCHEMAS IN SQL SQL DATA DEFINITION LANGUAGE SQL is primarily a query language, for getting information from a database. SFWR ENG 3DB3 FALL 2016 But SQL also includes a data-definition
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationCSC 474/574 Information Systems Security
omputer cience 474/574 Information ystems ecurity Topic 7.1: DA and MA in Databases 474/574 Dr. Peng Ning 1 Outline DA in DBM Grant and revoke View MA in DBM omputer cience 474/574 Dr. Peng Ning 2 1 DA
More informationLecture 07. Spring 2018 Borough of Manhattan Community College
Lecture 07 Spring 2018 Borough of Manhattan Community College 1 SQL Identifiers SQL identifiers are used to identify objects in the database, such as table names, view names, and columns. The ISO standard
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Access Control Access control is where security engineering meets computer science. Its function is to control which (active) subject have access to a which
More informationDatabase Security. Professor Sushil Jajodia George Mason University
Database Security Professor Sushil Jajodia Geore Mason University 703-993-1640 jajodia@mu.edu http://isse.mu.edu/~csis/faculty/jajodia.html 4-03 2 Discretionary Access Controls Users can protect what they
More informationMandatory Access Control
Mandatory Access Control 1 DAC and Trojan Horse Brown: read, write Employee Brown Read Employee REJECTED! Black is not allowed To access Employee Black, Brown: read, write Black s Employee Black 2 1 DAC
More informationMultilevel relations: Schema and multiple instances based on each access class. A multilevel relation consists of two parts:
The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application of mandatory policies in relational database systems. Based on the sec classifications introduced in BLP. It extends the
More informationCCM Lecture 12. Security Model 1: Bell-LaPadula Model
CCM 4350 Lecture 12 Security Model 1: Bell-LaPadula Model Why Security Models? When we have implemented a security policy, do we know that it will (and can) be enforced? E.g., if policies get too intricate,
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More informationComputer Security. Access control. 5 October 2017
Computer Security Access control 5 October 2017 Policy and mechanism A security policy is a statement of what is, and what is not, allowed. A security mechanism is a method, tool or procedure for enforcing
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationSQL: Data Definition Language
SQL: Data Definition Language CSC 343 Winter 2018 MICHAEL LIUT (MICHAEL.LIUT@UTORONTO.CA) DEPARTMENT OF MATHEMATICAL AND COMPUTATIONAL SCIENCES UNIVERSITY OF TORONTO MISSISSAUGA Database Schemas in SQL
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 11 - Access Control October 10, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Access Control System Protection Domain What can be accessed by a process Default
More informationG64DBS Database Systems. Lecture 7 SQL SELECT. The Data Dictionary. Data Dictionaries. Different Sections of SQL (DDL) Different Sections of SQL (DCL)
G64DBS Database Systems Lecture 7 SQL SELECT Tim Brailsford Different Sections of SQL (DDL) The Data Definition Language (DDL): CREATE TABLE - creates a new database table ALTER TABLE - alters (changes)
More informationChapter 10 Advanced topics in relational databases
Chapter 10 Advanced topics in relational databases Security and user authorization in SQL Recursion in SQL Object-relational model 1. User-defined types in SQL 2. Operations on object-relational data Online
More informationData Security and Privacy. Topic 11: Virtual Private Databases Based on Prof. Bertino s Slides
Data Security and Privacy Topic 11: Virtual Private Databases Based on Prof. Bertino s Slides 1 Announcements Next Quiz on Feb 15 2 Oracle VPD Virtual Private Database (VPD) Fine-grained access control:
More informationINSE 6160 Database Security and Privacy
INSE 6160 Database Security and Privacy Discretionary Access Control in DBMS Prof. Lingyu Wang 1 Outline Grant Revoke Model Meta-Policy and FAF Security By Views 2 Grant-Revoke Grant-Revoke Model (Griffith&Wade
More information3ISY402 DATABASE SYSTEMS
3ISY402 DATABASE SYSTEMS - SQL: Data Definition 1 Leena Gulabivala Material from essential text: T CONNOLLY & C BEGG. Database Systems A Practical Approach to Design, Implementation and Management, 4th
More informationLECTURE11: TRANSACTION CONTROL LANGUAGE DATA CONTROL LANGUAGE
LECTURE11: TRANSACTION CONTROL LANGUAGE DATA CONTROL LANGUAGE Ref. Chapter6 From Database Systems: A Practical Approach to Design, Implementation and Management. Thomas Connolly, Carolyn Begg. 1 IS220
More informationBasic SQL. Basic SQL. Basic SQL
Basic SQL Dr Fawaz Alarfaj Al Imam Mohammed Ibn Saud Islamic University ACKNOWLEDGEMENT Slides are adopted from: Elmasri & Navathe, Fundamentals of Database Systems MySQL Documentation Basic SQL Structured
More informationIntrusion Detection Types
Intrusion Detection Continued Tom Longstaff SM Software Engineering Institute Pittsburgh PA 1521 The is sponsored by the Advanced Research Projects Agency (ARPA). The Software Engineering Institute is
More informationMobile and Heterogeneous databases Security. A.R. Hurson Computer Science Missouri Science & Technology
Mobile and Heterogeneous databases Security A.R. Hurson Computer Science Missouri Science & Technology 1 Note, this unit will be covered in two lectures. In case you finish it earlier, then you have the
More informationSQL DATA DEFINITION LANGUAGE
SQL DATA DEFINITION LANGUAGE DATABASE SCHEMAS IN SQL SQL is primarily a query language, for getting information from a database. DML: Data Manipulation Language SFWR ENG 3DB3 FALL 2016 MICHAEL LIUT (LIUTM@MCMASTER.CA)
More informationAaron Lovato. April 26, 2010
New Mexico Tech April 26, 2010 1 2 3 4 5 6 7 8 Paper published in 2008 Written by Lars E. Olson, Carl A. Gunter, and P. Madhusudan Basic Ideas Replace ACLs in databases with reflective queries access control
More informationIntroduction To Security and Privacy Einführung in die IT-Sicherheit I
Introduction To Security and Privacy Einführung in die IT-Sicherheit I Prof. Dr. rer. nat. Doğan Kesdoğan Institut für Wirtschaftsinformatik kesdogan@fb5.uni-siegen.de http://www.uni-siegen.de/fb5/itsec/
More informationCS 591: Introduction to Computer Security. Lecture 3: Policy
CS 591: Introduction to Computer Security Lecture 3: Policy James Hook Objectives Explore what a security policy is; develop a vocabulary to discuss policies Examine the role of trust in policy 1 What
More informationChapter 5: Database Security
i Chapter 5: Comp Sci 3600 Outline i 1 2 i 3 4 5 Outline i 1 2 i 3 4 5 What is a i Structured collection of data stored for use by one or more applications Contains the relationships between data items
More informationInsertions, Deletions, and Updates
Insertions, Deletions, and Updates Lecture 5 Robb T. Koether Hampden-Sydney College Wed, Jan 24, 2018 Robb T. Koether (Hampden-Sydney College) Insertions, Deletions, and Updates Wed, Jan 24, 2018 1 / 17
More informationHandout 6 CS-605 Spring 18 Page 1 of 7. Handout 6. Physical Database Modeling
Handout 6 CS-605 Spring 18 Page 1 of 7 Handout 6 Physical Database Modeling Purpose- translate the logical description of data into the technical specifications for storing and retrieving data Goal - create
More informationChapter-14 SQL COMMANDS
Chapter-14 SQL COMMANDS What is SQL? Structured Query Language and it helps to make practice on SQL commands which provides immediate results. SQL is Structured Query Language, which is a computer language
More informationViews. Lecture 15 Section 5.3. Robb T. Koether. Hampden-Sydney College. Mon, Feb 18, 2013
Views Lecture 15 Section 5.3 Robb T. Koether Hampden-Sydney College Mon, Feb 18, 2013 Robb T. Koether (Hampden-Sydney College) Views Mon, Feb 18, 2013 1 / 22 1 Views 2 Modifying the Base Tables 3 Updating
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 5 Database Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Database Security 2 Relational Databases constructed
More informationRelational Data Structure and Concepts. Structured Query Language (Part 1) The Entity Integrity Rules. Relational Data Structure and Concepts
Relational Data Structure and Concepts Structured Query Language (Part 1) Two-dimensional tables whose attributes values are atomic. At every row-and-column position within the table, there always exists
More informationViews. Lecture 15 Section 5.3. Robb T. Koether. Hampden-Sydney College. Mon, Feb 18, 2013
Views Lecture 15 Section 5.3 Robb T. Koether Hampden-Sydney College Mon, Feb 18, 2013 Robb T. Koether (Hampden-Sydney College) Views Mon, Feb 18, 2013 1 / 27 1 Views 2 Modifying the Base Tables 3 Updating
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationConcepts of Database Management Seventh Edition. Chapter 4 The Relational Model 3: Advanced Topics
Concepts of Database Management Seventh Edition Chapter 4 The Relational Model 3: Advanced Topics Views View: application program s or individual user s picture of the database Less involved than full
More informationMULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE
MULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE CHAPTER 8 Addressing security demands under fixed budgets and deadline constraints are becoming extremely challenging, time consuming and resource
More informationCHAPTER 5 SECURITY ADVANCED DATABASE SYSTEMS. Assist. Prof. Dr. Volkan TUNALI
CHAPTER 5 SECURITY ADVANCED DATABASE SYSTEMS Assist. Prof. Dr. Volkan TUNALI Topics 2 Introduction Discretionary Access Control Mandatory Access Control Statistical Databases Data Encryption SQL Facilities
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationOperating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)
Operating System Security Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own) Hw1 grades out this Friday Announcement Travel: out of town
More informationChapter 9: Working with MySQL
Chapter 9: Working with MySQL Informatics Practices Class XI (CBSE Board) Revised as per CBSE Curriculum 2015 Visit www.ip4you.blogspot.com for more. Authored By:- Rajesh Kumar Mishra, PGT (Comp.Sc.) Kendriya
More informationCS 161 Multilevel & Database Security. Military models of security
CS 161 Multilevel & Database Security 3 October 26 CS 161 3 October 26 Military models of security Need to know Three models of security Classification unclassified, classified, secret, top secret Compartmentalization
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationViews. Lecture 15. Robb T. Koether. Fri, Feb 16, Hampden-Sydney College. Robb T. Koether (Hampden-Sydney College) Views Fri, Feb 16, / 28
Views Lecture 15 Robb T. Koether Hampden-Sydney College Fri, Feb 16, 2018 Robb T. Koether (Hampden-Sydney College) Views Fri, Feb 16, 2018 1 / 28 1 Views 2 Modifying the Base Tables 3 Updating Views 4
More informationSQL Data Definition and Data Manipulation Languages (DDL and DML)
.. Cal Poly CPE/CSC 365: Introduction to Database Systems Alexander Dekhtyar.. SQL Data Definition and Data Manipulation Languages (DDL and DML) Note: This handout instroduces both the ANSI SQL synatax
More informationNetworks and security Data bases
Networks and security Data bases Networks Concepts Threats Controls Firewalls Protocols A protocol abstracts the communication to a higher level. A layered architecture, a so called protocol stack is used:
More informationOverview of Information Security
Overview of Information Security Lecture By Dr Richard Boateng, UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Pag. 1 and UGBS Outline Information
More informationINF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control
INF3510 Information Security University of Oslo Spring 2018 Lecture 9 Identity Management and Access Control University of Oslo Spring 2018 Outline Identity and access management concepts Identity management
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationDatabase Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.
Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No. # 13 Constraints & Triggers Hello and welcome to another session
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationStandard Query Language. SQL: Data Definition Transparencies
Standard Query Language SQL: Data Definition Transparencies Chapter 6 - Objectives Data types supported by SQL standard. Purpose of integrity enhancement feature of SQL. How to define integrity constraints
More informationCS W Introduction to Databases Spring Computer Science Department Columbia University
CS W4111.001 Introduction to Databases Spring 2018 Computer Science Department Columbia University 1 in SQL 1. Key constraints (PRIMARY KEY and UNIQUE) 2. Referential integrity constraints (FOREIGN KEY
More informationLab # 4. Data Definition Language (DDL)
Islamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4113: Lab # 4 Data Definition Language (DDL) Eng. Haneen El-Masry November, 2014 2 Objective To be familiar with
More informationProgramming the Database
Programming the Database Today s Lecture 1. Stored Procedures 2. Functions BBM471 Database Management Systems Dr. Fuat Akal akal@hacettepe.edu.tr 3. Cursors 4. Triggers 5. Dynamic SQL 2 Stored Procedures
More informationAccess Control Part 3 CCM 4350
Access Control Part 3 CCM 4350 Today s Lecture Repetition of Structuring Access Control Fresh up notions of Partial Orders Again Example of Groups ordering for VSTa- Microkernel abilities as Motivation
More informationSQL DATA DEFINITION LANGUAGE
SQL DATA DEFINITION LANGUAGE DATABASE SCHEMAS IN SQL SQL is primarily a query language, for getting information from a database. DML: Data Manipulation Language SFWR ENG 3DB3 FALL 2016 MICHAEL LIUT (LIUTM@MCMASTER.CA)
More informationSpatial Databases by Open Standards and Software 3.
Spatial Databases by Open Standards and Software 3. Gábor Nagy Spatial Databases by Open Standards and Software 3.: Advanced features in PostgreSQL Gábor Nagy Lector: Zoltán Siki This module was created
More informationOperating systems fundamentals - B07
Operating systems fundamentals - B07 David Kendall Northumbria University David Kendall (Northumbria University) Operating systems fundamentals - B07 1 / 33 What is SQL? Structured Query Language Used
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationIndexes (continued) Customer table with record numbers. Source: Concepts of Database Management
12 Advanced Topics Objectives Use indexes to improve database performance Examine the security features of a DBMS Discuss entity, referential, and legal-values integrity Make changes to the structure of
More informationCSE 344 JANUARY 5 TH INTRO TO THE RELATIONAL DATABASE
CSE 344 JANUARY 5 TH INTRO TO THE RELATIONAL DATABASE ADMINISTRATIVE MINUTIAE Midterm Exam: February 9 th : 3:30-4:20 Final Exam: March 15 th : 2:30 4:20 ADMINISTRATIVE MINUTIAE Midterm Exam: February
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More information