215 Security Project Presentation

Database Security and Authorization
By
Yazmin Escoto Rodriguez
Christine Tannuwidjaja
Main Types of Security:
 Enforce security of portions of a database against
unauthorized access
 - Database Security and Authorization Subsystem
 Prevent unauthorized persons from accessing the
system itself
 - Access Control
 Control the access to statistical databases
 - Statistical Database Security
 Protect sensitive data that is being transmitted via
some type of communications
 - Data Encryption
Database Security and
Authorization Subsystem
 Discretionary Security Mechanisms

- concerned with defining, modeling, and
enforcing access to information
 Mandatory Security Mechanisms for
Multilevel Security
- requires that data items and users are
assigned to certain security labels
Mandatory Access Control
Elements:
OBJECTS CLASSIFICATIONS
--class(o)--
SUBJECTS CLEARANCE
--clear(s)--
Levels: Top Secret, Secret, Confidential,

Unclassified
Mandatory Access Control
Rules:
 Simple Property:  Simple Property
subject s is allowed protects information
to read data item d if from unauthorized
clear(s) ≥ class(d) access
 *-property:  *-property protects
subject s is allowed data from
to write data item d if contamination or
clear(s) ≤ class(d) unauthorized
modification
Multilevel Security Databases-
example
Set up:
Project Name Topic Location TC
Black, TS Databases, TS Los Angeles, TS TS
Silver, S Supply Chain, S New York, S S
Gold, U Inventories, S Atlanta, S S

Indigo, U Telecommunication, U Austin, U U
we have: - subject x with clear(x) = TS

- subject y with clear(y) = S
- subject z with clear(z) = U
example

example

Gold, U -, U -, U U
example
 subject z wants to insert the next tuple

< Silver, LP, Omaha>

Silver, U Linear Programming, U Omaha, U U
Polyinstantiation : the existence of multiple data objects with the same key
example
Gold, U -, U -, U U
 subject z wants to replace the null values with certain data items
< Markov Chain, New Jersey>

Gold, U Markov Chain, U New Jersey, U U
Security Relevant Knowledge
Entity Relationship Data Flow Diagram

-- describes the -- represents the
structural part of the functions the
database system should
perform
Classification Constraints
To assign to security classifications concepts of
schemas:
- ones that classify items
- ones that classify query results
System Object
• Entity type In security

• Specialization type it is the
What is it?
• Relationship type target of
protection
O(A1..,An) Has an identity

Notation - Ai (i=1..N) is an property (key
attribute and is attributes)
defined over A ⊆ (A1,..,An)
domain Di
Multilevel Secure Application
MAJOR QUESTION:
Which way should the attributes and occurrences of O
be assigned to proper security classifications?
CLASSIFICATION
RESULT:
Security object O  multilevel security object Om
Performed by means of security constraints

Graphical Extensions to the ER
Secrecy Levels
(U) (Co) (S) (TS)
Ranges of Secrecy
Levels
[U..S] [Co..TS]
Aggregation leading
N
to TS (N..constant)
Inference leading to
X
Co
Evaluation of
P
predicate P
Security dependency
ER Diagram
SSN
Date Function
Title
Name
(0,N) Is (0,M) Subject

Employee Assigned Project
to
Dep
Client
Salary
SSN Title
Object Classification Constraints
– Simple Constraints
• Let X be a set of attributes of security object O (X ⊆ {A1,…,An})
• SiC (O(X))=C, (C ∈ SL)
• Results in a multilevel object Om(A1, C1,…, An, Cn,TC) where Ci=C

∀ Ai ∈ X, Ci left unchanged for Ai ∉ X
• Application to ER:
- SiC(Is Assigned to,{Function},S)
- assigns property Function of relationship “Is Assigned to” to a
classification of secret.
ER Diagram – classifying
properties of security objects
SSN
Date Function
Title
Name

to
Dep
Client
Salary
SSN Title
– Content-based Constraints
• Let Ai be an attribute of security object O with domain D i, let P be a predicate
defined on Ai and let X ⊆ {Ai,…,An}
• CbC (O(X), P: Ai θ a) = C or CbC (O(X), P: Ai θ Aj) = C

(θ ∈ {=,≠,<,>,≤,≥}, a ∈ Di, i ≠ j, C ∈ SL)
• For any instance o of security object O(A1,…,An) for which a predicate

evaluates into true the transformation into o(a 1,c1,…,an,cn,tc) is performed
• Classifications are assigned in a way that ci = C in the case Ai ∈ X, ci left

unchanged otherwise
- CbC (Employee, {SSN, Name}, Salary, ‘≥’, ‘100’, Co))
- represents the semantic that properties SSN and Name of employees with a
salary ≥ 100 are treated as confidential information
SSN
Date Function
Title
Name

P Employee Assigned Project
to
Dep
Client
Salary
SSN Title
– Complex Constraints
• Let O, O’ be two security objects and the existence of an instance o of O is
dependent on the existence of a corresponding occurrence o’ of O’ where the k
values of the identifying property K’ of o’ are identical to k values of attributes
of o (foreign key)
• Let P(O’) be a valid predicate defined on o’ and let X ⊆ {A1,…,An} be an

attribute set of O
• CoC (O(X), P(O’)) = C (C ∈ SL)
• For every instance o of security object O(A1,…,An) for which a predicate

evaluates into true in the related object o’ of O ’ the transformation into o(a1,c1,
…,an,cn,tc) is performed
• Classifications are assigned in a way that c i = C in the case Ai ∈ X, ci left

unchanged otherwise
– Complex Constraints (con’t)
- CoC (Is Assigned to, {SSN}, Project, Subject, ‘=‘, ‘Research’, S)
- individual assignment data (SSN) is regarded as secret information in
the case the assignment refers to a project with Subject = ‘Research’
SSN
Date Function
Title
Name

to
Dep
Client
Salary
SSN Title
P
– Level-based Constraints
• Let level (Ai) be a function that returns the classification ci of the value
of attribute Ai in object o(a1,c1,…,an,cn,tc) of a multilevel security
object Om
• Let X be a set of attributes of Om such that X ⊆ {A1,…,An}
• LbC (O(X)) = level (Ai)
• Result for every object o(a1,c1,…,an,cn,tc) to the assignment cj = ci in

the case Aj ∈ X
- LbC (Project, {Client}, Subject)
- states that property Client of security object Project must always have
the same classification as the property Subject of the Project
SSN
Date Function
Title
Name

to
Dep
Client
Salary
SSN Title
P
Query Result Classification Constraints
– Association-based Constraints
• Let O (A1,…An) be a security object with identifying property K
• Let X (X ⊆ {A1,…,An} (K ⋂ X = {}) be a set of attributes of O
• AbC (O (K,X)) = C (C ∈ SL)
• Results in the assignment of security level C to the retrieval result of

each query that takes X together with identifying property K
- AbC (Employee, {Salary}, Co)
- the salary of an individual person is confidential
- the value of salaries without the information which employee gets
what salary is unclassified
ER Diagram –
classifying query results
SSN
Date Function
Title
Name

to
Dep
Client
[Co]
Salary
SSN Title
– Aggregation Constraints
• Let count(O) be a function that returns the number of instances

referenced by a particular query and belonging to security object O
(A1,…,An)
• Let X (X ⊆ {A1,…,An}) be sensitive attributes of O
• AgC (O, (X, count(O) > n = C (C ∈ SL, n ∈ N)
• Result into the classification C for the retrieval result of a query in the
case count(O) > n, i.e. the number of instances of O referenced by a
query accessing properties X exceeds the value n
– Aggregation Constraints (con’t)
- AgC (Is Assigned to, {Title}, ‘3’, S)
- the information which employee is assigned to what projects is
regarded as unclassified
- aggregating all assignments for a certain project and thereby inferring
which team is responsible for what project is considered secret
ER Diagram –
SSN
Date Function
Title
Name

to
Dep
Client
[Co]
Salary
SSN Title 3
– Inference Constraints
• Let PO be the set of multilevel objects involved in a potential logical

inference
• Let O, O’ be two particular objects from PO with corresponding

multilevel representation O (A1,C1,…,An,Cn,TC) and
O’ (A’1,C’1,…,A’n,C’n,TC’)
• Let X ⊆ {A1,…,An} and Y ⊆ {A’1,…,A’n})
• IfC (O(X), O’(Y)) = C
• Results into the assignment of security level C to the retrieval result of

each query that takes Y together with the properties in X
– Inference Constraints (con’t)
- IfC (Employee, {Dep}, Project, {Subject}, Co)
- consider the situation where the information which employee is
assigned to what projects is considered as confidential
- from having access to the department an employee works for and to
the subject of a project, users may infer which department may be
responsible for the project and thus may conclude which employee are
involved
ER Diagram –
SSN
Date Function
Title
Name

to
Dep
Client
[Co]
Salary
SSN Title 3
X
QUESTION?

215 Security Project Presentation

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

215 Security Project Presentation

Uploaded by

Copyright:

Available Formats

Database Security and Authorization

 Discretionary Security Mechanisms

Levels: Top Secret, Secret, Confidential,

Gold, U Inventories, S Atlanta, S S

we have: - subject x with clear(x) = TS

Project Name Topic Location TC

Project Name Topic Location TC

 subject z wants to insert the next tuple

Project Name Topic Location TC

Project Name Topic Location TC

Entity Relationship Data Flow Diagram

• Entity type In security

O(A1..,An) Has an identity

Performed by means of security constraints

(0,N) Is (0,M) Subject

• SiC (O(X))=C, (C ∈ SL)

• Results in a multilevel object Om(A1, C1,…, An, Cn,TC) where Ci=C

(0,N) Is (0,M) Subject

• CbC (O(X), P: Ai θ a) = C or CbC (O(X), P: Ai θ Aj) = C

• For any instance o of security object O(A1,…,An) for which a predicate

• Classifications are assigned in a way that ci = C in the case Ai ∈ X, ci left

(0,N) Is (0,M) Subject

• Let P(O’) be a valid predicate defined on o’ and let X ⊆ {A1,…,An} be an

• CoC (O(X), P(O’)) = C (C ∈ SL)

• For every instance o of security object O(A1,…,An) for which a predicate

• Classifications are assigned in a way that c i = C in the case Ai ∈ X, ci left

(0,N) Is (0,M) Subject

• Let X be a set of attributes of Om such that X ⊆ {A1,…,An}

• LbC (O(X)) = level (Ai)

• Result for every object o(a1,c1,…,an,cn,tc) to the assignment cj = ci in

(0,N) Is (0,M) Subject

• Let O (A1,…An) be a security object with identifying property K

• Let X (X ⊆ {A1,…,An} (K ⋂ X = {}) be a set of attributes of O

• AbC (O (K,X)) = C (C ∈ SL)

• Results in the assignment of security level C to the retrieval result of

(0,N) Is (0,M) Subject

• Let count(O) be a function that returns the number of instances

• Let X (X ⊆ {A1,…,An}) be sensitive attributes of O

• AgC (O, (X, count(O) > n = C (C ∈ SL, n ∈ N)

(0,N) Is (0,M) Subject

• Let PO be the set of multilevel objects involved in a potential logical

• Let O, O’ be two particular objects from PO with corresponding

• Let X ⊆ {A1,…,An} and Y ⊆ {A’1,…,A’n})

• IfC (O(X), O’(Y)) = C

• Results into the assignment of security level C to the retrieval result of

(0,N) Is (0,M) Subject

You might also like