215 Security Project Presentation

8/8/2019 215 Security Project Presentation

1/33

Database Security and Authorization

ByYazmin Escoto Rodriguez

Christine Tannuwidjaja


2/33

Main Types of Security: Enforce security of portions of a database against

unauthorized access

- Database Security and Authorization Subsystem

Prevent unauthorized persons from accessing thesystem itself

- Access Control

Control the access to statistical databases

- Statistical Database Security

Protect sensitive data that is being transmitted viasome type of communications

- Data Encryption


3/33

Database Security and

Authorization Subsystem

Discretionary Security Mechanisms

- concerned with defining, modeling, andenforcing access to information

Mandatory Security Mechanisms for

Multilevel Security

- requires that data items and users areassigned to certain security labels


4/33

Mandatory Access Control

Elements:

OBJECTS CLASSIFICATIONS

--class(o)--

SUBJECTS CLEARANCE

--clear(s)--

Levels: Top Secret, Secret, Confidential, Unclassified


5/33

Mandatory Access Control

Rules: Simple Property:

subject s is allowed

to read data item d if

clear(s) class(d)

*-property:

subject s is allowedto write data item d if

clear(s) class(d)

Simple Property

protects informationfrom unauthorized

access

*-property protects

data fromcontamination or

unauthorized

modification


6/33

Multilevel Security Databases-

exampleSet up:

we have: - subject x with clear(x) = TS

- subject y with clear(y) = S

- subject z with clear(z) = U

Project Name Topic Location TC

Black, TS Databases, TS Los Angeles, TS TS

Silver, S Supply Chain, S New York, S S

Gold, U Inventories, S Atlanta, S S

Indigo, U Telecommunication, U Austin, U U


7/33


exampleProject Name Topic Location TC










8/33








Gold, U -, U -, U U



9/33


example

subject z wants to insert the next tuple

< Silver, LP, Omaha>




Gold, U Inventories, S Atlanta, S SIndigo, U Telecommunication, U Austin, U U

Silver, U Linear Programming, U Omaha, U U

Polyinstantiation : the existence of multiple data objects with the same key


10/33



Gold, U -, U -, U U


subject z wants to replace the null values with certain data items

< Markov Chain, New Jersey>






Gold, U Markov Chain, U New Jersey, U U


11/33

Security Relevant Knowledge

Entity Relationship

-- describes thestructural part of the

database

Data Flow Diagram

-- represents thefunctions the

system should

perform

Classification Constraints

To assign to security classifications concepts of schemas:

- ones that classify items

- ones that classify query results


12/33

System Object

What is it?

Entity type

Specialization type

Relationship type

In security

it is the

target ofprotection

Notation

O(A1..,An)

- Ai (i=1..N) is anattribute and is

defined over

domain Di

Has an identity

property (keyattributes)

A (A1,..,An)


13/33

Multilevel Secure Application

MAJOR QUESTION:

Which way should the attributes and occurrences of Obe assigned to proper security classifications?

CLASSIFICATION

RESULT:

Security object O multilevel security object Om

Performed by means of security constraints


14/33

Graphical Extensions to the ER

N

X

P

(U) (Co) (S)

[U..S] [Co..TS]

(TS)

Secrecy Levels

Ranges of Secrecy

Levels

Aggregation leading

to TS (N..constant)

Inference leading to

Co

Evaluation of

predicate P

Security dependency


15/33

SSN

Name

Dep

Salary

Title

Title

Function

SSN

Date

Client

SubjectEmployee Project

Is

Assigned

to

(0,N) (0,M)

ER Diagram


16/33

Object Classification Constraints

Simple Constraints Let X be a set of attributes of security object O (X {A1,,An})

SiC (O(X))=C, (C SL)

Results in a multilevel object Om(A1, C1,, An, Cn,TC) whereCi=C Ai X, Ci left unchanged for Ai X

Application to ER:

- SiC(Is Assigned to,{Function},S)

- assigns property Function of relationship Is Assigned to to aclassification of secret.


17/33

SSN

Name

Dep

Salary

Title

Title

Function

SSN

Date

Client


Is

Assigned

to

(0,N) (0,M)

ER Diagram classifying

properties of security objects


18/33


Content-based Constraints Let Aibe an attribute of security object O with domain Di, let P be a

predicate defined on Ai and let X {Ai,,An}

CbC (O(X), P: Ai a) = C or CbC (O(X), P: Ai Aj) = C( {=,,,,}, a Di, i j, C SL)

For any instance o of security object O(A1,,An) for which a predicateevaluates into true the transformation into o(a1,c1,,an,cn,tc) isperformed

Classifications are assigned in a way that ci = C in the case Ai X, cileft unchanged otherwise

Application to ER:- CbC (Employee, {SSN, Name}, Salary, , 100, Co))

- represents the semantic that properties SSN and Name of employeeswith a salary 100 are treated as confidential information


19/33

SSN

Name

Dep

Salary

Title

Title

Function

SSN

Date

Client


Is

Assigned

toP

(0,N) (0,M)




20/33


Complex Constraints Let O, Obe two security objects and the existence of an instance o of

O is dependent on the existence of a corresponding occurrence o of O

where the k values of the identifying property K of o are identical to

k values of attributes of o (foreign key)

Let P(O) be a valid predicate defined on o and let X {A1,,An} bean attribute set of O

CoC (O(X), P(O)) = C (C SL)

For every instance o of security object O(A1,,An) for which apredicate evaluates into true in the related object o of O thetransformation into o(a1,c1,,an,cn,tc) is performed

Classifications are assigned in a way that ci = C in the case Ai X, cileft unchanged otherwise


21/33


Complex Constraints (cont)

Application to ER:- CoC (Is Assigned to, {SSN}, Project, Subject, =, Research, S)- individual assignment data (SSN) is regarded as secret information inthe case the assignment refers to a project with Subject = Research


22/33

SSN

Name

Dep

Salary

Title

Title

Function

SSN

Date

Client


Is

Assigned

toP

P

(0,N) (0,M)




23/33


Level-based Constraints Let level (Ai) be a function that returns the classification ci of the value

of attribute Ai in object o(a1,c1,,an,cn,tc) of a multilevel securityobject Om

Let X be a set of attributes of Om such that X {A1,,An}

LbC (O(X)) = level (Ai)

Result for every object o(a1,c1,,an,cn,tc) to the assignment cj = ci in

the case AjX

Application to ER:- LbC (Project, {Client}, Subject)- states that property Client of security object Project must always havethe same classification as the property Subject of the Project


24/33

SSN

Name

Dep

Salary

Title

Title

Function

SSN

Date

Client


Is

Assigned

toP

P

(0,N) (0,M)




25/33

Query Result Classification Constraints

Association-based Constraints

Let O (A1,An) be a security object with identifying property K

Let X (X {A1,,An} (K X = {}) be a set of attributes of O

AbC (O (K,X)) = C (C SL)

Results in the assignment of security level C to the retrieval result ofeach query that takes X together with identifying property K

Application to ER:- AbC (Employee, {Salary}, Co)- the salary of an individual person is confidential- the value of salaries without the information which employee getswhat salary is unclassified


26/33

SSN

Name

Dep

Salary

Title

Title

Function

SSN

Date

Client


Is

Assigned

to

(0,N) (0,M)

ER Diagram

classifying query results

[Co]


27/33


Aggregation Constraints

Let count(O) be a function that returns the number of instancesreferenced by a particular query and belonging to security object O(A1,,An)

Let X (X {A1,,An}) be sensitive attributes of O

AgC (O, (X, count(O) > n = C (C SL, n N)

Result into the classification C for the retrieval result of a query in the

case count(O) > n, i.e. the number of instances of O referenced by aquery accessing properties X exceeds the value n


28/33


Aggregation Constraints (cont)

Application to ER:- AgC (Is Assigned to, {Title}, 3, S)- the information which employee is assigned to what projects is

regarded as unclassified- aggregating all assignments for a certain project and thereby inferringwhich team is responsible for what project is considered secret


29/33

SSN

Name

Dep

Salary

Title

Title

Function

SSN

Date

Client


Is

Assigned

to

(0,N) (0,M)

ER Diagram


[Co]

3


30/33


Inference Constraints

Let PO be the set of multilevel objects involved in a potential logicalinference

Let O, O

be two particular objects from PO with correspondingmultilevel representation O (A1,C1,,An,Cn,TC) andO (A1,C

1,,A

n,C

n,TC

)

Let X {A1,,An} and Y {A1,,A

n})

IfC (O(X), O

(Y)) = C

Results into the assignment of security level C to the retrieval result ofeach query that takes Y together with the properties in X


31/33


Inference Constraints (cont)

Application to ER:- IfC (Employee, {Dep}, Project, {Subject}, Co)- consider the situation where the information which employee is

assigned to what projects is considered as confidential- from having access to the department an employee works for and tothe subject of a project, users may infer which department may beresponsible for the project and thus may conclude which employee areinvolved


32/33

SSN

Name

Dep

Salary

Title

Title

Function

SSN

Date

Client


Is

Assigned

to

(0,N) (0,M)

ER Diagram


X

[Co]

3


33/33

QUESTION?

215 Security Project Presentation

Documents