data and applications security developments and directions
DESCRIPTION
Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Inference Problem - II February 8, 2006. Outline. Security Constraint Processing Use of Conceptual Structures. Security Constraint Processing. - PowerPoint PPT PresentationTRANSCRIPT
Data and Applications Security Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Lecture #8
Inference Problem - II
February 8, 2006
Outline Security Constraint Processing Use of Conceptual Structures
Security Constraint Processing Security Constraints are rules that assign security levels to the data MLS/DBMS is augmented with an Inference Engine Inference Engine is the Inference Controller Integrated Architecture for Security Constraint processing
- Query, Update and Database design operations
Inference Engine Approach
DatabaseMultilevelDatabase
MLS/DBMS
Inference Engine actsas an Inference Controller
Constraint Generation
DatabaseConsistent Constraints
DatabaseApplicationSpecification
DataMiningTool
Constraint
Generator
DatabasePrivacy Constraints
DataMiningTool
Consistency
Checker
DatabaseConsistent Constraints
DatabaseApplicationSpecification
DataMiningTool
Constraint
Generator
DatabaseSecurityConstraints
DataMiningTool
Consistency
Checker
Query Processor
DatabaseRelease
Database
DataMiningTool
User Interface Manager
DataMiningTool
Response
Processor
DataMiningTool
Response
Processor
DataMiningTool
Security Constraint Manager
DatabaseSecurityConstraints
DataMining
MLS/ DBMS
DataMiningTool
DataMiningTool
Release Database Manager
DataMiningTool
Query
Modifier
DataMiningTool
DataMiningTool
Release Database Manager
DataMiningTool
Query
Modifier
Update Processor
DataMiningTool
User Interface Manager
DataMining
MLS/ DBMS
DataMiningTool
SecurityLevelComputer
DataMiningTool
Security Constraint Manager
DatabaseSecurityConstraints
Database Design Tool
DatabaseSecurityConstraints
DatabasePrivacy Levels for Schema
DatabaseSecurityLevels for Schema
Data
MiningTool
Multilevel Database Design Tool
DataMiningTool
Security Constraint Manager
DatabaseDatabaseScheme
Integrated Architecture
User Interface Manager
ConstraintManager
Privacy Constraints Knowledge base
Query Processor:
Constraints during query and release operations
Update Processor:
Constraints during update operation
Database Design Tool
Constraints during database design operation
DatabaseDBMS
User Interface Manager
ConstraintManager
Privacy Constraints Knowledge base
Query Processor:
Constraints during query and release operations
Update Processor:
Constraints during update operation
Database Design Tool
Constraints during database design operation
DatabaseDBMS
User Interface Manager
ConstraintManager
Privacy Constraints Knowledge base
Query Processor:
Constraints during query and release operations
Update Processor:
Constraints during update operation
Database Design Tool
Constraints during database design operation
DatabaseDBMS
User Interface Manager
ConstraintManager
SecurityConstraints Knowledge base
Query Processor:
Constraints during query and release operations
Update Processor:
Constraints during update operation
Database Design Tool
Constraints during database design operation
MultilevelDatabase
MLS/DBMS
Release Control Management
DataMiningTool
User Interface Manager
DataMiningTool
Response
Processor
DataMiningTool
Response
Processor
DataMiningTool
Privacy Constraint Manager
DatabasePrivacy Constraints
DataMiningTool
DataMiningTool
Release ControlManager
Response
DatabaseRelease
Database
DataMiningTool
DBMS
DatabaseDatabase
DataMiningTool
User Interface Manager
DataMiningTool
Response
Processor
DataMiningTool
Response
Processor
DataMiningTool
Security Constraint Manager
DatabaseSecurityConstraints
DataMiningTool
DataMiningTool
Release ControlManager
Response
DatabaseRelease
Database
DataMiningTool
DBMS
DatabaseDatabase
DataMiningTool
User Interface Manager
DataMiningTool
Response
Processor
DataMiningTool
Response
Processor
DataMiningTool
Security Constraint Manager
DatabaseSecurityConstraints
DataMiningTool
DataMiningTool
Release ControlManager
Response
DatabaseRelease
Database
DataMiningTool
DBMS
DatabaseDatabase
DataMiningTool
DataMiningTool
Release ControlManager
Response
DatabaseRelease
Database
DataMiningTool
DBMS
DatabaseDatabase
Use of Conceptual Structures Use conceptual structures to model the application
- E.g., semantic data models, semantic nets, conceptual graphs, etc.
Use the reasoning strategy of the conceptual structure and determine if security violation via inference can occur
Multilevel Semantic Nets
SHIPSWEAPONS
CARRY
(a)
SHIPSWEAPONS
CARRY
(b)
SHIPSWEAPONS
CARRY
(c)
SHIPSWEAPONS
CARRY
(d)
SHIPSWEAPONS
CARRY
(e)
SHIPSWEAPONS
CARRY
(f)
SHIPSWEAPONS
CARRY
(g)
SHIPSWEAPONS
CARRY
(h)
SHIPSWEAPONS
CARRY
(a)
SHIPSWEAPONS
CARRY
(b)
SHIPSWEAPONS
CARRY
(c)
SHIPSWEAPONS
CARRY
(d)
SHIPSWEAPONS
CARRY
(e)
SHIPSWEAPONS
CARRY
(f)
SHIPSWEAPONS
CARRY
(g)
SHIPSWEAPONS
CARRY
(h)
Complex Multilevel Semantic Net
REAGAN
PassengersCarries
SUN Explosive
Mediterranean Sea
16 June 2000
India
ItalyDestination
Location
DateSmith
Captain
Battle Management
20 years
Skills
Skills
Type
ISA/AKO Links
SHIPSWEAPONS
ISA
(a)
SHIPSWEAPONS
(b)
REAGAN SHIP
(a)
SHIPWATER VEHICLE
AKO
(b)
Example Rules - II
SHIPSWEAPONS
(a)
SHIPWATER VEHICLE
AKO
VEHICLEAKO
AKO
SHIPSWEAPONS
(a)
SHIPWATER VEHICLE
AKO
VEHICLEAKO
AKO
SHIPSWEAPONS
(c)
REAGAN SHIPISA
WATER VEHICLE
AKO
ISA
SHIPSWEAPONS
(b)
SHIPWATER VEHICLE
AKO
PERSONHas Captain
Has Captain
SHIPSWEAPONS
(b)
SHIPWATER VEHICLE
AKO
PERSONHas Captain
Has Captain
Example Rules - II
SHIPSWEAPONS
(d)
REAGANSHIP
ISA
PERSONHas Captain
Has Captain
SHIPSWEAPONS
(d)
REAGANSHIP
ISA
PERSONHas Captain
Has Captain
SHIPSWEAPONS
(e)
REAGANIndia
Destination
COUNTRYISA
Destination
Applying Transfer Rules
REAGAN
SUN Explosive
Mediterranean Sea
IndiaDestination
Location
Carries
Type
(a)
REAGAN
SUN Explosive
Mediterranean Sea
India
Location
Carries
Type
(b)
Smith
Battle Management
Skills
REAGAN
SUN Explosive
Mediterranean Sea
IndiaDestination
Location
Carries
Type
(c) Combines (a) and (b)
Smith
Battle Management
Skills
Security Constraints
SHIPSWEAPONS
Carries
(a)
REAGAN SUN
SHIPS
Destination
Carries
(b)
REAGAN SUN
COUNTRY
Mediterranean
SHIPSWEAPONS
Carries
(a)
REAGAN SUN
SHIPS
Destination
Carries
(b)
REAGAN SUN
COUNTRY
Mediterranean
Location
Security Constraint Violation - I
REAGAN
Carries
SUN Explosive
Mediterranean Sea
COUNTRYDestination
Location
SmithCaptain
Battle Management
Skills
Type
REAGAN
Carries
SUN Explosive
Mediterranean Sea
India
Destination
Location
SmithCaptain
Battle Management
Skills
Type
(a)
COUNTRY
(b)
ISA
Security Constraint Violation - II
SHIPSWEAPONS
Carries
(a)
REAGAN EXPLOSIVEWEAPONS
SHIPS
ISA
Carries
(b)
SHIPEXPLOSIVEWEAPONS
REAGAN
CAPTAIN
Has
Universal and Existential Conditionals
SHIPS
Carries
Location
(a)
SHIP: ALL XMediterranean
SUN
COUNTRY:SOME Y
Destination
SHIPS
Carries
Location
(b)
SHIP: ALL XMediterranean
WEAPONS: SOME Y
India
Destination
Explosive
Matching Vectors
SHIPSWEAPONS
SHIPWATER VEHICLE
CARRIES
VEHICLETYPESHIPS: ALL X
WEAPONS
Net A
WEAPONSEXPLOSIVES
SHIPSWEAPONS
SHIPWATER VEHICLE
CARRIES
VEHICLETYPEREAGAN
WEAPONSWEAPONS
EXPLOSIVES
Net B
Matching and Binding
Carries
Location
(a)
SHIP: ALL XMediterranean
WEAPONS: SOME Y
India
Destination
Explosive
REAGAN
SUN Explosive
Mediterranean Sea
India
Smith Captain
Battle Management
New Delhi
Skills
Type
Carries
FLORIDA
MOONType
Capital
(b)
REAGAN
SUN Explosive
Mediterranean Sea
India
Location
Smith Captain
Battle Management
New Delhi
Skills
Type
Carries
FLORIDA
MOONType
Capital
(c ) Results from (a) and (b)
Carries
Location
(a)
SHIP: ALL XMediterranean
WEAPONS: SOME Y
India
Destination
Carries
Location
(a)
SHIP: ALL XMediterranean
WEAPONS: SOME Y
India
Destination
Explosive
REAGAN
SUN Explosive
Mediterranean Sea
India
Smith Captain
Battle Management
New Delhi
Skills
Type
Carries
FLORIDA
MOONType
Capital
(b)
REAGAN
SUN Explosive
Mediterranean Sea
India
Location
Smith Captain
Battle Management
New Delhi
Skills
Type
Carries
FLORIDA
MOONType
Capital
(c ) Results from (a) and (b)
Carries
Location
(a)
SHIP: ALL XMediterranean
WEAPONS: SOME Y
India
Destination
Explosive
REAGAN
SUN Explosive
Mediterranean Sea
India
Location
Smith Captain
Battle Management
New Delhi
Skills
Type
Carries
FLORIDA
MOONType
Capital
(b)
REAGAN
SUN Explosive
Mediterranean Sea
India
Location
Smith Captain
Battle Management
New Delhi
Skills
Type
Carries
FLORIDA
MOONType
Capital
(c ) Results from (a) and (b)
Destination
Destination
Destination
Carries
Type
Carries
Negative Statements
SHIPSWEAPONS
DESTINATIONREAGAN
Italy
X
Refutation
SHIPSWEAPONS
DESTINATION
REAGANPacific Ocean
WEAPONSAustralia
(a)
SHIPSWEAPONS
DESTINATIONREAGAN
Australia
XX
SHIPSWEAPONS
FLORIDAREAGAN
WEAPONSAustralia
(c )
DESTINATION(b)
SHIPSFLORIDA
WEAPONSAustralia
DESTINATION
SHIPSFLORIDA
WEAPONSAustralia
LOCATION
WEAPONSREAGAN
Pacific Ocean
WEAPONSREAGAN
Pacific Ocean
(d)
SHIPSWEAPONS
FLORIDAREAGAN
WEAPONSAustralia
DESTINATION LOCATION
WEAPONSPacific Ocean
(e)
LOCATION
Directions
Inference problem is still being investigated Census bureau still working on statistical databases Need to find real world examples in the Military world Inference problem with respect to medial records Much of the focus is now on the Privacy problem Privacy problem can be regarded to be a special case of the
inference problem