Professional Documents
Culture Documents
Current Trends in Data Security: Dan Suciu Joint Work With Gerome Miklau
Current Trends in Data Security: Dan Suciu Joint Work With Gerome Miklau
Dan Suciu
Data Security
Dorothy Denning, 1982:
Data Security is the science and study of methods of protecting data (...) from unauthorized disclosure and modification Data Security = Confidentiality + Integrity
2
Data Security
Distinct from systems and network security
Assumes these are already secure
Tools:
Cryptography, information theory, statistics,
Applications:
An enabling technology
Outline
Traditional data security
Two attacks Data security research today Conclusions
4
[Griffith&Wade'76, Fagin'78]
Views in SQL
A SQL View = (almost) any SQL query
Typically used as:
CREATE VIEW pmpStudents AS SELECT * FROM Students WHERE
Summary (cont)
Most policies in middleware: slow, error prone:
SAP has 10**4 tables GTE over 10**5 attributes A brokerage house has 80,000 applications A US government entity thinks that it has 350K
Today the database is not at the center of the policy administration universe
[Rosenthal&Winslett2004]
9
[Adam&Wortmann89]
[Adam&Wortmann89]
Data perturbation
Most popular: cell combination, cell suppression Other methods, for continuous attributes: may introduce bias
Output perturbation
For continuous attributes only
11
12
Outline
Traditional data security
Two attacks Data security research today Conclusions
13
SQL Injection
Your health insurance company lets you see the claims online: First login: User: Password: Now search through the claims : Search claims by: Dr. Lee fred
********
SQL Injection
Now try this:
Dr. Lee
OR 1 = 1; -15
SQL Injection
When youre done, do this:
16
SQL Injection
The DBMS works perfectly. So why is SQL injection possible so often ?
Quick answer:
Poor programming: use stored procedures !
Deeper answer:
Move policy implementation from apps to DB
17
GIC(zip, dob, sex, diagnosis, procedure, ...) VOTER(name, party, ..., zip, dob, sex)
19
Summary on Attacks
SQL injection: A correctness problem:
Security policy implemented poorly in the application
22
Outline
Traditional data security
Two attacks Data security research today Conclusions
23
[Samarati&Sweeney98, Meyerson&Williams04]
[Miklau&S04, Miklau&Dalvi&S05,Yang&Li04]
View(s) Disclosure ? V(name,phone) total V1(name,dept) big S(name,phone) V2(dept,phone) S(name) V(dept) tiny S(name) V(name) none where dept=HR where dept=RD
26
The applications:
many years away
27
Privacy
Is the right of individuals to determine for themselves when, how and to what extent information about them is communicated to [Agrawal03] others
More complex than confidentiality
28
Privacy
Involves: Data Owner Requester Purpose Consent
Example: Alice gives her email to a web service
alice@a.b.com
Hippocratic Databases
DB support for implementing privacy policies. Purpose specification Hippocratic DB Consent Limited use alice@a.b.com Limited retention
Protection against: Sloppy organizations Malicious organizations Privacy policy: P3P
[Agrawal03, LeFevrey04]
30
foreign keys ?
[Aggarwal04]
31
Summary on Privacy
Major concern in industry
Legislation Consumer demand
Challenge:
How to enforce an organizations stated policies
32
33
Context parameters
34
Implementation
SELECT Patient.name, Patient.age FROM Patient WHERE Patient.disease = flu
SELECT Patient.name, Patient.age FROM Patient, Doctor WHERE Patient.disease = flu and Patient.doctorID = Doctor.ID and Patient.login = %currentUser
e.g. Oracle
35
Two Semantics
The Truman Model = filter semantics
transform reality ACCEPT all queries REWRITE queries Sometimes misleading results
[Rizvi04]
36
[Rosenthal&Winslett2004]
Complex Policies:
Doctor researchers may access trials Nurses may access diagnostic Etc
38
[Miklau&S.03]
<patient>
Kuser Kdr
<trial> flu
Kpat (KnuKadm)
<privateData>
Knu Kdr
<diagnostic>
Kpat
<name> <age> 28 <address> Seattle
Kmaster
<drug> Tylenol
Kmaster
<placebo>
39 Candy
JoeDoe
Research:
Hard theoretical security analysis
[Abadi&Warinschi05]
40
[Agrawal03]
Compute one-way hash h(a) h(b) h(c) h(d) h(c) h(d) h(e) Exchange h(c) h(d) h(e)
42
[Agrawal03]
44
Outline
Traditional data security
Two attacks Data security research today Conclusions
45
Conclusions
Traditional data security confined to one server
Security in SQL Security in statistical databases
46
Conclusions
State of the industry:
Data security policies: scattered throughout applications Database no longer center of the security universe Needed: automatic means to translate complex policies into physical implementations
47
Questions ?
48