CSC 474/574 Information Systems Security

Similar documents
Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

Access Control Models

Database Security Overview. Murat Kantarcioglu

Discretionary Vs. Mandatory

Mapping ER Diagrams to. Relations (Cont d) Mapping ER Diagrams to. Exercise. Relations. Mapping ER Diagrams to Relations (Cont d) Exercise

Access Control. Discretionary Access Control

DATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security

Relational Databases

CSC 742 Database Management Systems

Dion Model. Objects and their classification

Database Security Lecture 10

Access Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy

CSC/ECE 774 Advanced Network Security

P1L5 Access Control. Controlling Accesses to Resources

CSC 405 Introduction to Computer Security

Acten (Action Entity) Model

Access Control. Protects against accidental and malicious threats by

Database Security. Authentification: verifying the id of a user. Authorization: checking the access privileges

CSE 565 Computer Security Fall 2018

Chapter 10 Advanced topics in relational databases

CHAPTER 5 SECURITY ADVANCED DATABASE SYSTEMS. Assist. Prof. Dr. Volkan TUNALI

Multilevel relations: Schema and multiple instances based on each access class. A multilevel relation consists of two parts:

CSC 774 Network Security

CSC 742 Database Management Systems

Discretionary Vs. Mandatory

CSC 774 Advanced Network Security

Concepts of Database Management Seventh Edition. Chapter 4 The Relational Model 3: Advanced Topics

Solved MCQ on fundamental of DBMS. Set-1

Relational Calculus: 1

Introduction to Databases

Access Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions

Chapter 1 SQL and Data

Computer Security: Principles and Practice

Relational Data Structure and Concepts. Structured Query Language (Part 1) The Entity Integrity Rules. Relational Data Structure and Concepts

INSE 6160 Database Security and Privacy

Physical Database Design

CSC/ECE 774 Advanced Network Security

A Deeper Look at Data Modeling. Shan-Hung Wu & DataLab CS, NTHU

CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:

Insertions, Deletions, and Updates

A Survey of Access Control Policies. Amanda Crowell

Sample Question Paper

Fundamentals of Database Systems

CSC 261/461 Database Systems Lecture 6. Fall 2017

CSC 774 Advanced Network Security

1. Considering functional dependency, one in which removal from some attributes must affect dependency is called

COSC 304 Introduction to Database Systems. Views and Security. Dr. Ramon Lawrence University of British Columbia Okanagan

Access Control. Discretionary Access Control

Ders # 7. Veri Bütünlüğü Programlama ve Güvenlik. From Elmasri/Navathe textbook Ch9,26 Sciore textbook, Ch 9-10

Access Control Mechanisms

Lesson 8 Transcript: Database Security

Selections. Lecture 4 Sections Robb T. Koether. Hampden-Sydney College. Wed, Jan 22, 2014

Relational Database Components

Modeling Your Data. Chapter 2. cs542 1

FOREWARD. Keith F. Brewster May 1996 Acting Chief, Partnerships and Processes

The data structures of the relational model Attributes and domains Relation schemas and database schemas

Introduction to Databases

Discretionary Access Control (DAC)

Introduction To Security and Privacy Einführung in die IT-Sicherheit I

Views. Lecture 15 Section 5.3. Robb T. Koether. Hampden-Sydney College. Mon, Feb 18, 2013

Debapriyo Majumdar DBMS Fall 2016 Indian Statistical Institute Kolkata

Mandatory Access Control

Objectives Definition iti of terms Importance of data modeling Write good names and definitions for entities, relationships, and attributes Distinguis

RBAC: Motivations. Users: Permissions:

Views. Lecture 15. Robb T. Koether. Fri, Feb 16, Hampden-Sydney College. Robb T. Koether (Hampden-Sydney College) Views Fri, Feb 16, / 28

Textbook: Chapter 4. Chapter 5: Intermediate SQL. CS425 Fall 2016 Boris Glavic. Chapter 5: Intermediate SQL. View Definition.

Instructor: Jinze Liu. Fall 2008

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

Access Control Part 1 CCM 4350

CS425 Fall 2017 Boris Glavic Chapter 5: Intermediate SQL

Chapter 4. Basic SQL. Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley

CS419 Spring Computer Security. Vinod Ganapathy Lecture 15. Chapter 5: Database security

Chapter 4. Basic SQL. SQL Data Definition and Data Types. Basic SQL. SQL language SQL. Terminology: CREATE statement

Views. COSC 304 Introduction to Database Systems. Views and Security. Creating Views. Views Example. Removing Views.

System Analysis And Design Methods ENTITY RELATIONSHIP DIAGRAM (ERD) Prof. Ali Khaleghi Eng. Hadi Haedar

Equivalence of expressive power. Introduction to Relational Databases. Having clause: generalized AND. Having clause: generalized AND

CSC 355 Database Systems

Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.

Security and Authorization

Debapriyo Majumdar DBMS Fall 2016 Indian Statistical Institute Kolkata

Lecture 8. Database Management and Queries

Database Programming with PL/SQL

DATA MODELING USING THE ENTITY-RELATIONSHIP MODEL. 1 Powered by POeT Solvers Limited

CSC 474/574 Information Systems Security

CSC 474/574 Information Systems Security

Relation Databases. By- Neha Tyagi PGT CS KV 5 Jaipur II Shift Jaipur Region. Based on CBSE Curriculum Class -11. Neha Tyagi, PGT CS II Shift Jaipur

Systems:;-'./'--'.; r. Ramez Elmasri Department of Computer Science and Engineering The University of Texas at Arlington

CSC 474/574 Information Systems Security

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

Computer Security. Access control. 5 October 2017

Computers Are Your Future

DB Creation with SQL DDL

Functional Dependencies and Normalization for Relational Databases Design & Analysis of Database Systems

Chapter 5. Relational Model Concepts 5/2/2008. Chapter Outline. Relational Database Constraints

Stealthy migrating MySQL tables and MySQL data access interfaces using enlarged updateable VIEW functionality

Using High-Level Conceptual Data Models for Database Design A Sample Database Application Entity Types, Entity Sets, Attributes, and Keys

Database Management System 9

CSC Network Security

Clock-Based Proxy Re-encryption Scheme in Unreliable Clouds

Chapter 5. Relational Model Concepts 9/4/2012. Chapter Outline. The Relational Data Model and Relational Database Constraints

Transcription:

omputer cience 474/574 Information ystems ecurity Topic 7.1: DA and MA in Databases 474/574 Dr. Peng Ning 1 Outline DA in DBM Grant and revoke View MA in DBM omputer cience 474/574 Dr. Peng Ning 2 1

DA in DBM Based on Granting and Revoking of privileges. Types of Discretionary Privileges Account level privileges Independent of database content Example: GRANT REATETAB TO Alice; Relation level privileges Based on Access Matrix Model Related to the database content Our focus omputer cience 474/574 Dr. Peng Ning 3 DA in DBM (ont d) Relation level privileges Each relation is assigned an owner account. The owner of a relation can give privileges on the relation to other users (grant). The privileges may be further propagated. The owner can take back privileges (revoke). omputer cience 474/574 Dr. Peng Ning 4 2

Examples GRANT INERT, DELETE ON EMPLOYEE, DEPARTMENT TO Alice GRANT ELET ON EMPLOYEE TO BOB WITH GRANT OPTION REVOKE ELET ON EMPLOYEE FROM Bob GRANT ELET ON EMPLOYEE(ALARY) TO Bob omputer cience 474/574 Dr. Peng Ning 5 View View mechanism Restrict access only to selected attributes and tuples. Example: REATE VIEW Researchers A ELET Name, Bdate, Address FROM Employee WHERE Department= Research GRANT ELET ON Researchers TO Bob omputer cience 474/574 Dr. Peng Ning 6 3

MA in DBM Attribute values and tuples are considered as objects. Each attribute A is associated with a classification attribute (the label) In some models, a tuple classification attribute T is added to the relation. Example: Employee (N, Name,alary, Performance) Employee (N, N, Name, Name, alary, alary, Performance, Performance, T) uch a relation is called a multi-level relation. omputer cience 474/574 Dr. Peng Ning 7 Employee N Name N alary Performance P T 111111111 mith 40000 Fair 222222222 Brown 80000 Good Employee (What class users see) N 111111111 Name N mith alary 40000 Performance P T 222222222 Brown Good Employee (What class users see) N Name N alary Performance P T 111111111 mith omputer cience 474/574 Dr. Peng Ning 8 4

MA in DBM (ont d) Employee (N, N, Name, Name, BDate, BDate, alary, alary, T) Primary key: The set of attributes that can uniquely identify each tuple. Apparent key: The set of attributes that would have formed the primary key in a regular (single-level) relation. omputer cience 474/574 Dr. Peng Ning 9 Polyinstantiation everal tuples can have the same apparent key value but have different attribute values for users at different classification levels. hipid M T T omputer cience 474/574 Dr. Peng Ning 10 5

Is this possible? hipid M T T What could be the real key? omputer cience 474/574 Dr. Peng Ning 11 What if? hipid M T T explore What could be the real key? omputer cience 474/574 Dr. Peng Ning 12 6

hipid M T T lass user sees hipid M T T lass user: PDATE ET =, = WHERE hipid = omputer cience 474/574 Dr. Peng Ning 13 After pdate hipid M T T What should be returned to a class user? How about a class user? What is the general method? omputer cience 474/574 Dr. Peng Ning 14 7

hipid M T T What to return to lass user? omputer cience 474/574 Dr. Peng Ning 15 hipid M T T What to return to lass user? omputer cience 474/574 Dr. Peng Ning 16 8

Integrity onstraints for Multi-level relations Entity integrity All attributes that are members of the apparent key must not be null and must have the same security class. All other attribute values in the tuple must have a security class greater than or equal to that of the apparent key Purpose: make the retrieved information meaningful. integrity If a tuple value at some security level can be derived from a higher-level tuple, then it s sufficient to store the higherlevel tuple. Purpose: Reduce redundancy omputer cience 474/574 Dr. Peng Ning 17 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback