View
26
Download
0
Category
Tags:
Preview:
DESCRIPTION
Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Inference Problem - I February 2012. Outline . History Access Control and Inference Inference problem in MLS/DBMS Inference problem in emerging systems - PowerPoint PPT Presentation
Citation preview
Data and Applications Security Developments and Directions
Dr. Bhavani ThuraisinghamThe University of Texas at Dallas
Inference Problem - I
February 2012
Outline History Access Control and Inference Inference problem in MLS/DBMS Inference problem in emerging systems Semantic data model applications Confidentiality, Privacy and Trust Directions
History Statistical databases (1970s – present) Inference problem in databases (early 1980s - present) Inference problem in MLS/DBMS (late 1980s – present) Unsolvability results (1990) Logic for secure databases (1990) Semantic data model applications (late 1980s - present) Emerging applications (1990s – present) Privacy (2000 – present)
Statistical Databases Census Bureau has been focusing for decades on statistical
inference and statistical database Collections of data such as sums and averages may be given out
but not the individual data elements Techniques include - Perturbation where results are modified - Randomization where random samples are used to compute
summaries Techniques are being used now for privacy preserving data mining
Access Control and Inference Access control in databases started with the work in System R and
Ingres Projects- Access Control rules were defined for databases, relations,
tuples, attributes and elements- SQL and QUEL languages were extended
GRANT and REVOKE Statements Read access on EMP to User group A Where
EMP.Salary < 30K and EMP.Dept <> Security- Query Modification:
Modify the query according to the access control rules Retrieve all employee information where salary < 30K and
Dept is not Security
Query Modification Algorithm Inputs: Query, Access Control Rules Output: Modified Query Algorithm:- Given a query Q, examine all the access control rules relevant to
the query- Introduce a Where Clause to the query that negates access to
the relevant attributes in the access control rules Example: rules are John does not have access to Salary in
EMP and Budget in DEPT Query is to join the EMP and DEPT relations on Dept # Modify the query to Join EMP and DEPT on Dept # and
project on all attributes except Salary and Budget- Output is the resulting query
Security Constraints / Access Control Rules Simple Constraint: John cannot access the attribute Salary of
relation EMP Content-based constraint: If relation MISS contains information
about missions in the Middle East, then John cannot access MISS Association-based Constraint: Ship’s location and mission taken
together cannot be accessed by John; individually each attribute can be accessed by John
Release constraint: After X is released Y cannot be accessed by John
Aggregate Constraint: Ten or more tuples taken together cannot be accessed by John
Dynamic Constraint: After the Mission, information about the mission can be accessed by John
Security Constraints for Healthcare Simple Constraint: Only doctors can access medical records Content-based constraint: If the patient has Aids then this
information is private Association-based Constraint: Names and medical records taken
together is private Release constraint: After medical records are released, names
cannot be released Aggregate Constraint: The collection of patients is private,
individually public Dynamic Constraint: After the patient dies, information about him
becomes public
Inference Problem in MLS/DBMS
Inference is the process of forming conclusions from premises
If the conclusions are unauthorized, it becomes a problem
Inference problem in a multilevel environment
Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified
Association problem: attributes A and B taken together is Secret - individually they are Unclassified
Revisiting Security Constraints Simple Constraint: Mission attribute of SHIP is Secret Content-based constraint: If relation MISSION contains information
about missions in Europe, then MISSION is Secret Association-based Constraint: Ship’s location and mission taken
together is Secret; individually each attribute is Unclassified Release constraint: After X is released Y is Secret Aggregate Constraint: Ten or more tuples taken together is Secret Dynamic Constraint: After the Mission, information about the
mission is Unclassified Logical Constraint: A Implies B; therefore if B is Secret then A must
be at least Secret
Enforcement of Security Constraints
User Interface Manager
ConstraintManager
Security Constraints
Query Processor:
Constraints during query and release operations
Update Processor:
Constraints during update operation
Database Design Tool
Constraints during database design operation
MLS Database
MLS/DBMS
Query Algorithms
Query is modified according to the constraints Release database is examined as to what has been released Query is processed and response assembled Release database is examined to determine whether the response
should be released Result is given to the user Portions of the query processor are trusted
Update Algorithms
Certain constraints are examined during update operation Example: Content-based constraints The security level of the data is computed Data is entered at the appropriate level Certain parts of the Update Processor are trusted
Database Design Algorithms
Certain constraints are examined during the database design time- Example: Simple, Association and Logical Constraints
Schema are assigned security levels Database is partitioned accordingly Example:- If Ships location and mission taken together is Secret, then
SHIP (S#, Sname) is Unclassified, LOC-MISS(S#, Location, Mission) is Secret LOC(Location) is Unclassified- MISS(Mission) is Unclassified
Data Warehousing and Inference
OracleDBMS forEmployees
SybaseDBMS forProjects
InformixDBMS forTravel
Data Warehouse:Data correlatingEmployees WithTravel patternsand Projects
Could beany DBMSe.g., relational
UsersQuerythe Warehouse
Challenge: Controlling access to the Warehouse and at the same time enforcing the access control policies enforced by the back-end Database systems
Data DataData
Data Mining as a Threat to Security
Data mining gives us “facts” that are not obvious to human analysts of the data
Can general trends across individuals be determined without revealing information about individuals?
Possible threats:- Combine collections of data and infer information that is private
Disease information from prescription data Military Action from Pizza delivery to pentagon
Need to protect the associations and correlations between the data that are sensitive
Security Preserving Data Mining Prevent useful results from mining - Introduce “cover stories” to give “false” results - Only make a sample of data available and that adversary is
unable to come up with useful rules and predictive functions Randomization- Introduce random values into the data or results; Challenge is to
introduce random values without significantly affecting the data mining results- Give range of values for results instead of exact values
Secure Multi-party Computation- Each party knows its own inputs; encryption techniques used to
compute final results
Inference problem for Multimedia Databases Access Control for Text, Images, Audio and Video Granularity of Protection- Text
John has access to Chapters 1 and 2 but not to 3 and 4- Images
John has access to portions of the image Access control for pixels?
- Video and Audio John has access to Frames 1000 to 2000 Jane has access only to scenes in US
- Security constraints Association based constraints
E.g., collections of images are classified
Inference Control for Semantic Web According to Tim Berners Lee, The Semantic Web supports- Machine readable and understandable web pages
Layers for the semantic web: Security cuts across all layers Semantic web has reasoning capabilities
XML, XML Schemas
Rules/Query
Logic, Proof and TrustSECURITY
OtherServicesRDF, Ontologies
URI, UNICODE
PRIVACY
Inference Control for Semantic Web - II
Semantic web has reasoning capabilities Based on several logics including descriptive logics Inferencing is key to the operation of the semantic web Need to build inference controllers that can handle different
types of inferencing capability
Example Security-Enhanced Semantic Web
Security Policies
Ontologies
Rules
Semantic Web Engine
XML, RDF DocumentsWeb Pages, Databases
Inference Engine/Inference Controller
Interface to the Security-Enhanced Semantic WebTechnology
to be developed by project
Security, Ontologies and XML Access control for Ontologies
- Who can access which parts of the Ontologies
- E.g, Professor can access all patents of the department while the Secretary can access only the descriptions of the patents
Ontologies for Security Applications
- Use ontologies for specifying security/privacy policies
- Integrating heterogeneous policies Access control for XML (also RDF)
- Protecting entire documents, parts of documents, propagations of access control privileges; Protecting DTDs vs Document instances; Secure XML Schemas
Inference problem for XML documents
- Portions of documents taken together could be sensitive, individually not sensitive
Semantic Model for Inference Control
Patient John
CancerInfluenza
Has disease
Travels frequently
England
address
John’s address
Dark lines/boxes containsensitive information
Use Reasoning Strategies developed for Semantic Models such as Semantic Nets and Conceptual Graphs to reason about the applicationsAnd detect potential inference violations
Directions
Inference problem is still being investigated Census bureau still working on statistical databases Need to find real world examples in the Military world Inference problem with respect to medial records Much of the focus is now on the Privacy problem Privacy problem can be regarded to be a special case of the
inference problem
Recommended