Upload
omercomail
View
250
Download
1
Tags:
Embed Size (px)
Citation preview
Agenda :
Introduction.
Security in distributed Database.
Security in federated and integrated database.
Security in federated Database.
The effect of heterogeneity and autonomy on federated database security Russell Daviea and
Reinhardt Bothab
a Port Elizabeth Technikon, [email protected]
b Port Elizabeth Technikon, [email protected]
Background.
Federated Database Systems:
- The term has been used for several different but related
database system architectures. Federated Database System
(FDBS) is a collection of co-perating but autonomous
component database systems.
- The component databases systems (CDBSs) are integrated
to various degrees and are controlled and co-ordinated by
a Federated Database Management System (FDBMS).
The road towards Federated Database Systems:
Characteristics of Federated Database Systems :Distribution.Heterogeneity.Autonomy.
A CDBS participating in a FDBS may possess several
types of autonomy:
Design autonomy .
Communication autonomy .
Execution autonomy .
Association autonomy .
Authorization autonomy .
Information security in Database systems:
Confidentiality / Integrity / Availability (CIA).
Security problems in databases :
identifying the threats + policies + mechanisms.
Security in Federated Database Systems :
A FDBS provides interoperability between existing
heterogeneous databases providing two advantages :
a user the capability to retrieve data located at
different heterogeneous databases.
Interoperability is a significant advantage
-- need for protecting the security of the CDBSs and
their local users.
Security in Federated Database Systems :
CDBSs join a FDBS.
establishment of administrative policies.
Identification and authentication.
Authorization autonomy .
Full authorization autonomy .
Medium authorization autonomy
Low authorization autonomy.
Deriving Global Authorizations for Federated
Databases
Eugene F. Fodor
Department of Computer Science
University of California, Davis, USA 95616
Email: [email protected]
URL: http://avalon.cs.ucdavis.edu/
Introduction.
Federated Databases.
Federated Database Security Issues:
FDBs pose is the formulation of a global security policy from the
local security policies of CDBs.
FDBs are that the integration of data from multiple sources leads
to new aggregation and inference problems not seen in the CDBs.
Accountability and authentication also become more complicated
for FDBs.
Deriving Authorizations for Integrated Objects
Federated DB Protection Objects:
Constituent schemas provide a common data model:
1. Integrated objects.
2. Local objects.
3. Federated objects.
4. Composite objects.
Exported Local Authorizations and the Dictionary :
Subject Section
Operation Section
Object Section
Global authorization derivation :
Analysis of local authorizations :
auth = <s,op,o> and auth΄= <s΄,op΄,o΄> are Compatible
Auth≈auth΄ ↔(o≈o΄)^(op≈op΄)
Subject Clustering :
A hierarchical clustering technique called single link
clustering is used to derive a similarity tree of subjects.
Global authorization derivation :
Abstraction of Global Authorizations :
There are two rules for authorization abstraction with
regard to operations and objects :
Rule 1 :
Rule 2 :
for objects states that global authorization o¯ for
coincides
with the integrated object o¯ and its local objects.