DATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security

Similar documents
Access Control for Enterprise Apps. Dominic Duggan Stevens Ins8tute of Technology Based on material by Lars Olson and Ross Anderson

Instructor: Jinze Liu. Fall 2008

Access Control. Protects against accidental and malicious threats by

Access Control. Discretionary Access Control

Access Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

Database Security Overview. Murat Kantarcioglu

Database Security Lecture 10

Access Control Models

CSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger

Discretionary Access Control (DAC)

CSE 565 Computer Security Fall 2018

Discretionary Vs. Mandatory

Access Control Mechanisms

Ders # 7. Veri Bütünlüğü Programlama ve Güvenlik. From Elmasri/Navathe textbook Ch9,26 Sciore textbook, Ch 9-10

COSC 304 Introduction to Database Systems. Views and Security. Dr. Ramon Lawrence University of British Columbia Okanagan

CSCE 548 Building Secure Software SQL Injection Attack

CS2300: File Structures and Introduction to Database Systems

Complex Access Control. Steven M. Bellovin September 10,

Database Security. Authentification: verifying the id of a user. Authorization: checking the access privileges

Last time. User Authentication. Security Policies and Models. Beyond passwords Biometrics

Views. COSC 304 Introduction to Database Systems. Views and Security. Creating Views. Views Example. Removing Views.

CIS433/533 - Introduction to Computer and Network Security. Access Control

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Discretionary Access Control (DAC)

Post-Class Quiz: Access Control Domain

CS 356 Lecture 7 Access Control. Spring 2013

Access Control (slides based Ch. 4 Gollmann)

COMP 430 Intro. to Database Systems. Encapsulating SQL code

CSC 261/461 Database Systems Lecture 6. Fall 2017

Access Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy

How to use SQL to create a database

Security Models Trusted Zones SPRING 2018: GANG WANG

P1L5 Access Control. Controlling Accesses to Resources

DAC vs. MAC. Most people familiar with discretionary access control (DAC)

Security and Authorization

SQL DATA DEFINITION LANGUAGE

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

CSC 474/574 Information Systems Security

Lecture 07. Spring 2018 Borough of Manhattan Community College

Access Control. Discretionary Access Control

Database Security. Professor Sushil Jajodia George Mason University

Mandatory Access Control

Multilevel relations: Schema and multiple instances based on each access class. A multilevel relation consists of two parts:

CCM Lecture 12. Security Model 1: Bell-LaPadula Model

Operating Systems Security Access Control

Computer Security. Access control. 5 October 2017

Computer Security 3e. Dieter Gollmann. Chapter 5: 1

SQL: Data Definition Language

CSE Computer Security

G64DBS Database Systems. Lecture 7 SQL SELECT. The Data Dictionary. Data Dictionaries. Different Sections of SQL (DDL) Different Sections of SQL (DCL)

Chapter 10 Advanced topics in relational databases

Data Security and Privacy. Topic 11: Virtual Private Databases Based on Prof. Bertino s Slides

INSE 6160 Database Security and Privacy

3ISY402 DATABASE SYSTEMS

LECTURE11: TRANSACTION CONTROL LANGUAGE DATA CONTROL LANGUAGE

Basic SQL. Basic SQL. Basic SQL

Intrusion Detection Types

Mobile and Heterogeneous databases Security. A.R. Hurson Computer Science Missouri Science & Technology

SQL DATA DEFINITION LANGUAGE

Aaron Lovato. April 26, 2010

Introduction To Security and Privacy Einführung in die IT-Sicherheit I

CS 591: Introduction to Computer Security. Lecture 3: Policy

Chapter 5: Database Security

Insertions, Deletions, and Updates

Handout 6 CS-605 Spring 18 Page 1 of 7. Handout 6. Physical Database Modeling

Chapter-14 SQL COMMANDS

Views. Lecture 15 Section 5.3. Robb T. Koether. Hampden-Sydney College. Mon, Feb 18, 2013

Computer Security: Principles and Practice

Relational Data Structure and Concepts. Structured Query Language (Part 1) The Entity Integrity Rules. Relational Data Structure and Concepts

Views. Lecture 15 Section 5.3. Robb T. Koether. Hampden-Sydney College. Mon, Feb 18, 2013

CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:

Concepts of Database Management Seventh Edition. Chapter 4 The Relational Model 3: Advanced Topics

MULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE

CHAPTER 5 SECURITY ADVANCED DATABASE SYSTEMS. Assist. Prof. Dr. Volkan TUNALI

Labels and Information Flow

Operating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)

Chapter 9: Working with MySQL

CS 161 Multilevel & Database Security. Military models of security

General Access Control Model for DAC

Views. Lecture 15. Robb T. Koether. Fri, Feb 16, Hampden-Sydney College. Robb T. Koether (Hampden-Sydney College) Views Fri, Feb 16, / 28

SQL Data Definition and Data Manipulation Languages (DDL and DML)

Networks and security Data bases

Overview of Information Security

INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control

Module 4: Access Control

Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.

Summary. Final Week. CNT-4403: 21.April

Standard Query Language. SQL: Data Definition Transparencies

CS W Introduction to Databases Spring Computer Science Department Columbia University

Lab # 4. Data Definition Language (DDL)

Programming the Database

Access Control Part 3 CCM 4350

SQL DATA DEFINITION LANGUAGE

Spatial Databases by Open Standards and Software 3.

Operating systems fundamentals - B07

Access control models and policies. Tuomas Aura T Information security technology

Indexes (continued) Customer table with record numbers. Source: Concepts of Database Management

CSE 344 JANUARY 5 TH INTRO TO THE RELATIONAL DATABASE

Identity, Authentication and Authorization. John Slankas

Transcription:

DATABASE SECURITY AND PRIVACY Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security

Database Security Protect Sensitive Data from Unauthorized disclosure Unauthorized modification Denial of service attacks

Protection of Data Confidentiality Access control which data users can access Information flow control what users can do with the accessed data

Access Control Subject: active entity that requests access to an object - e.g., user or program Object: passive entity accessed by a subject - e.g., record, relation, file Access right (privileges): how a subject is allowed to access an object - e.g., subject s can read object o

Access Control Ensures that all direct accesses to object are authorized Protects against accidental and malicious threats by regulating the read, write and execution of data and programs

Protection Object Database Relation Record Attribute Element Advantages vs. disadvantages of supporting different granularity levels

Access Control Policies Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC)

Discretionary Access Control (DAC) For each subject access right to the objects are defined (subject, object, +/- access mode) (Black, Employee-relation, read) User based Grant and Revoke Problems: - Propagation of access rights - Revocation of propagated access rights

DAC by Grant and Revoke GRANT SELECT ON Employee TO Black WITH GRANT OPTION? Brown revokes grant given to Black Brown (owner) GRANT UPDATE(Salary) ON Employee TO White Black GRANT SELECT ON Employee TO Red Red? Brown does not want Red to access the Employee relation White

DAC Restricts access to objects based solely on the identity of users who are trying to access them. Individuals Resources Server 1 Server 2 Server 3 Application Access List Name Access Tom Yes John No Cindy Yes

Quick SQL Review Creating tables: create table table_name ( column1 type1, column2 type2,... ); Deleting tables: drop table table_name; 11

Quick SQL Review Types: int float date char(size) Always delimited by single quote (apostrophe) Use two single quotes to represent the apostrophe character varchar(size) (varchar2 in Oracle) text (long in Oracle) 12

Quick SQL Review Querying tables: select column1, column2 from table_name; or select * from table_name; Conditions: select columns from table_name where condition; 13

Quick SQL Review Inserting new rows: insert into table_name values (value1, value2); or insert into table_name set column1=value1, column2=value2,...; Updating rows: update table_name set column1=value1 where condition; 14

Quick SQL Review Deleting rows: delete from table_name where condition; Set values in conditions: select * from table_name where column in (select_statement); or select * from table_name where column in (value1, value2,...); 15

Quick SQL Review Creating functions: create [or replace] function function_name (parameters) return return_type as [declare_local_variables] begin... end; / 16

SQL grant Syntax grant privilege_list on resource to user_list; Privileges include select, insert, etc. Resource may be a table, a database, a function, etc. User list may be individual users, or may be a user group Griffiths Wade 76 17

Example Application Alice owns a database table of company employees: name varchar(50), ssn int, salary int, email varchar(50) Some information (ssn, salary) should be confidential, others can be viewed by any employee. 18

Simple Access Control Rules Suppose Bob needs access to the whole table (but doesn t need to make changes): grant select on employee to bob; Suppose Carol is another employee, who should only access public information: grant select(name,email) on employee to carol; not implemented in PostgreSQL (see next slide) not implemented for select in Oracle implemented in MySQL 19

Creating Views Careful with definitions! A subset of the database to which a user has access, or: A virtual table created as a shortcut query of other tables View syntax: create view view_name as query_definition; Querying views is nearly identical to querying regular tables 20

View-Based Access Control Alternative method to grant Carol access to name and email columns: create view employee_public as select name,email from employee; grant select on employee_public to carol; 21

Row-Level Access Control Suppose we also allow employees to view their own ssn, salary: create view employee_carol as select * from employee where name='carol'; grant select on employee_carol to carol; And we allow them to update their e-mail addresses: grant update(email) on employee_carol to carol; (Or create yet another new view ) 22

Delegating Policy Authority grant privilege_list on resource to user_list with grant option; Allows other users to grant privileges, including with grant option privileges Copy right from Access Control lecture Can grant subset privileges too Alice: grant select on table1 to bob with grant option; Bob: grant select(column1) on table1 to carol with grant option; 23

SQL revoke Syntax revoke privilege_list on resource from user_list; What happens when a user is granted access from two different sources, and one is revoked? What happens when a with grant option privilege is revoked? 24

Griffiths-Wade Model Sequences of grant / revoke operations When a privilege is revoked, the ACLs should be indistinguishable from a sequence in which the grant never occurred. 25

Grants from Multiple Sources grant(alice,bob) grant(alice,carol) grant(carol,bob) revoke(alice,bob) grant(alice,bob) grant(alice,carol) grant(carol,bob) revoke(alice,bob) Bob Alice Carol 26

Not as Easy as it Looks! grant(alice,bob) grant(bob,carol) grant(carol,bob) revoke(alice,bob) grant(alice,bob) grant(bob,carol) grant(carol,bob) revoke(alice,bob) Bob Alice Carol 27

Cascading Revocations grant(alice,bob) grant(alice,carol) grant(carol,david) grant(bob,carol) revoke(alice,carol) grant(alice,bob) grant(alice,carol) grant(carol,david) grant(bob,carol) revoke(alice,carol) Alice Carol? David Bob 28

Meanwhile, in the Real World... Account privileges get changed all the time We don t always want to redo everything Tedious Involves other users actions SQL revoke command has two optional arguments: cascade: undoes all dependent grant commands restrict: exits with failure if there exist dependent grants Ramakrishnan Gehrke 03 29

User1: creates Example_Table within Example_Schema. grants SELECT WITH GRANT OPTION on Example_Table to User2. User2 grants the SELECT WITH GRANT OPTION on Example_Table to User3 User3 grants SELECT on Example_Table to the Reviewer role. >REVOKE SELECT ON EXAMPLE_TABLE FROM USER2 CASCADE

User1: creates Example_Table within Example_Schema. grants SELECT WITH GRANT OPTION on Example_Table to User2. User2 grants the SELECT WITH GRANT OPTION on Example_Table to User3 User3 grants SELECT on Example_Table to the Reviewer role. >REVOKE SELECT ON EXAMPLE_TABLE FROM USER2 CASCADE When the superuser or User1 executes this statement, the SELECT privilege on Example_Table is revoked from User2, User3, and the Reviewer Role. (The GRANT privilege is also revoked from User2 and User3.)

User1: creates Example_Table within Example_Schema. grants SELECT WITH GRANT OPTION on Example_Table to User2. User2 grants the SELECT WITH GRANT OPTION on Example_Table to User3 User3 grants SELECT on Example_Table to the Reviewer role. >REVOKE SELECT ON EXAMPLE_TABLE FROM USER2 RESTRICT Since there is depending grants, the revoke fails.

RBAC (Role Based Access Control Roles permit common privileges for a class of users can be specified just once by creating a corresponding role Privileges can be granted to or revoked from roles Roles can be assigned to users, and even to other roles

RBAC Individuals Roles Resources Role 1 Server 1 Role 2 Server 2 Role 3 Server 3 Users change frequently, Roles don t

Mandatory Access Control (MAC) Security label - Top-Secret, Secret, Public Objects: security classification - File 1 is Secret, File 2 is Public Subjects: security clearances - Brown is cleared to Secret, Black is cleared to Public Dominance ( ) - Top-Secret Secret Public

MAC Access rights: defined by comparing the security classification of the requested objects with the security clearance of the subject If access control rules are satisfied, access is permitted Otherwise access is rejected Granularity of access rights!

MAC Individuals Resources Server 1 Top Secret Server 2 Secret Server 3 Classified

MAC Single security property: a subject S is allowed a read access to an object O only if label(s) dominates label(o) Star-property: a subject S is allowed a write access to an object O only if label(o) dominates label(s) No direct flow of information from high security objects to low security objects!

Multilevel Security Multilevel security users at different security level, see different versions of the database Problem: different versions need to be kept consistent and coherent without downward signaling channel (covert channel)

Multilevel Relation Example SSN (SSN) Course (Course) Grade (Grade) 111-22-3333 S CSCE 786 S A TS 444-55-6666 S CSCE 567 S C TS Top-secret user sees all data Secret user sees Secret-View: SSN (SSN) Course (Course) Grade (Grade) 111-22-3333 S CSCE 786 S null S 444-55-6666 S CSCE 567 S null S CSCE 790 - Farkas 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback