databases collections of data. set of rules to organize data. types ◦ relational: use (rows) &...
TRANSCRIPT
DatabasesDatabasesCollections of data.Set of rules to organize data.Types
◦Relational: use (rows) & columns to organize.
◦Object oriented: complex data (audio, video)
◦Hierarchical Model Tree structure.
◦Network Hierarchical but elements have multiple
parent and child records.
Database CharacteristicsDatabase CharacteristicsCentralizes data.Allows for easier backups.Provides transaction persistence.Allows for more consistency
◦ All data at one locationProvides recovery and fault tolerance.Allows sharing of data with many users.Provides security controls.
◦ Integrity checking.◦ Access control◦ Confidentiality
Database JargonDatabase Jargon
Record: collection of related data items.File: collection of records of the same type.Database: cross-referenced collection of data.DBMS: Manages and controls the database.Tuple: a row in a 2 dimensional database.Attribute: a column in a 2 dimensional
database.View: virtual relation defined by DBA in order
to keep subjects from viewing certain data.
Database Jargon Database Jargon continuedcontinued
Primary Key: Columns that make each row unique
Foreign key: attribute of one table that is related to the primary key of another table.
Cell: an intersection of a row and column.Schema: defines the structure of the
database.Data Dictionary: central repository of data
elements and their relationships.Normalization: minimize redundancy.
Database TableDatabase Table
ACID RulesACID RulesAtomicity: all modification take effect
or none take effect.Consistency: follow integrity policy
for a databaseIsolation: transactions complete in
isolation until completed without interacting with other transactions.
Durability: once a transaction is verified it is committed and cannot be rolled back.
SchemaSchema
Database ReplicationDatabase Replication Integrity is primary concern.
◦ Update one table, update them allLocking
◦ Prevent 2 processes from updating a record.Replication
◦ Mirror a live database allowing simultaneous reads and writes.
Shadowing◦ Mirrors all changes made to the primary
database but no one accesses it.
Sample NetworkSample Network
Database APIsDatabase APIsOpen Database Connectivity (ODBC)
◦API to connect to databases.Object Linking and Embedding
Database (OLE DB)◦Replacement for ODBC, extending it.
ActiveX Data Objects (ADO).◦Set of COM objects for accessing data
sources.Java Database Connectivity (JDBC)
◦Functionality like ODBC for Java.
Figure 6-2 Results of Select-Project-Join Query.
Select NAME, AIRPORT from Project:NAME-ZIP, Project:ZIP-AIRPORT where NAME-ZIP:ZIP == ZIP-AIRPORT:ZIP
Database IntegrityDatabase IntegrityConcurrency: two people drop
same file on a data server with different information.◦Databases lock tables to prevent this.
Semantic Integrity: ensure structural and semantic rules are enforced.
Referential Integrity: all foreign keys reference a primary key.
Advantages of DatabasesAdvantages of DatabasesShared Access to data
centralized.Minimal redundancy:
normalization.Data consistency: change of data
affects all users.Data integrity: protect data.Controlled Access: authorized
users only.
Database IntegrityDatabase IntegrityEntity Integrity: tuples are
uniquely identified by primary key values.
Rollback: ends a current transaction and cancels the changes to the database.
Commit: complete a transaction and executes all changes made by a user.
Database Security IssuesDatabase Security IssuesAggregation: act of combining
information from separate less sensitive sources, forming new information.
Inference: a subject deduces the full story from pieces learned from aggregation.
Figure 6-3 Security versus Precision.Security (confidentiality): reject any query requesting a sensitive field.Precision: protect all sensitive data but reveal as much non-sensitive data as possible.Want perfect confidentiality with maximum precision.
Database DefenseDatabase DefenseContent-dependent access control
◦ Based on sensitivity of data.Context-dependent access control
◦ Software knows what to do based upon what should be allowed based upon state and sequence of request.
Cell Suppression: hide specific cells to prevent inference attacks.
Partitioning: divide database into parts.Noise and perturbation: insert bogus information
to misdirect and confuse.Database View: limit what each user can see.
Inference AttacksInference AttacksDirect Attack
◦Attempt to find values by making a query that will return very few results.
◦List Name where SEX=M and DRUGS=1
Indirect Attack◦Infer a final result based upon
statistical results.◦Sum, Count, Mean, Median, Min, Max.
Inference (if allowed)Inference (if allowed)
Inference AttacksInference AttacksTracker Attack
◦Fool database manager into locating the desired data by using additional queries that produce small results. Uses logic & algebra to learn information. Count (sex=F) – ((sex=F)&(race!
=Caucasian) or (dorm!=holmes)) = 1
Inference DefenseInference DefenseApply controls to queries orApply controls to individual
items.Suppression: sensitive values not
provided.◦Query is rejected without a response.
Concealing◦provide an answer close to the value
but not the actual value.
Inference RulesInference Rules1. Suppress obviously sensitive
information.◦Error on the side of suppression.
2. Track what the user knows.◦Expensive◦Must maintain information on all user
queries.◦What if two people working together?
3. Disguise the data.◦Random perturbation and rounding of data.
AggregationAggregationRelated to inference.
◦Build sensitive results from less sensitive information.
Must track results which user has seen.◦Conceal anything that might lead a
user to derive a more sensitive result.Difficult to counter.
◦Collusion: 2 people could work together.
Multilevel DatabasesMultilevel DatabasesHuman Resource Databases contain sensitive
information◦ Salary.◦ Last performance review.
Security of a single element is different from other elements.
Two levels, sensitive & non-sensitive may not be enough◦ There are ranges of allowable knowledge.
Security of combining elements may differ than that of an individual element.
These 3 issues similar to military sensitivity levels.
Differentiated SecurityDifferentiated Security
limit who can see what
Partition DatabasePartition Database
separate sensitive information
Database EncryptionDatabase EncryptionNeed to know key to decipher
information.Each sensitivity level has an
appropriate key strength.Users with access might be able
to decipher key and control database if single key used.
Defense: encrypt each record with a different key.
Figure 6-5 Cryptographic Separation: Different Encryption Keys.Use different keys for each record to prevent leaking information.
Figure 6-6 Cryptographic Separation: Block Chaining.Encryption dependant upon previous blocks.
Figure 6-7 Integrity Lock.U.S.A.F. stored in plaintext
Figure 6-8 Cryptographic Checksum.Used for error detection.
Figure 6-9 Sensitivity Lock.Unique identifier and the sensitivity level.Each lock belongs to one record.
Figure 6-10 Trusted Database Manager.Integrity lock database. Only the access procedure needs to be trusted and would grant access to sensitive data.Inefficient.
Figure 6-11 Trusted Front End.Front end authenticates and authorizes access to dataIssues Queries to DBMS.Verifies sensitivity levels and who wants access.
Figure 6-12 Commutative Filters.Screens and reformats user input andverifies user has permissions to access information.
Database SecurityDatabase SecurityViews: create different views for
different users to limit access to part of the DB.
Windows: a subset of a database.◦Contains information user is allowed
to see.Polyinstantiation
◦Create custom records made from full records which depend upon a user’s access level.
Figure 6-13 Secure Database Decomposition.Reference monitor employs Bell-LaPuda access controls.Second level provides indexing.Third layer translates views into the base relations.These 3 layers make up the TCB Perimeter.Remaining layers typical DBMS functions and user interface.
Data WarehousingData Warehousing
Combine data from multiple databases.
Can be petabytes of data.Used for data analysis and inference.Data Mining
◦Process of analyzing data in search of common patterns.
◦Search for signs of fraud credit card companies