Date post: | 13-Dec-2015 |
Category: |
Documents |
Upload: | bertina-chambers |
View: | 229 times |
Download: | 2 times |
Computer Science and Engineering
Computer System SecurityComputer System Security
CSE 5339/7339CSE 5339/7339
Session 21Session 21
November 2, 2004November 2, 2004
Computer Science and Engineering
ContentsContents
Introduction to DatabaseIntroduction to Database Database SecurityDatabase Security Group WorkGroup Work Kay’s presentationKay’s presentation
Computer Science and Engineering
Introduction to Database
Consider an enterprise, airline, for example
Large amount of data kept for long period of time
Information about: passengers, flights, aircraft, and personnel
Queries
Operations
Computer Science and Engineering
Four major Components
Data
Hardware
Software
Users – end user + application programmer + administrator
Computer Science and Engineering
Levels of Abstraction in a DBMS
Physical DatabasePhysical Database
View 1View 1 View 2View 2 View nView n
Conceptual DatabaseConceptual Database
Computer Science and Engineering
Important Concepts in Database
Data independence -- storage media; application Schema -- record definition Relation – table Indexing – B trees Entity/ Relationship model – entity, entity set, attributes, key,
relationship Relational Database – information for an enterprise entities
and relationships relational database SQL – Query language, programming language, embedded
vs. interactive
Computer Science and Engineering
Recover and Concurrency
Transaction Transaction – single execution of a program – logical unit of work
Concurrency Problems Lost update problem Uncommitted dependency problem Inconsistent analysis problem
Solving the problem Solving the problem – the use of locks
Computer Science and Engineering
Locks
Problems – live lock, deadlock
Serial schedule , serializable schedule
Transactions must have the ACID properties
Atomicity – all or nothing Consistency – only correct results are committed Isolation – events within a transaction are hidden Durability – committed results must be guaranteed
Computer Science and Engineering
Transaction execution
***Failure***
Begin
Commit
Begin
***Abort***
Begin
** System Abort **
Begin
OkaySystem Crash
By the user
Time out or deadlock
Computer Science and Engineering
Four Recovery Actions
Transaction UNDO
Global UNDO – all incomplete transactions must be rolled back
Partial REDO – results of complete transactions that may
have not been reflected in the DB
Global REDO – Archive recovery – old copy + archive log
Computer Science and Engineering
Group Work
Discuss the two-phase update technique. Why is it needed? Work a simple example with your group.
Computer Science and Engineering
Sensitive Data Data that should not be made public Nothing sensitive and everything sensitive – can be handled by
access control to the database itself Some but not all are sensitive -- not only data elements but context
and meaning Factors that make data sensitive
Inherently sensitive From a sensitive source Declared sensitive Part of a sensitive attribute or a sensitive record Sensitive in relation to previously disclosed information
Computer Science and Engineering
Types of Disclosures
Exact data -- most serious disclosure Bounds – sensitive data is between L and H Negative result -- a value that is not a zero Existence Probable value -- probability that a certain element has a
certain value
A successful security strategy must protect against both direct and indirect disclosures
Computer Science and Engineering
Inference Problem
A way to infer or derive sensitive data from non-sensitive data
Consider the following database:
Name Sex Race Aid Fines Drugs Dorm
Computer Science and Engineering
Direct Attack
Obvious
Select Name where
Sex = M and Drug = 1
Less Obvious
Select Name where
(Sex = M and Drug = 1) or
(Sex M and Sex F) or
(Dorm = Caruth)
Computer Science and Engineering
Indirect AttackTo infer a final result based on one or more intermediate statistical results.
SUMExample: it might seem safe to report student aid total by sex and dorm
Holmes East West Total
M 5000 3000 4000 12000
F 7000 0 4000 11000
Total 12000 3000 8000 23000
We can infer that any female living in East such as Mary is not receiving AID
Computer Science and Engineering
Indirect AttackTo infer a final result based on one or more intermediate statistical results.
CountExample: report the count of records for students by dorm and sex
Holmes East West Total
M 1 3 1 5
F 2 1 3 6
Total 3 4 4 11
Combined with the sum report, one can infer that the two males in Holmes
and West are receiving $5000 and $4000. Names can be found easily.
Computer Science and Engineering
Indirect Attack Tracker attacks
Count (( Sex = F) and (RACE = White) and (DORM = Holmes)) If the result is one, the system may conceal it
count(a and b and c) = count (a) – count(a and not(b and c)
Count ( Sex = F)
Count (( Sex = F) and (RACE White) or (DORM Holmes))
Computer Science and Engineering
Control for Statistical Inference attacks
Suppress obviously sensitive information
Track what the user knows – very costly, how about two people or user with multiple IDS
Disguise the data – statistical results are close but not exact