computer science csc 405dr. peng ning1 csc 405 introduction to computer security topic 6. database...
TRANSCRIPT
![Page 1: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/1.jpg)
CSC 405 Dr. Peng Ning 1
Computer Science
CSC 405Introduction to Computer Security
Topic 6. Database Security
![Page 2: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/2.jpg)
CSC 405 Dr. Peng Ning 2Computer Science
Agenda
• Discretionary access control in DBMS
• Mandatory access control and multi-level databases
• Database inference control
![Page 3: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/3.jpg)
CSC 405 Dr. Peng Ning 3Computer Science
![Page 4: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/4.jpg)
CSC 405 Dr. Peng Ning 4
Computer Science
Topic 6.1 DAC in DBMS
![Page 5: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/5.jpg)
CSC 405 Dr. Peng Ning 5Computer Science
Outline
• Relational model
• Grant and revoke
• Extension to the basic model
• Questions/comments in reviews
![Page 6: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/6.jpg)
CSC 405 Dr. Peng Ning 6Computer Science
Basic Relational Concepts
• Data is organized as a collection of tables, called RELATIONS– Example: two relations - EMP, DEPT– EMP: name, title, department– DEPT: department, location
• Each row (or record) of a relation is called a TUPLE• Each relation has a unique name• Each attribute has a unique name within a relation• All values in a relation are atomic (indecomposable)
– As a consequence , we have two tuples for a user
![Page 7: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/7.jpg)
CSC 405 Dr. Peng Ning 7Computer Science
EMP Name Title Dept
Tom Prof ECE
Tom Prof CS
Adams Prof ECE
Smith Inst CS
DEPT Name Location
CS Wither Hall
ECE Daniels Hall
Math Harrelson Hall
Examples
![Page 8: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/8.jpg)
CSC 405 Dr. Peng Ning 8Computer Science
CREATE TABLE EMP
(Name CHAR(15) NOT NULL,
Title CHAR(4),
Dept CHAR(10),
PRIMARY KEY (Name))
CREATE TABLE DEPT
(Name CHAR(10) NOT NULL,
Location CHAR (15),
PRIMARY KEY (Name))
Relation Schemes
• A relational database consists of 2 relation schemes:• EMP(Name, Title, Dept)• DEPT(Name, Location)• Schemes: structure of the database• Structured Query Language (SQL)• SQL "data definition" statements are used to create relations
![Page 9: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/9.jpg)
CSC 405 Dr. Peng Ning 9Computer Science
• The SELECT statement
SELECT Name
FROM EMP
WHERE Dept = `ECE'
• Joins
SELECT *
FROM EMP, DEPT
WHERE EMP.Dept= DEPT.Name
AND Dept.Location = `Wither Hall'
Tom Prof CS Wither Hall
Smith Inst CS Wither Hall
SQL
Tom
Adams
![Page 10: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/10.jpg)
CSC 405 Dr. Peng Ning 10Computer Science
CREATE VIEW EMP_LOCATION
AS SELECT Name, Dept, Location
FROM EMP, DEPT
WHERE EMP.Dept = DEPT.Name
Views
EMP_LOCATION Name Dept LocationTom ECE Daniels HallTom CS Wither HallAbrams ECE Daniels BldgSmith CS Wither Hall
• Views are "virtual" relations. They can be used to customize relations and to provide security
![Page 11: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/11.jpg)
CSC 405 Dr. Peng Ning 11Computer Science
Discretionary Access Controls
• Decentralized administration– Users can protect what they own– The owner may grant access to others– The owner may define the type of access
(read/write/execute) given to others
![Page 12: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/12.jpg)
CSC 405 Dr. Peng Ning 12Computer Science
Access Control Mechanisms
• Identification and Authentication (I&A)
• Security through Views
• Stored Procedures
• Grant and Revoke
• Query Modification
![Page 13: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/13.jpg)
CSC 405 Dr. Peng Ning 13Computer Science
Identification and Authentication
• Identification provided by DBMS can be distinct from that provided by the underlying OS– Example: MS SQL server
• Two options– I&A through the OS
– Separate I&A
![Page 14: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/14.jpg)
CSC 405 Dr. Peng Ning 14Computer Science
NAME DEPT SALARY MANAGER
Smith Toy 10,000 Jones
Jones Toy 15,000 Baker
Baker Admin 40,000 Harding
Adams Candy 20,000 Harding
Harding Admin 50,000 None
EMP
Security Through Views
Users are allowed to access partial information (such asthe Toy dept data), but not the detailed information.
![Page 15: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/15.jpg)
CSC 405 Dr. Peng Ning 15Computer Science
Example
CREATE VIEW TOY_DEPTAS SELECT NAME, SALARY, MANAGERFROMEMPWHERE DEPT = 'Toy'
TOY_DEPT NAME SALARY MANAGER
Smith 10,000 Jones
Jones 15,000 Baker
![Page 16: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/16.jpg)
CSC 405 Dr. Peng Ning 16Computer Science
Example
CREATE VIEW TOY_EMP_MGRAS SELECT EMP, MANAGERFROMEMPWHERE DEPT = 'Toy'
TOY_EMP_MGR NAME MANAGER
Smith Jones
Jones Baker
![Page 17: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/17.jpg)
CSC 405 Dr. Peng Ning 17Computer Science
Example
CREATE VIEW AVSAL(DEPT, AVG)AS SELECT DEPT, AVG(SALARY)FROM EMPGROUP BY DEPT
AVSAL DEPT AVG
TOY 12,500
CANDY 20,000
ADMIN 45,000
![Page 18: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/18.jpg)
CSC 405 Dr. Peng Ning 18Computer Science
Stored Procedures
• Right to execute compiled programs
• GRANT RUN ON program_A TO ADAMS
• Suppose program_A needs to access the relation EMP. Adams can execute program_A even though he does not have permission to access EMP
![Page 19: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/19.jpg)
CSC 405 Dr. Peng Ning 19Computer Science
Query Modification
• Adams:GRANT SELECT ON EMP TO THOMAS WHERE SALARY < 15000
• THOMAS:
SELECT *
FROM EMP
• DBMS:
SELECT *
FROM EMP
WHERE SALARY < 15000
![Page 20: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/20.jpg)
CSC 405 Dr. Peng Ning 20Computer Science
The Grant Command
• GRANT <privilege> ON <relation> TO <users> [WITH GRANT OPTION]
– GRANT SELECT ON EMP TO ADAMS
– GRANT SELECT ON EMP TO ADAMS WITH GRANT OPTION
– GRANT SELECT, UPDATE(SALARY) ON EMP TO JIM, JILL
• Applied to base relations as well as views
![Page 21: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/21.jpg)
CSC 405 Dr. Peng Ning 21Computer Science
The Revoke Command
• REVOKE <privileges> [ON <relations>]FROM <users>
– REVOKE SELECT ON EMP FROM TOM
– REVOKE UPDATE ON EMP FROM SMITH
– REVOKE RESOURCE FROM ABRAMS
– REVOKE DBA FROM SMITH
![Page 22: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/22.jpg)
CSC 405 Dr. Peng Ning 22Computer Science
Semantics of Revoke
• A sequence of grant command follow by a revoke operation – G1, G2, …, Gn, Rh
• Semantics– Equivalent to: G1, G2, …Gh-1, Gh+1, Gn
![Page 23: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/23.jpg)
CSC 405 Dr. Peng Ning 23Computer Science
Time-stamped Authorizations
A
B
C
D
20g
10g30g
F
E
40g
50g
60g
![Page 24: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/24.jpg)
CSC 405 Dr. Peng Ning 24Computer Science
Cascading Revocation
A B C D20g 10g 30g
A B10g
Grant sequence:
B revokes privilege from C :
![Page 25: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/25.jpg)
CSC 405 Dr. Peng Ning 25Computer Science
Timestamps Make a Difference
A
B
C
D
20g
10g30g
F
E
40g
50g
60g
![Page 26: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/26.jpg)
CSC 405 Dr. Peng Ning 26Computer Science
Timestamps Make a Difference
A
B
C
D
20g
10g30g
F
E
40g
50g
60g
![Page 27: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/27.jpg)
CSC 405 Dr. Peng Ning 27Computer Science
Further Extension
• Make cascading optional
• Permit negative authorizations
![Page 28: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/28.jpg)
CSC 405 Dr. Peng Ning 28Computer Science
The Revoke Command
• REVOKE <privileges> [ON <relations>] FROM <users> [CASCADE]– REVOKE SELECT ON EMP FROM TOM
– REVOKE UPDATE ON EMP FROM SMITH CASCADE
– REVOKE RESOURCE FROM ADAMS
– REVOKE DBA FROM SMITH CASCADE
![Page 29: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/29.jpg)
CSC 405 Dr. Peng Ning 29Computer Science
Non-cascading Revocation
A B C D20g 10g 30g
A B D10g 30g
![Page 30: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/30.jpg)
CSC 405 Dr. Peng Ning 30Computer Science
Why Non-cascading Revoke
• Reasons for revoke– Task is done. No need to have the privilege
anymore
– Task is still in progress. But a member left the project (e.g., promoted)
![Page 31: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/31.jpg)
CSC 405 Dr. Peng Ning 31Computer Science
Example
A
BG
F
E
D
C
2080
70
50
60
40
30
![Page 32: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/32.jpg)
CSC 405 Dr. Peng Ning 32Computer Science
Example
A
BG
F
E
D
C
2080
70
50
60
40
30
A
B
F
D
C
20
706030
After cascadingrevocation
![Page 33: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/33.jpg)
CSC 405 Dr. Peng Ning 33Computer Science
Example
A
BG
F
E
D
C
2080
70
50
60
40
30
After non-cascading revocation
A
BG
F
E
DC
2080
70
50
6030
70
![Page 34: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/34.jpg)
CSC 405 Dr. Peng Ning 34Computer Science
Why Positive & Negative Authorization
• Closed world policy– Cannot access unless explicitly granted the right
• Negative authorization– User A should not be allowed to read table Emp– Need explicit deny policies
![Page 35: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/35.jpg)
CSC 405 Dr. Peng Ning 35Computer Science
Positive & Negative Authorizations
A
B
C
E40 —
10 + g
30 + g
D
20 —
![Page 36: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/36.jpg)
CSC 405 Dr. Peng Ning 36Computer Science
Complication
• It is possible to have two authorizations– Grant A privilege p– Deny A privilege p
• Negative authorizations override positive authorizations
![Page 37: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/37.jpg)
CSC 405 Dr. Peng Ning 37Computer Science
Problem 1
A
B
C
E40 —
10 + g
30 + gD
20 —
50 —
User B gives D negative authorization at time 50 :
In our model, positive authorization granted by A to D becomes blocked, but we do not delete the authorization.
![Page 38: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/38.jpg)
CSC 405 Dr. Peng Ning 38Computer Science
Problem 2
A
B
C
E40 —
10 + g
30 + g
D
20 —
50 +F
Suppose D receives negative authorization from B at time 60 :
60 —
What about the privilege given to F by D?Under our approach, it becomes blocked, but we do not delete it.
![Page 39: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/39.jpg)
CSC 405 Dr. Peng Ning 39Computer Science
Revocation When Negative Authorizations Are Present
A
B E
40 —
10 + g
30 + g
D
20 —
50 +F
60 —
Given :
Suppose A revokes B’ s privilege.
C
![Page 40: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/40.jpg)
CSC 405 Dr. Peng Ning 40Computer Science
Cascading Revocation When Negative Authorizations Are Present
A
C
30 + gD
20 —
50 +F
![Page 41: Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 6. Database Security](https://reader034.vdocuments.site/reader034/viewer/2022050920/5519b4fc55034660578b4759/html5/thumbnails/41.jpg)
CSC 405 Dr. Peng Ning 41Computer Science
Non-cascading Revocation When Negative Authorizations Are Present
A
E40 —
30 + g
D
20 —
50 +F
60 —
C