Professional Documents
Culture Documents
Database Security Design
Database Security Design
and Privacy
Prevent/detect/deter Secrecy
Improper modification
of information
Integrity Availability
Prevent/detect/deter improper
Denial of access to services
Security Controls
Security Policy
Access control models
Integrity protection
Privacy problems
Fault tolerance and recovery
Auditing and intrusion detection
Requires:
- Proper user identification
- Information specifying the access rights is
protected form modification
Database
Relation Advantages vs. disadvantages
of supporting
Record
different granularity levels
Attribute
Element
Confidential relation
Person- Company- Salary
name name
Smith BB&C $43,982
Works
Person-name Company- Salary
name
Smith BB&C $43,982 Public
Works
Person- Company- Salary
name Publ. name Publ. Conf.
Smith BB&C $43,982
Works
Person- Company- Salary
name name
Smith P BB&C P $43,982 C
User based
Grant and Revoke
Problems:
- Propagation of access rights
- Revocation of propagated access rights
White
Database Security - Farkas 19
Implementation
File 1 File 2
Access Control List (column) Joe:Read Joe:Read
(ACL) Joe:Write Sam:Read
Joe:Own Sam:Write
Capability List (row) Sam:Own
Joe: File 1/Read, File 1/Write, File 1/Own, File 2/Read
Sam: File 2/Read, File 2/Write, File 2/Own
Subject Access Object
Access Control Triples Joe Read File 1
Joe Write File 1
Joe Own File 1
Joe Read File 2
Sam Read File 2
Sam Write File 2
Sam Own File 2
Problem:
Difficult to maintain updates.
Problem:
Programs may access resources for which the user
who runs the program does not have permission.
A D
C F
A revokes D’s privileges
E
B
C F
A D
C F
A revokes D’s privileges
B
-
B E
+
+ D
A
- Problem:
Contradictory authorizations
C
• GRANT <privilege> ON X TO <user>
• DENY <privilege> ON X TO <user>
Blue’s query:
SELECT *
FROM Student
Modified query:
SELECT NAME
FROM Student
WHERE COURSE=“CSCE 590”
Disadvantages:
Inherent vulnerability (look TH example)
Maintenance of ACL or Capability lists
Maintenance of Grant/Revoke
Limited power of negative authorization
CSCE
Database Security 790 - Farkas
- Farkas 37
37
Polyinstantiation
Secret user sees Secret-View:
SSN (SSN) Course (Course) Grade (Grade)
111-22-3333 S CSCE 786 S null S
444-55-6666 S CSCE 567 S null S