SlideShare a Scribd company logo

Iss lecture 6

Download as PPT, PDF
Ali Habeeb, profile picture
Ali Habeeb

The document discusses database security and access control policies. It describes different access control policies including discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC), and content-based access control. DAC allows subjects to grant access to objects at their discretion. MAC specifies access based on subject and object classifications. RBAC assigns authorizations to roles rather than individual users. Content-based access control conditions access on an object's content. The document provides examples of implementing these policies using SQL commands.

TechnologyBusiness
1 of 25
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Information System SecurityInformation System Security Lecture 6Lecture 6 Database SecurityDatabase Security
22 OutlineOutline  Data SecurityData Security  Access controlAccess control  Security policySecurity policy  Access control policyAccess control policy 1.1. Discretionary access controlDiscretionary access control 2.2. Content-based access controlContent-based access control 3.3. Mandatory access controlMandatory access control 4.4. Role-based access controlRole-based access control
33 Data security: ExamplesData security: Examples 1.1. Consider a payroll database in a corporation, it must be ensuredConsider a payroll database in a corporation, it must be ensured that:that: – Salaries of individual employeesSalaries of individual employees are not disclosedare not disclosed to arbitrary users ofto arbitrary users of the database,the database, – SalariesSalaries are modifiedare modified by only those individuals that are properlyby only those individuals that are properly authorized,authorized, – PaychecksPaychecks are printed on timeare printed on time at the end of each pay period.at the end of each pay period. 1.1. In a military environment, it is important that:In a military environment, it is important that: – The target of a missileThe target of a missile is not givenis not given to an unauthorized user,to an unauthorized user, – The targetThe target is not arbitrarily modified,is not arbitrarily modified, – The missileThe missile is launched when it is fired.is launched when it is fired.
44 Data Security: main goalsData Security: main goals  Confidentiality: it refers to data protection from unauthorized read operations.  Integrity: it refers to data protection from unauthorized modification operations.  Availability: it ensures that data access is not denied to authorized subjects.  Others: Authentication, etc. Confidentiality Integrity Data security availability
55 Data Security: main goalsData Security: main goals  Confidentiality is enforced by theConfidentiality is enforced by the access control mechanism.access control mechanism.  Integrity is enforced by theIntegrity is enforced by the access control mechanismaccess control mechanism and by theand by the semantic integrity constraintssemantic integrity constraints specified during schemaspecified during schema definition.definition.  Availability is enforced by theAvailability is enforced by the recoveryrecovery andand concurrency controlconcurrency control mechanisms.mechanisms.
66 Access control: BasicAccess control: Basic conceptsconcepts  An access control system regulates the operations that can beAn access control system regulates the operations that can be executed on data and resources to be protected.executed on data and resources to be protected.  Its goal is to control operations executed by subjects in order toIts goal is to control operations executed by subjects in order to prevent actions that could damage data and resources.prevent actions that could damage data and resources. Authorization rules Reference Monitor Security Policy Access request Access denied Access Permitted Access partially permitted
77 Security PolicySecurity Policy  Policies deal with defining what is authorized and who can grantPolicies deal with defining what is authorized and who can grant authorizations.authorizations.  Existing security policies tend to focus mainly on theExisting security policies tend to focus mainly on the confidentiality (Privacy) requirements of securityconfidentiality (Privacy) requirements of security ..  Policies are used like requirements; they are the starting point inPolicies are used like requirements; they are the starting point in the development of any system that has security features .the development of any system that has security features .  Adopted security policies mainly depend on organizationalAdopted security policies mainly depend on organizational requirements, such as legal requirements, regulatoryrequirements, such as legal requirements, regulatory requirements, user requirements.requirements, user requirements.
88 Security Policies andSecurity Policies and AuthorizationsAuthorizations  The security policies are implemented by mapping them into aThe security policies are implemented by mapping them into a set ofset of authorizationsauthorizations  Authorizations thus establish the operations and rights thatAuthorizations thus establish the operations and rights that subjects can exercise on the protected objectssubjects can exercise on the protected objects  TheThe reference monitorreference monitor is a control mechanismis a control mechanism – It has the task of determining whether a given subject is authorized toIt has the task of determining whether a given subject is authorized to access the dataaccess the data
99 Access control policyAccess control policy  Discretionary access controlDiscretionary access control  Mandatory access controlMandatory access control  Role-based access controlRole-based access control  Context-based access controlContext-based access control
1010 Access control PolicyAccess control Policy  Most access control policies are formulated in terms of subjects,Most access control policies are formulated in terms of subjects, objects, and privilegesobjects, and privileges  Authorization Objects: Anything that holds data, such asAuthorization Objects: Anything that holds data, such as relations, directories, interprocess messages, network packets,relations, directories, interprocess messages, network packets, I/O devices, or physical mediaI/O devices, or physical media  Authorization Subjects: An abstraction of any active entity thatAuthorization Subjects: An abstraction of any active entity that performs computation in the systemperforms computation in the system – Examples: users, processes, roles, etc.Examples: users, processes, roles, etc.  Authorization Privileges: Operations that a subject can exerciseAuthorization Privileges: Operations that a subject can exercise on the objects in the systemon the objects in the system – Examples: read, write, execute, select, insert, update, delete, etc.Examples: read, write, execute, select, insert, update, delete, etc.
1111 Discretionary ACPsDiscretionary ACPs  DAC policies govern the access of subjects to objects on theDAC policies govern the access of subjects to objects on the basis of subjects' identity and authorization rulesbasis of subjects' identity and authorization rules  When an access request is submitted to the system, the accessWhen an access request is submitted to the system, the access control mechanism verifies whether there is an authorization rulecontrol mechanism verifies whether there is an authorization rule authorizing the accessauthorizing the access  Such mechanisms are discretionary in that they allow subjects toSuch mechanisms are discretionary in that they allow subjects to grant other subjects authorization to access their objects at theirgrant other subjects authorization to access their objects at their discretiondiscretion  Most of the common commercial DBMSs support itMost of the common commercial DBMSs support it
1212 DAC: SQL commandsDAC: SQL commands  Privilege delegation is supported through thePrivilege delegation is supported through the grant optiongrant option: if a: if a privilege is granted with the grant option, the user receiving itprivilege is granted with the grant option, the user receiving it can not only exercise the privilege, but can also grant it to othercan not only exercise the privilege, but can also grant it to other usersusers  A user can only grant a privilege on a given table if he/she is theA user can only grant a privilege on a given table if he/she is the table owner or if he/she has received the privilege with granttable owner or if he/she has received the privilege with grant optionoption  GRANTGRANT PrivilegeListPrivilegeList| ALL[PRIVILEGES] ON| ALL[PRIVILEGES] ON tabletable||ViewView TOTO UserListUserList | PUBLIC [WITH GRANT OPTION]| PUBLIC [WITH GRANT OPTION]
1313 DAC: SQL commandsDAC: SQL commands  Example:Example: – Bob: GRANT select, insert ON Employee TO Ann WITH GRANTBob: GRANT select, insert ON Employee TO Ann WITH GRANT OPTION;OPTION; Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION;Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION; Ann: GRANT select, insert ON Employee TO Jim;Ann: GRANT select, insert ON Employee TO Jim; – Jim has theJim has the selectselect privilege (received from both Bob and Ann) and theprivilege (received from both Bob and Ann) and the insert privilege (received from Ann).insert privilege (received from Ann). – Jim canJim can grantgrant to other users the select privilege (because it has receivedto other users the select privilege (because it has received itit with grant optionwith grant option); however, he cannot grant the insert privilege.); however, he cannot grant the insert privilege.
1414 DAC in SQL - GrantDAC in SQL - Grant  Grant Command:Grant Command: 1.1. Bob: GRANT select, insert ON Employee TO Jim WITH GRANTBob: GRANT select, insert ON Employee TO Jim WITH GRANT OPTION;OPTION; 2.2. Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION;Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION; 3.3. Bob: GRANT insert ON Employee TO Ann;Bob: GRANT insert ON Employee TO Ann; 4.4. Jim: GRANT update ON Employee TO Tim WITH GRANT OPTION;Jim: GRANT update ON Employee TO Tim WITH GRANT OPTION; 5.5. Ann: GRANT select, insert ON Employee TO Tim;Ann: GRANT select, insert ON Employee TO Tim;  The first three GRANT commands are fully executed (Bob is the owner of theThe first three GRANT commands are fully executed (Bob is the owner of the table)table)  The fourth command is not executed, because Jim does not have theThe fourth command is not executed, because Jim does not have the updateupdate privilege on the tableprivilege on the table  The fifth command is partially executed; Ann has theThe fifth command is partially executed; Ann has the selectselect andand insertinsert but shebut she does not have the grant option for the insertdoes not have the grant option for the insert – Tim only receives theTim only receives the selectselect privilegeprivilege
1515 DAC in SQL - RevokeDAC in SQL - Revoke  REVOKEREVOKE PrivilegeListPrivilegeList| ALL[PRIVILEGES] ON| ALL[PRIVILEGES] ON table | Viewtable | View FROMFROM UserListUserList | PUBLIC| PUBLIC  A user can only revoke the privileges he/she has granted;A user can only revoke the privileges he/she has granted;  Upon execution of a revoke operation, the user from whom theUpon execution of a revoke operation, the user from whom the privileges have been revoked looses these privileges, unless hasprivileges have been revoked looses these privileges, unless has them from some sourcethem from some source independentindependent from that has executed thefrom that has executed the revoke.revoke.  Recursive revocation: whenever a user revokes an authorizationRecursive revocation: whenever a user revokes an authorization on a table from another user, all the authorizations that theon a table from another user, all the authorizations that the revokee had granted because of the revoked authorization arerevokee had granted because of the revoked authorization are removed.removed.
1616 DAC in SQL - RevokeDAC in SQL - Revoke  Example:Example: – Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION;Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION; – Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION;Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION; – Jim: GRANT select ON Employee TO Tim;Jim: GRANT select ON Employee TO Tim; – Ann: GRANT select ON Employee TO Tim;Ann: GRANT select ON Employee TO Tim; – Jim: REVOKE select ON Employee FROM Tim;Jim: REVOKE select ON Employee FROM Tim; – Tim continues to hold theTim continues to hold the selectselect privilege on table Employee after theprivilege on table Employee after the revokerevoke operation, since he has independently obtained such privilege fromoperation, since he has independently obtained such privilege from Ann.Ann.
1717 Content-Based AC (CBAC)Content-Based AC (CBAC)  Content-based access control conditions the access to a givenContent-based access control conditions the access to a given object to its content.object to its content.  As an example, in a RDBMS supporting content-based accessAs an example, in a RDBMS supporting content-based access control it is possible to authorize a subject to access informationcontrol it is possible to authorize a subject to access information only of those employees whose salary is not greater than 30K.only of those employees whose salary is not greater than 30K.  Two are the most common approaches to enforce content-basedTwo are the most common approaches to enforce content-based access control in a DBMS:access control in a DBMS: – by associating a predicate (or a Boolean combination of predicates) withby associating a predicate (or a Boolean combination of predicates) with the authorizationthe authorization – by defining aby defining a viewview which selects the objects whose content satisfies awhich selects the objects whose content satisfies a given condition, and then granting the authorization on the view insteadgiven condition, and then granting the authorization on the view instead of on the basic objectsof on the basic objects
1818 CBAC: SQL CommandsCBAC: SQL Commands  Example: suppose we want to authorize user Ann to access onlyExample: suppose we want to authorize user Ann to access only the employees whose salary is lower than 20000 – steps:the employees whose salary is lower than 20000 – steps: – CREATE VIEW Vemp ASCREATE VIEW Vemp AS SELECT * FROM Employee WHERE Salary < 20000;SELECT * FROM Employee WHERE Salary < 20000; GRANT Select ON Vemp TO Ann;GRANT Select ON Vemp TO Ann;  Ann:Ann: – SELECT * FROM Vemp WHERE Job = ‘Programmer’;SELECT * FROM Vemp WHERE Job = ‘Programmer’; – This is equivalent to:This is equivalent to: – SELECT * FROM Employee WHERE Salary < 20000 AND Job =SELECT * FROM Employee WHERE Salary < 20000 AND Job = ‘Programmer’;‘Programmer’;
1919 Mandatory Access controlMandatory Access control  MAC specifies the access that subjects have to access objectsMAC specifies the access that subjects have to access objects based on subjects and objects classification.based on subjects and objects classification.  This type of security has also been referred to asThis type of security has also been referred to as multilevelmultilevel securitysecurity  Database systems that satisfy multilevel security properties areDatabase systems that satisfy multilevel security properties are called multilevel secure database management systemscalled multilevel secure database management systems (MLS/DBMSs)(MLS/DBMSs)  Many of the MLS/DBMSs have been designed based on the BellMany of the MLS/DBMSs have been designed based on the Bell and LaPadula (BLP) model.and LaPadula (BLP) model.
2020 Role-based AC (RBAC):Role-based AC (RBAC): MotivationMotivation  One challenging problem in managing large systems is the complexity ofOne challenging problem in managing large systems is the complexity of security administration.security administration.  Whenever the number of subjects and objects is high, the number ofWhenever the number of subjects and objects is high, the number of authorizations can become extremely large.authorizations can become extremely large.  Moreover, if the user population is highly dynamic, the number of grant andMoreover, if the user population is highly dynamic, the number of grant and revoke operations to be performed can become very difficult to manage.revoke operations to be performed can become very difficult to manage.  End users often do not own the information for which they are allowedEnd users often do not own the information for which they are allowed access. The corporation or agency is the actual owner of data objects.access. The corporation or agency is the actual owner of data objects.  Control is often based on employee functions rather than data ownership.Control is often based on employee functions rather than data ownership.  RBAC has been proposed as anRBAC has been proposed as an alternativealternative approach to DAC and MAC bothapproach to DAC and MAC both to simplify the task of access control management and to directly supportto simplify the task of access control management and to directly support function-based access control.function-based access control.
2121 RBAC: Basic ConceptsRBAC: Basic Concepts  Roles represent functions within a given organization andRoles represent functions within a given organization and authorizations are granted to roles instead of to single usersauthorizations are granted to roles instead of to single users  Users are thus simply authorized to "play“ the appropriate roles,Users are thus simply authorized to "play“ the appropriate roles, thereby acquiring the roles’ authorizationsthereby acquiring the roles’ authorizations  RBAC: BenefitsRBAC: Benefits – Because roles represent organizational functions, an RBAC model canBecause roles represent organizational functions, an RBAC model can directly support security policies of the organizationdirectly support security policies of the organization – Granting and revoking of user authorizations is greatly simplifiedGranting and revoking of user authorizations is greatly simplified  Most commercial DBMSs support RBAC features at some extentsMost commercial DBMSs support RBAC features at some extents
2222 RBAC: NIST ModelRBAC: NIST Model  UserUser:: is defined as a human being, a machine, a process, etc.is defined as a human being, a machine, a process, etc.  RoleRole: is a function within the context of an organization with an associated: is a function within the context of an organization with an associated semantic regarding its authority and responsibilitysemantic regarding its authority and responsibility  PermissionPermission:: is an access mode that can be exercised on objects in the system.is an access mode that can be exercised on objects in the system. Both objects and access modes are domain dependent.Both objects and access modes are domain dependent. – For example, in the case of databases, the object set includes tables, columns, andFor example, in the case of databases, the object set includes tables, columns, and rows, and the access mode set includes insert, delete, and update operations.rows, and the access mode set includes insert, delete, and update operations.  SessionSession:: it is a particular instance of a connection of a user to the system andit is a particular instance of a connection of a user to the system and defines the subset of activated roles.defines the subset of activated roles. – At each moment, different sessions for the same user can be active.At each moment, different sessions for the same user can be active. – When a user logs in the system, he/she establishes a session and, during thisWhen a user logs in the system, he/she establishes a session and, during this session, can request to activate a subset of the roles he/she is authorized to play.session, can request to activate a subset of the roles he/she is authorized to play. – The user obtains all permissions associated with the role he/she has activated inThe user obtains all permissions associated with the role he/she has activated in the sessionthe session
2323 RBACRBAC Individuals Roles Resources Role 1 Role 2 Role 3 Users change frequently, roles don’t Server 1 Server 2 Server 3
2424 RBAC: SQL CommandsRBAC: SQL Commands  CREATE ROLE role-name IDENTIFIED BY passwd |NOT IDENTIFIED;CREATE ROLE role-name IDENTIFIED BY passwd |NOT IDENTIFIED;  example:example: – CREATE ROLE teller IDENTIFIED BY cashflow;CREATE ROLE teller IDENTIFIED BY cashflow;  DROP ROLE role-name;DROP ROLE role-name;  GRANT role TO user | role | PUBLIC [WITH ADMIN OPTION];GRANT role TO user | role | PUBLIC [WITH ADMIN OPTION];  To perform the grant of a role, a user must have the privilege for the role withTo perform the grant of a role, a user must have the privilege for the role with the ADMIN option, or the system privilege GRANT ANY ROLEthe ADMIN option, or the system privilege GRANT ANY ROLE  The ADMIN option allows the receiver to modify or drop the roleThe ADMIN option allows the receiver to modify or drop the role  Example:Example: – GRANT teller TO Bob;GRANT teller TO Bob;
2525 RBAC: SQL CommandsRBAC: SQL Commands  The grant command for authorization granting can have roles asThe grant command for authorization granting can have roles as subjectssubjects  example:example: – GRANT select ON Employee TO teller;GRANT select ON Employee TO teller;

More Related Content

PDF
Getting started on fed ramp sec auth for csp
Tuan Phan
 
PDF
FedRAMP 3PAO Training
1ECG
 
PPTX
Completing fedramp-security-authorization-process
Tuan Phan
 
PDF
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
Valdez Ladd MBA, CISSP, CISA,
 
PDF
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
James W. De Rienzo
 
PPT
Experience Showcase
Ann Carey
 
PPTX
COD-UV-SPECTROSCOPY-ANN-ANALYSIS
Kaushik Patra
 
PPTX
Neural
Archit Rastogi
 
Getting started on fed ramp sec auth for csp
Tuan Phan
 
FedRAMP 3PAO Training
1ECG
 
Completing fedramp-security-authorization-process
Tuan Phan
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
Valdez Ladd MBA, CISSP, CISA,
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
James W. De Rienzo
 
Experience Showcase
Ann Carey
 
COD-UV-SPECTROSCOPY-ANN-ANALYSIS
Kaushik Patra
 
Neural
Archit Rastogi
 

Viewers also liked (8)

PPT
fghdfh
pushbarajaa
 
PPTX
Image segmentation using wvlt trnsfrmtn and fuzzy logic. ppt
RCC Institute of Information Technology
 
PDF
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
aferrandini
 
PPTX
Fuzzy logic
Biswajit Pratihari
 
PPT
artificial neural network
Pallavi Yadav
 
PPT
Fuzzy logic ppt
Priya_Srivastava
 
PPTX
Neural network & its applications
Ahmed_hashmi
 
PPTX
Slideshare ppt
Mandy Suzanne
 
fghdfh
pushbarajaa
 
Image segmentation using wvlt trnsfrmtn and fuzzy logic. ppt
RCC Institute of Information Technology
 
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
aferrandini
 
Fuzzy logic
Biswajit Pratihari
 
artificial neural network
Pallavi Yadav
 
Fuzzy logic ppt
Priya_Srivastava
 
Neural network & its applications
Ahmed_hashmi
 
Slideshare ppt
Mandy Suzanne
 
Ad

Similar to Iss lecture 6 (20)

PDF
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
Dr Amit Phadikar
 
PPTX
Presentation on Database Security in DBMS
Gaurav977214
 
PDF
Chapter 6 Database Security and Authorization (4).pdf
abrehamcheru14
 
PPT
Database security
Prabhat gangwar
 
PPTX
database Security for data security .pptx
KarimAhmed722436
 
PPTX
Database Security Methods, DAC, MAC,View
Dr-Dipali Meher
 
PPTX
Database security and privacy
Md. Ahasan Hasib
 
PPT
8034.ppt
ssuser77162c
 
PPTX
Group 8 - Database Security Version 1.pptx
HenryQuang1
 
PDF
Data base Access Control a look at Fine grain Access method
International Journal of Engineering Inventions www.ijeijournal.com
 
PPT
4_5949547032388570388.ppt
MohammedMohammed578197
 
PDF
Lecture #4: Access Control Policies
Dr. Ramchandra Mangrulkar
 
PPT
UNIT-1-Security.ppt
DharaDarji5
 
PPT
Chapter 5-Security Mechanisms and Techniques.ppt
Lina Shimelis
 
PPTX
Database Security and Management Systems
IsmaelKakaRealsoft
 
PPT
AccessControl.ppt
DAKSHATAPANCHAL2
 
PPTX
databasemanagementsystemsecuritycyb.pptx
MuhammadMamman2
 
PPTX
01 database security ent-db
uncleRhyme
 
PPTX
Database managementsystemes_Unit-7.pptxe
chnrketan
 
PPT
database-security-design.ppt
SharifulShishir
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
Dr Amit Phadikar
 
Presentation on Database Security in DBMS
Gaurav977214
 
Chapter 6 Database Security and Authorization (4).pdf
abrehamcheru14
 
Database security
Prabhat gangwar
 
database Security for data security .pptx
KarimAhmed722436
 
Database Security Methods, DAC, MAC,View
Dr-Dipali Meher
 
Database security and privacy
Md. Ahasan Hasib
 
8034.ppt
ssuser77162c
 
Group 8 - Database Security Version 1.pptx
HenryQuang1
 
Data base Access Control a look at Fine grain Access method
International Journal of Engineering Inventions www.ijeijournal.com
 
4_5949547032388570388.ppt
MohammedMohammed578197
 
Lecture #4: Access Control Policies
Dr. Ramchandra Mangrulkar
 
UNIT-1-Security.ppt
DharaDarji5
 
Chapter 5-Security Mechanisms and Techniques.ppt
Lina Shimelis
 
Database Security and Management Systems
IsmaelKakaRealsoft
 
AccessControl.ppt
DAKSHATAPANCHAL2
 
databasemanagementsystemsecuritycyb.pptx
MuhammadMamman2
 
01 database security ent-db
uncleRhyme
 
Database managementsystemes_Unit-7.pptxe
chnrketan
 
database-security-design.ppt
SharifulShishir
 
Ad

More from Ali Habeeb (20)

PPT
Anonymous Connections And Onion Routing
Ali Habeeb
 
PPT
Opinion Mining
Ali Habeeb
 
PPT
WAP
Ali Habeeb
 
PPT
USB 3.0
Ali Habeeb
 
PPTX
Blue Eyes
Ali Habeeb
 
PPT
Cloud Security
Ali Habeeb
 
PDF
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Ali Habeeb
 
PPTX
Web Security
Ali Habeeb
 
PPTX
Secure erasure code based distributed storage system with secure data forwarding
Ali Habeeb
 
PPT
Organizing User Search Histories
Ali Habeeb
 
PPTX
Detecting and Resolving Firewall Policy Anomalies
Ali Habeeb
 
PPT
Bit Torrent Protocol
Ali Habeeb
 
PPTX
A study of Data Quality and Analytics
Ali Habeeb
 
PPT
Adhoc and Sensor Networks - Chapter 10
Ali Habeeb
 
PPT
Adhoc and Sensor Networks - Chapter 09
Ali Habeeb
 
PPT
Adhoc and Sensor Networks - Chapter 08
Ali Habeeb
 
PPT
Adhoc and Sensor Networks - Chapter 07
Ali Habeeb
 
PPT
Adhoc and Sensor Networks - Chapter 06
Ali Habeeb
 
PPT
Adhoc and Sensor Networks - Chapter 05
Ali Habeeb
 
PPT
Adhoc and Sensor Networks - Chapter 04
Ali Habeeb
 
Anonymous Connections And Onion Routing
Ali Habeeb
 
Opinion Mining
Ali Habeeb
 
WAP
Ali Habeeb
 
USB 3.0
Ali Habeeb
 
Blue Eyes
Ali Habeeb
 
Cloud Security
Ali Habeeb
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Ali Habeeb
 
Web Security
Ali Habeeb
 
Secure erasure code based distributed storage system with secure data forwarding
Ali Habeeb
 
Organizing User Search Histories
Ali Habeeb
 
Detecting and Resolving Firewall Policy Anomalies
Ali Habeeb
 
Bit Torrent Protocol
Ali Habeeb
 
A study of Data Quality and Analytics
Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 10
Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 09
Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 08
Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 07
Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 06
Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 05
Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 04
Ali Habeeb
 

Recently uploaded (20)

PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 

Iss lecture 6

  • 1. Information System SecurityInformation System Security Lecture 6Lecture 6 Database SecurityDatabase Security
  • 2. 22 OutlineOutline  Data SecurityData Security  Access controlAccess control  Security policySecurity policy  Access control policyAccess control policy 1.1. Discretionary access controlDiscretionary access control 2.2. Content-based access controlContent-based access control 3.3. Mandatory access controlMandatory access control 4.4. Role-based access controlRole-based access control
  • 3. 33 Data security: ExamplesData security: Examples 1.1. Consider a payroll database in a corporation, it must be ensuredConsider a payroll database in a corporation, it must be ensured that:that: – Salaries of individual employeesSalaries of individual employees are not disclosedare not disclosed to arbitrary users ofto arbitrary users of the database,the database, – SalariesSalaries are modifiedare modified by only those individuals that are properlyby only those individuals that are properly authorized,authorized, – PaychecksPaychecks are printed on timeare printed on time at the end of each pay period.at the end of each pay period. 1.1. In a military environment, it is important that:In a military environment, it is important that: – The target of a missileThe target of a missile is not givenis not given to an unauthorized user,to an unauthorized user, – The targetThe target is not arbitrarily modified,is not arbitrarily modified, – The missileThe missile is launched when it is fired.is launched when it is fired.
  • 4. 44 Data Security: main goalsData Security: main goals  Confidentiality: it refers to data protection from unauthorized read operations.  Integrity: it refers to data protection from unauthorized modification operations.  Availability: it ensures that data access is not denied to authorized subjects.  Others: Authentication, etc. Confidentiality Integrity Data security availability
  • 5. 55 Data Security: main goalsData Security: main goals  Confidentiality is enforced by theConfidentiality is enforced by the access control mechanism.access control mechanism.  Integrity is enforced by theIntegrity is enforced by the access control mechanismaccess control mechanism and by theand by the semantic integrity constraintssemantic integrity constraints specified during schemaspecified during schema definition.definition.  Availability is enforced by theAvailability is enforced by the recoveryrecovery andand concurrency controlconcurrency control mechanisms.mechanisms.
  • 6. 66 Access control: BasicAccess control: Basic conceptsconcepts  An access control system regulates the operations that can beAn access control system regulates the operations that can be executed on data and resources to be protected.executed on data and resources to be protected.  Its goal is to control operations executed by subjects in order toIts goal is to control operations executed by subjects in order to prevent actions that could damage data and resources.prevent actions that could damage data and resources. Authorization rules Reference Monitor Security Policy Access request Access denied Access Permitted Access partially permitted
  • 7. 77 Security PolicySecurity Policy  Policies deal with defining what is authorized and who can grantPolicies deal with defining what is authorized and who can grant authorizations.authorizations.  Existing security policies tend to focus mainly on theExisting security policies tend to focus mainly on the confidentiality (Privacy) requirements of securityconfidentiality (Privacy) requirements of security ..  Policies are used like requirements; they are the starting point inPolicies are used like requirements; they are the starting point in the development of any system that has security features .the development of any system that has security features .  Adopted security policies mainly depend on organizationalAdopted security policies mainly depend on organizational requirements, such as legal requirements, regulatoryrequirements, such as legal requirements, regulatory requirements, user requirements.requirements, user requirements.
  • 8. 88 Security Policies andSecurity Policies and AuthorizationsAuthorizations  The security policies are implemented by mapping them into aThe security policies are implemented by mapping them into a set ofset of authorizationsauthorizations  Authorizations thus establish the operations and rights thatAuthorizations thus establish the operations and rights that subjects can exercise on the protected objectssubjects can exercise on the protected objects  TheThe reference monitorreference monitor is a control mechanismis a control mechanism – It has the task of determining whether a given subject is authorized toIt has the task of determining whether a given subject is authorized to access the dataaccess the data
  • 9. 99 Access control policyAccess control policy  Discretionary access controlDiscretionary access control  Mandatory access controlMandatory access control  Role-based access controlRole-based access control  Context-based access controlContext-based access control
  • 10. 1010 Access control PolicyAccess control Policy  Most access control policies are formulated in terms of subjects,Most access control policies are formulated in terms of subjects, objects, and privilegesobjects, and privileges  Authorization Objects: Anything that holds data, such asAuthorization Objects: Anything that holds data, such as relations, directories, interprocess messages, network packets,relations, directories, interprocess messages, network packets, I/O devices, or physical mediaI/O devices, or physical media  Authorization Subjects: An abstraction of any active entity thatAuthorization Subjects: An abstraction of any active entity that performs computation in the systemperforms computation in the system – Examples: users, processes, roles, etc.Examples: users, processes, roles, etc.  Authorization Privileges: Operations that a subject can exerciseAuthorization Privileges: Operations that a subject can exercise on the objects in the systemon the objects in the system – Examples: read, write, execute, select, insert, update, delete, etc.Examples: read, write, execute, select, insert, update, delete, etc.
  • 11. 1111 Discretionary ACPsDiscretionary ACPs  DAC policies govern the access of subjects to objects on theDAC policies govern the access of subjects to objects on the basis of subjects' identity and authorization rulesbasis of subjects' identity and authorization rules  When an access request is submitted to the system, the accessWhen an access request is submitted to the system, the access control mechanism verifies whether there is an authorization rulecontrol mechanism verifies whether there is an authorization rule authorizing the accessauthorizing the access  Such mechanisms are discretionary in that they allow subjects toSuch mechanisms are discretionary in that they allow subjects to grant other subjects authorization to access their objects at theirgrant other subjects authorization to access their objects at their discretiondiscretion  Most of the common commercial DBMSs support itMost of the common commercial DBMSs support it
  • 12. 1212 DAC: SQL commandsDAC: SQL commands  Privilege delegation is supported through thePrivilege delegation is supported through the grant optiongrant option: if a: if a privilege is granted with the grant option, the user receiving itprivilege is granted with the grant option, the user receiving it can not only exercise the privilege, but can also grant it to othercan not only exercise the privilege, but can also grant it to other usersusers  A user can only grant a privilege on a given table if he/she is theA user can only grant a privilege on a given table if he/she is the table owner or if he/she has received the privilege with granttable owner or if he/she has received the privilege with grant optionoption  GRANTGRANT PrivilegeListPrivilegeList| ALL[PRIVILEGES] ON| ALL[PRIVILEGES] ON tabletable||ViewView TOTO UserListUserList | PUBLIC [WITH GRANT OPTION]| PUBLIC [WITH GRANT OPTION]
  • 13. 1313 DAC: SQL commandsDAC: SQL commands  Example:Example: – Bob: GRANT select, insert ON Employee TO Ann WITH GRANTBob: GRANT select, insert ON Employee TO Ann WITH GRANT OPTION;OPTION; Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION;Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION; Ann: GRANT select, insert ON Employee TO Jim;Ann: GRANT select, insert ON Employee TO Jim; – Jim has theJim has the selectselect privilege (received from both Bob and Ann) and theprivilege (received from both Bob and Ann) and the insert privilege (received from Ann).insert privilege (received from Ann). – Jim canJim can grantgrant to other users the select privilege (because it has receivedto other users the select privilege (because it has received itit with grant optionwith grant option); however, he cannot grant the insert privilege.); however, he cannot grant the insert privilege.
  • 14. 1414 DAC in SQL - GrantDAC in SQL - Grant  Grant Command:Grant Command: 1.1. Bob: GRANT select, insert ON Employee TO Jim WITH GRANTBob: GRANT select, insert ON Employee TO Jim WITH GRANT OPTION;OPTION; 2.2. Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION;Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION; 3.3. Bob: GRANT insert ON Employee TO Ann;Bob: GRANT insert ON Employee TO Ann; 4.4. Jim: GRANT update ON Employee TO Tim WITH GRANT OPTION;Jim: GRANT update ON Employee TO Tim WITH GRANT OPTION; 5.5. Ann: GRANT select, insert ON Employee TO Tim;Ann: GRANT select, insert ON Employee TO Tim;  The first three GRANT commands are fully executed (Bob is the owner of theThe first three GRANT commands are fully executed (Bob is the owner of the table)table)  The fourth command is not executed, because Jim does not have theThe fourth command is not executed, because Jim does not have the updateupdate privilege on the tableprivilege on the table  The fifth command is partially executed; Ann has theThe fifth command is partially executed; Ann has the selectselect andand insertinsert but shebut she does not have the grant option for the insertdoes not have the grant option for the insert – Tim only receives theTim only receives the selectselect privilegeprivilege
  • 15. 1515 DAC in SQL - RevokeDAC in SQL - Revoke  REVOKEREVOKE PrivilegeListPrivilegeList| ALL[PRIVILEGES] ON| ALL[PRIVILEGES] ON table | Viewtable | View FROMFROM UserListUserList | PUBLIC| PUBLIC  A user can only revoke the privileges he/she has granted;A user can only revoke the privileges he/she has granted;  Upon execution of a revoke operation, the user from whom theUpon execution of a revoke operation, the user from whom the privileges have been revoked looses these privileges, unless hasprivileges have been revoked looses these privileges, unless has them from some sourcethem from some source independentindependent from that has executed thefrom that has executed the revoke.revoke.  Recursive revocation: whenever a user revokes an authorizationRecursive revocation: whenever a user revokes an authorization on a table from another user, all the authorizations that theon a table from another user, all the authorizations that the revokee had granted because of the revoked authorization arerevokee had granted because of the revoked authorization are removed.removed.
  • 16. 1616 DAC in SQL - RevokeDAC in SQL - Revoke  Example:Example: – Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION;Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION; – Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION;Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION; – Jim: GRANT select ON Employee TO Tim;Jim: GRANT select ON Employee TO Tim; – Ann: GRANT select ON Employee TO Tim;Ann: GRANT select ON Employee TO Tim; – Jim: REVOKE select ON Employee FROM Tim;Jim: REVOKE select ON Employee FROM Tim; – Tim continues to hold theTim continues to hold the selectselect privilege on table Employee after theprivilege on table Employee after the revokerevoke operation, since he has independently obtained such privilege fromoperation, since he has independently obtained such privilege from Ann.Ann.
  • 17. 1717 Content-Based AC (CBAC)Content-Based AC (CBAC)  Content-based access control conditions the access to a givenContent-based access control conditions the access to a given object to its content.object to its content.  As an example, in a RDBMS supporting content-based accessAs an example, in a RDBMS supporting content-based access control it is possible to authorize a subject to access informationcontrol it is possible to authorize a subject to access information only of those employees whose salary is not greater than 30K.only of those employees whose salary is not greater than 30K.  Two are the most common approaches to enforce content-basedTwo are the most common approaches to enforce content-based access control in a DBMS:access control in a DBMS: – by associating a predicate (or a Boolean combination of predicates) withby associating a predicate (or a Boolean combination of predicates) with the authorizationthe authorization – by defining aby defining a viewview which selects the objects whose content satisfies awhich selects the objects whose content satisfies a given condition, and then granting the authorization on the view insteadgiven condition, and then granting the authorization on the view instead of on the basic objectsof on the basic objects
  • 18. 1818 CBAC: SQL CommandsCBAC: SQL Commands  Example: suppose we want to authorize user Ann to access onlyExample: suppose we want to authorize user Ann to access only the employees whose salary is lower than 20000 – steps:the employees whose salary is lower than 20000 – steps: – CREATE VIEW Vemp ASCREATE VIEW Vemp AS SELECT * FROM Employee WHERE Salary < 20000;SELECT * FROM Employee WHERE Salary < 20000; GRANT Select ON Vemp TO Ann;GRANT Select ON Vemp TO Ann;  Ann:Ann: – SELECT * FROM Vemp WHERE Job = ‘Programmer’;SELECT * FROM Vemp WHERE Job = ‘Programmer’; – This is equivalent to:This is equivalent to: – SELECT * FROM Employee WHERE Salary < 20000 AND Job =SELECT * FROM Employee WHERE Salary < 20000 AND Job = ‘Programmer’;‘Programmer’;
  • 19. 1919 Mandatory Access controlMandatory Access control  MAC specifies the access that subjects have to access objectsMAC specifies the access that subjects have to access objects based on subjects and objects classification.based on subjects and objects classification.  This type of security has also been referred to asThis type of security has also been referred to as multilevelmultilevel securitysecurity  Database systems that satisfy multilevel security properties areDatabase systems that satisfy multilevel security properties are called multilevel secure database management systemscalled multilevel secure database management systems (MLS/DBMSs)(MLS/DBMSs)  Many of the MLS/DBMSs have been designed based on the BellMany of the MLS/DBMSs have been designed based on the Bell and LaPadula (BLP) model.and LaPadula (BLP) model.
  • 20. 2020 Role-based AC (RBAC):Role-based AC (RBAC): MotivationMotivation  One challenging problem in managing large systems is the complexity ofOne challenging problem in managing large systems is the complexity of security administration.security administration.  Whenever the number of subjects and objects is high, the number ofWhenever the number of subjects and objects is high, the number of authorizations can become extremely large.authorizations can become extremely large.  Moreover, if the user population is highly dynamic, the number of grant andMoreover, if the user population is highly dynamic, the number of grant and revoke operations to be performed can become very difficult to manage.revoke operations to be performed can become very difficult to manage.  End users often do not own the information for which they are allowedEnd users often do not own the information for which they are allowed access. The corporation or agency is the actual owner of data objects.access. The corporation or agency is the actual owner of data objects.  Control is often based on employee functions rather than data ownership.Control is often based on employee functions rather than data ownership.  RBAC has been proposed as anRBAC has been proposed as an alternativealternative approach to DAC and MAC bothapproach to DAC and MAC both to simplify the task of access control management and to directly supportto simplify the task of access control management and to directly support function-based access control.function-based access control.
  • 21. 2121 RBAC: Basic ConceptsRBAC: Basic Concepts  Roles represent functions within a given organization andRoles represent functions within a given organization and authorizations are granted to roles instead of to single usersauthorizations are granted to roles instead of to single users  Users are thus simply authorized to "play“ the appropriate roles,Users are thus simply authorized to "play“ the appropriate roles, thereby acquiring the roles’ authorizationsthereby acquiring the roles’ authorizations  RBAC: BenefitsRBAC: Benefits – Because roles represent organizational functions, an RBAC model canBecause roles represent organizational functions, an RBAC model can directly support security policies of the organizationdirectly support security policies of the organization – Granting and revoking of user authorizations is greatly simplifiedGranting and revoking of user authorizations is greatly simplified  Most commercial DBMSs support RBAC features at some extentsMost commercial DBMSs support RBAC features at some extents
  • 22. 2222 RBAC: NIST ModelRBAC: NIST Model  UserUser:: is defined as a human being, a machine, a process, etc.is defined as a human being, a machine, a process, etc.  RoleRole: is a function within the context of an organization with an associated: is a function within the context of an organization with an associated semantic regarding its authority and responsibilitysemantic regarding its authority and responsibility  PermissionPermission:: is an access mode that can be exercised on objects in the system.is an access mode that can be exercised on objects in the system. Both objects and access modes are domain dependent.Both objects and access modes are domain dependent. – For example, in the case of databases, the object set includes tables, columns, andFor example, in the case of databases, the object set includes tables, columns, and rows, and the access mode set includes insert, delete, and update operations.rows, and the access mode set includes insert, delete, and update operations.  SessionSession:: it is a particular instance of a connection of a user to the system andit is a particular instance of a connection of a user to the system and defines the subset of activated roles.defines the subset of activated roles. – At each moment, different sessions for the same user can be active.At each moment, different sessions for the same user can be active. – When a user logs in the system, he/she establishes a session and, during thisWhen a user logs in the system, he/she establishes a session and, during this session, can request to activate a subset of the roles he/she is authorized to play.session, can request to activate a subset of the roles he/she is authorized to play. – The user obtains all permissions associated with the role he/she has activated inThe user obtains all permissions associated with the role he/she has activated in the sessionthe session
  • 23. 2323 RBACRBAC Individuals Roles Resources Role 1 Role 2 Role 3 Users change frequently, roles don’t Server 1 Server 2 Server 3
  • 24. 2424 RBAC: SQL CommandsRBAC: SQL Commands  CREATE ROLE role-name IDENTIFIED BY passwd |NOT IDENTIFIED;CREATE ROLE role-name IDENTIFIED BY passwd |NOT IDENTIFIED;  example:example: – CREATE ROLE teller IDENTIFIED BY cashflow;CREATE ROLE teller IDENTIFIED BY cashflow;  DROP ROLE role-name;DROP ROLE role-name;  GRANT role TO user | role | PUBLIC [WITH ADMIN OPTION];GRANT role TO user | role | PUBLIC [WITH ADMIN OPTION];  To perform the grant of a role, a user must have the privilege for the role withTo perform the grant of a role, a user must have the privilege for the role with the ADMIN option, or the system privilege GRANT ANY ROLEthe ADMIN option, or the system privilege GRANT ANY ROLE  The ADMIN option allows the receiver to modify or drop the roleThe ADMIN option allows the receiver to modify or drop the role  Example:Example: – GRANT teller TO Bob;GRANT teller TO Bob;
  • 25. 2525 RBAC: SQL CommandsRBAC: SQL Commands  The grant command for authorization granting can have roles asThe grant command for authorization granting can have roles as subjectssubjects  example:example: – GRANT select ON Employee TO teller;GRANT select ON Employee TO teller;

Editor's Notes

  • #7: The reference monitor checks the access rights, and then grants or deny access accordingly.
  • #11: A role is a named collections of privileges / functional entities within the organization