SlideShare a Scribd company logo

Iss lecture 6

Download as PPT, PDF
Ali Habeeb
Ali Habeeb
TechnologyBusiness
1 of 25
Information System SecurityInformation System Security Lecture 6Lecture 6 Database SecurityDatabase Security
22 OutlineOutline  Data SecurityData Security  Access controlAccess control  Security policySecurity policy  Access control policyAccess control policy 1.1. Discretionary access controlDiscretionary access control 2.2. Content-based access controlContent-based access control 3.3. Mandatory access controlMandatory access control 4.4. Role-based access controlRole-based access control
33 Data security: ExamplesData security: Examples 1.1. Consider a payroll database in a corporation, it must be ensuredConsider a payroll database in a corporation, it must be ensured that:that: – Salaries of individual employeesSalaries of individual employees are not disclosedare not disclosed to arbitrary users ofto arbitrary users of the database,the database, – SalariesSalaries are modifiedare modified by only those individuals that are properlyby only those individuals that are properly authorized,authorized, – PaychecksPaychecks are printed on timeare printed on time at the end of each pay period.at the end of each pay period. 1.1. In a military environment, it is important that:In a military environment, it is important that: – The target of a missileThe target of a missile is not givenis not given to an unauthorized user,to an unauthorized user, – The targetThe target is not arbitrarily modified,is not arbitrarily modified, – The missileThe missile is launched when it is fired.is launched when it is fired.
44 Data Security: main goalsData Security: main goals  Confidentiality: it refers to data protection from unauthorized read operations.  Integrity: it refers to data protection from unauthorized modification operations.  Availability: it ensures that data access is not denied to authorized subjects.  Others: Authentication, etc. Confidentiality Integrity Data security availability
55 Data Security: main goalsData Security: main goals  Confidentiality is enforced by theConfidentiality is enforced by the access control mechanism.access control mechanism.  Integrity is enforced by theIntegrity is enforced by the access control mechanismaccess control mechanism and by theand by the semantic integrity constraintssemantic integrity constraints specified during schemaspecified during schema definition.definition.  Availability is enforced by theAvailability is enforced by the recoveryrecovery andand concurrency controlconcurrency control mechanisms.mechanisms.
66 Access control: BasicAccess control: Basic conceptsconcepts  An access control system regulates the operations that can beAn access control system regulates the operations that can be executed on data and resources to be protected.executed on data and resources to be protected.  Its goal is to control operations executed by subjects in order toIts goal is to control operations executed by subjects in order to prevent actions that could damage data and resources.prevent actions that could damage data and resources. Authorization rules Reference Monitor Security Policy Access request Access denied Access Permitted Access partially permitted
77 Security PolicySecurity Policy  Policies deal with defining what is authorized and who can grantPolicies deal with defining what is authorized and who can grant authorizations.authorizations.  Existing security policies tend to focus mainly on theExisting security policies tend to focus mainly on the confidentiality (Privacy) requirements of securityconfidentiality (Privacy) requirements of security ..  Policies are used like requirements; they are the starting point inPolicies are used like requirements; they are the starting point in the development of any system that has security features .the development of any system that has security features .  Adopted security policies mainly depend on organizationalAdopted security policies mainly depend on organizational requirements, such as legal requirements, regulatoryrequirements, such as legal requirements, regulatory requirements, user requirements.requirements, user requirements.
88 Security Policies andSecurity Policies and AuthorizationsAuthorizations  The security policies are implemented by mapping them into aThe security policies are implemented by mapping them into a set ofset of authorizationsauthorizations  Authorizations thus establish the operations and rights thatAuthorizations thus establish the operations and rights that subjects can exercise on the protected objectssubjects can exercise on the protected objects  TheThe reference monitorreference monitor is a control mechanismis a control mechanism – It has the task of determining whether a given subject is authorized toIt has the task of determining whether a given subject is authorized to access the dataaccess the data
99 Access control policyAccess control policy  Discretionary access controlDiscretionary access control  Mandatory access controlMandatory access control  Role-based access controlRole-based access control  Context-based access controlContext-based access control
1010 Access control PolicyAccess control Policy  Most access control policies are formulated in terms of subjects,Most access control policies are formulated in terms of subjects, objects, and privilegesobjects, and privileges  Authorization Objects: Anything that holds data, such asAuthorization Objects: Anything that holds data, such as relations, directories, interprocess messages, network packets,relations, directories, interprocess messages, network packets, I/O devices, or physical mediaI/O devices, or physical media  Authorization Subjects: An abstraction of any active entity thatAuthorization Subjects: An abstraction of any active entity that performs computation in the systemperforms computation in the system – Examples: users, processes, roles, etc.Examples: users, processes, roles, etc.  Authorization Privileges: Operations that a subject can exerciseAuthorization Privileges: Operations that a subject can exercise on the objects in the systemon the objects in the system – Examples: read, write, execute, select, insert, update, delete, etc.Examples: read, write, execute, select, insert, update, delete, etc.
1111 Discretionary ACPsDiscretionary ACPs  DAC policies govern the access of subjects to objects on theDAC policies govern the access of subjects to objects on the basis of subjects' identity and authorization rulesbasis of subjects' identity and authorization rules  When an access request is submitted to the system, the accessWhen an access request is submitted to the system, the access control mechanism verifies whether there is an authorization rulecontrol mechanism verifies whether there is an authorization rule authorizing the accessauthorizing the access  Such mechanisms are discretionary in that they allow subjects toSuch mechanisms are discretionary in that they allow subjects to grant other subjects authorization to access their objects at theirgrant other subjects authorization to access their objects at their discretiondiscretion  Most of the common commercial DBMSs support itMost of the common commercial DBMSs support it
1212 DAC: SQL commandsDAC: SQL commands  Privilege delegation is supported through thePrivilege delegation is supported through the grant optiongrant option: if a: if a privilege is granted with the grant option, the user receiving itprivilege is granted with the grant option, the user receiving it can not only exercise the privilege, but can also grant it to othercan not only exercise the privilege, but can also grant it to other usersusers  A user can only grant a privilege on a given table if he/she is theA user can only grant a privilege on a given table if he/she is the table owner or if he/she has received the privilege with granttable owner or if he/she has received the privilege with grant optionoption  GRANTGRANT PrivilegeListPrivilegeList| ALL[PRIVILEGES] ON| ALL[PRIVILEGES] ON tabletable||ViewView TOTO UserListUserList | PUBLIC [WITH GRANT OPTION]| PUBLIC [WITH GRANT OPTION]
1313 DAC: SQL commandsDAC: SQL commands  Example:Example: – Bob: GRANT select, insert ON Employee TO Ann WITH GRANTBob: GRANT select, insert ON Employee TO Ann WITH GRANT OPTION;OPTION; Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION;Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION; Ann: GRANT select, insert ON Employee TO Jim;Ann: GRANT select, insert ON Employee TO Jim; – Jim has theJim has the selectselect privilege (received from both Bob and Ann) and theprivilege (received from both Bob and Ann) and the insert privilege (received from Ann).insert privilege (received from Ann). – Jim canJim can grantgrant to other users the select privilege (because it has receivedto other users the select privilege (because it has received itit with grant optionwith grant option); however, he cannot grant the insert privilege.); however, he cannot grant the insert privilege.
1414 DAC in SQL - GrantDAC in SQL - Grant  Grant Command:Grant Command: 1.1. Bob: GRANT select, insert ON Employee TO Jim WITH GRANTBob: GRANT select, insert ON Employee TO Jim WITH GRANT OPTION;OPTION; 2.2. Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION;Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION; 3.3. Bob: GRANT insert ON Employee TO Ann;Bob: GRANT insert ON Employee TO Ann; 4.4. Jim: GRANT update ON Employee TO Tim WITH GRANT OPTION;Jim: GRANT update ON Employee TO Tim WITH GRANT OPTION; 5.5. Ann: GRANT select, insert ON Employee TO Tim;Ann: GRANT select, insert ON Employee TO Tim;  The first three GRANT commands are fully executed (Bob is the owner of theThe first three GRANT commands are fully executed (Bob is the owner of the table)table)  The fourth command is not executed, because Jim does not have theThe fourth command is not executed, because Jim does not have the updateupdate privilege on the tableprivilege on the table  The fifth command is partially executed; Ann has theThe fifth command is partially executed; Ann has the selectselect andand insertinsert but shebut she does not have the grant option for the insertdoes not have the grant option for the insert – Tim only receives theTim only receives the selectselect privilegeprivilege
1515 DAC in SQL - RevokeDAC in SQL - Revoke  REVOKEREVOKE PrivilegeListPrivilegeList| ALL[PRIVILEGES] ON| ALL[PRIVILEGES] ON table | Viewtable | View FROMFROM UserListUserList | PUBLIC| PUBLIC  A user can only revoke the privileges he/she has granted;A user can only revoke the privileges he/she has granted;  Upon execution of a revoke operation, the user from whom theUpon execution of a revoke operation, the user from whom the privileges have been revoked looses these privileges, unless hasprivileges have been revoked looses these privileges, unless has them from some sourcethem from some source independentindependent from that has executed thefrom that has executed the revoke.revoke.  Recursive revocation: whenever a user revokes an authorizationRecursive revocation: whenever a user revokes an authorization on a table from another user, all the authorizations that theon a table from another user, all the authorizations that the revokee had granted because of the revoked authorization arerevokee had granted because of the revoked authorization are removed.removed.
1616 DAC in SQL - RevokeDAC in SQL - Revoke  Example:Example: – Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION;Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION; – Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION;Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION; – Jim: GRANT select ON Employee TO Tim;Jim: GRANT select ON Employee TO Tim; – Ann: GRANT select ON Employee TO Tim;Ann: GRANT select ON Employee TO Tim; – Jim: REVOKE select ON Employee FROM Tim;Jim: REVOKE select ON Employee FROM Tim; – Tim continues to hold theTim continues to hold the selectselect privilege on table Employee after theprivilege on table Employee after the revokerevoke operation, since he has independently obtained such privilege fromoperation, since he has independently obtained such privilege from Ann.Ann.
1717 Content-Based AC (CBAC)Content-Based AC (CBAC)  Content-based access control conditions the access to a givenContent-based access control conditions the access to a given object to its content.object to its content.  As an example, in a RDBMS supporting content-based accessAs an example, in a RDBMS supporting content-based access control it is possible to authorize a subject to access informationcontrol it is possible to authorize a subject to access information only of those employees whose salary is not greater than 30K.only of those employees whose salary is not greater than 30K.  Two are the most common approaches to enforce content-basedTwo are the most common approaches to enforce content-based access control in a DBMS:access control in a DBMS: – by associating a predicate (or a Boolean combination of predicates) withby associating a predicate (or a Boolean combination of predicates) with the authorizationthe authorization – by defining aby defining a viewview which selects the objects whose content satisfies awhich selects the objects whose content satisfies a given condition, and then granting the authorization on the view insteadgiven condition, and then granting the authorization on the view instead of on the basic objectsof on the basic objects
1818 CBAC: SQL CommandsCBAC: SQL Commands  Example: suppose we want to authorize user Ann to access onlyExample: suppose we want to authorize user Ann to access only the employees whose salary is lower than 20000 – steps:the employees whose salary is lower than 20000 – steps: – CREATE VIEW Vemp ASCREATE VIEW Vemp AS SELECT * FROM Employee WHERE Salary < 20000;SELECT * FROM Employee WHERE Salary < 20000; GRANT Select ON Vemp TO Ann;GRANT Select ON Vemp TO Ann;  Ann:Ann: – SELECT * FROM Vemp WHERE Job = ‘Programmer’;SELECT * FROM Vemp WHERE Job = ‘Programmer’; – This is equivalent to:This is equivalent to: – SELECT * FROM Employee WHERE Salary < 20000 AND Job =SELECT * FROM Employee WHERE Salary < 20000 AND Job = ‘Programmer’;‘Programmer’;
1919 Mandatory Access controlMandatory Access control  MAC specifies the access that subjects have to access objectsMAC specifies the access that subjects have to access objects based on subjects and objects classification.based on subjects and objects classification.  This type of security has also been referred to asThis type of security has also been referred to as multilevelmultilevel securitysecurity  Database systems that satisfy multilevel security properties areDatabase systems that satisfy multilevel security properties are called multilevel secure database management systemscalled multilevel secure database management systems (MLS/DBMSs)(MLS/DBMSs)  Many of the MLS/DBMSs have been designed based on the BellMany of the MLS/DBMSs have been designed based on the Bell and LaPadula (BLP) model.and LaPadula (BLP) model.
2020 Role-based AC (RBAC):Role-based AC (RBAC): MotivationMotivation  One challenging problem in managing large systems is the complexity ofOne challenging problem in managing large systems is the complexity of security administration.security administration.  Whenever the number of subjects and objects is high, the number ofWhenever the number of subjects and objects is high, the number of authorizations can become extremely large.authorizations can become extremely large.  Moreover, if the user population is highly dynamic, the number of grant andMoreover, if the user population is highly dynamic, the number of grant and revoke operations to be performed can become very difficult to manage.revoke operations to be performed can become very difficult to manage.  End users often do not own the information for which they are allowedEnd users often do not own the information for which they are allowed access. The corporation or agency is the actual owner of data objects.access. The corporation or agency is the actual owner of data objects.  Control is often based on employee functions rather than data ownership.Control is often based on employee functions rather than data ownership.  RBAC has been proposed as anRBAC has been proposed as an alternativealternative approach to DAC and MAC bothapproach to DAC and MAC both to simplify the task of access control management and to directly supportto simplify the task of access control management and to directly support function-based access control.function-based access control.
2121 RBAC: Basic ConceptsRBAC: Basic Concepts  Roles represent functions within a given organization andRoles represent functions within a given organization and authorizations are granted to roles instead of to single usersauthorizations are granted to roles instead of to single users  Users are thus simply authorized to "play“ the appropriate roles,Users are thus simply authorized to "play“ the appropriate roles, thereby acquiring the roles’ authorizationsthereby acquiring the roles’ authorizations  RBAC: BenefitsRBAC: Benefits – Because roles represent organizational functions, an RBAC model canBecause roles represent organizational functions, an RBAC model can directly support security policies of the organizationdirectly support security policies of the organization – Granting and revoking of user authorizations is greatly simplifiedGranting and revoking of user authorizations is greatly simplified  Most commercial DBMSs support RBAC features at some extentsMost commercial DBMSs support RBAC features at some extents
2222 RBAC: NIST ModelRBAC: NIST Model  UserUser:: is defined as a human being, a machine, a process, etc.is defined as a human being, a machine, a process, etc.  RoleRole: is a function within the context of an organization with an associated: is a function within the context of an organization with an associated semantic regarding its authority and responsibilitysemantic regarding its authority and responsibility  PermissionPermission:: is an access mode that can be exercised on objects in the system.is an access mode that can be exercised on objects in the system. Both objects and access modes are domain dependent.Both objects and access modes are domain dependent. – For example, in the case of databases, the object set includes tables, columns, andFor example, in the case of databases, the object set includes tables, columns, and rows, and the access mode set includes insert, delete, and update operations.rows, and the access mode set includes insert, delete, and update operations.  SessionSession:: it is a particular instance of a connection of a user to the system andit is a particular instance of a connection of a user to the system and defines the subset of activated roles.defines the subset of activated roles. – At each moment, different sessions for the same user can be active.At each moment, different sessions for the same user can be active. – When a user logs in the system, he/she establishes a session and, during thisWhen a user logs in the system, he/she establishes a session and, during this session, can request to activate a subset of the roles he/she is authorized to play.session, can request to activate a subset of the roles he/she is authorized to play. – The user obtains all permissions associated with the role he/she has activated inThe user obtains all permissions associated with the role he/she has activated in the sessionthe session
2323 RBACRBAC Individuals Roles Resources Role 1 Role 2 Role 3 Users change frequently, roles don’t Server 1 Server 2 Server 3
2424 RBAC: SQL CommandsRBAC: SQL Commands  CREATE ROLE role-name IDENTIFIED BY passwd |NOT IDENTIFIED;CREATE ROLE role-name IDENTIFIED BY passwd |NOT IDENTIFIED;  example:example: – CREATE ROLE teller IDENTIFIED BY cashflow;CREATE ROLE teller IDENTIFIED BY cashflow;  DROP ROLE role-name;DROP ROLE role-name;  GRANT role TO user | role | PUBLIC [WITH ADMIN OPTION];GRANT role TO user | role | PUBLIC [WITH ADMIN OPTION];  To perform the grant of a role, a user must have the privilege for the role withTo perform the grant of a role, a user must have the privilege for the role with the ADMIN option, or the system privilege GRANT ANY ROLEthe ADMIN option, or the system privilege GRANT ANY ROLE  The ADMIN option allows the receiver to modify or drop the roleThe ADMIN option allows the receiver to modify or drop the role  Example:Example: – GRANT teller TO Bob;GRANT teller TO Bob;
2525 RBAC: SQL CommandsRBAC: SQL Commands  The grant command for authorization granting can have roles asThe grant command for authorization granting can have roles as subjectssubjects  example:example: – GRANT select ON Employee TO teller;GRANT select ON Employee TO teller;

Recommended

Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
FedRAMP 3PAO Training
FedRAMP 3PAO Training FedRAMP 3PAO Training
FedRAMP 3PAO Training 1ECG
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-processTuan Phan
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)James W. De Rienzo
 
Experience Showcase
Experience ShowcaseExperience Showcase
Experience ShowcaseAnn Carey
 
COD-UV-SPECTROSCOPY-ANN-ANALYSIS
COD-UV-SPECTROSCOPY-ANN-ANALYSISCOD-UV-SPECTROSCOPY-ANN-ANALYSIS
COD-UV-SPECTROSCOPY-ANN-ANALYSISKaushik Patra
 
Neural
NeuralNeural
NeuralArchit Rastogi
 

Recommended

Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
FedRAMP 3PAO Training
FedRAMP 3PAO Training FedRAMP 3PAO Training
FedRAMP 3PAO Training 1ECG
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-processTuan Phan
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)James W. De Rienzo
 
Experience Showcase
Experience ShowcaseExperience Showcase
Experience ShowcaseAnn Carey
 
COD-UV-SPECTROSCOPY-ANN-ANALYSIS
COD-UV-SPECTROSCOPY-ANN-ANALYSISCOD-UV-SPECTROSCOPY-ANN-ANALYSIS
COD-UV-SPECTROSCOPY-ANN-ANALYSISKaushik Patra
 
Neural
NeuralNeural
NeuralArchit Rastogi
 
fghdfh
fghdfhfghdfh
fghdfhpushbarajaa
 
Image segmentation using wvlt trnsfrmtn and fuzzy logic. ppt
Image segmentation using wvlt trnsfrmtn and fuzzy logic. pptImage segmentation using wvlt trnsfrmtn and fuzzy logic. ppt
Image segmentation using wvlt trnsfrmtn and fuzzy logic. pptRCC Institute of Information Technology
 
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...aferrandini
 
Fuzzy logic
Fuzzy logicFuzzy logic
Fuzzy logicBiswajit Pratihari
 
artificial neural network
artificial neural networkartificial neural network
artificial neural networkPallavi Yadav
 
Fuzzy logic ppt
Fuzzy logic pptFuzzy logic ppt
Fuzzy logic pptPriya_Srivastava
 
Neural network & its applications
Neural network & its applications Neural network & its applications
Neural network & its applications Ahmed_hashmi
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
Data base security
Data base securityData base security
Data base securitySara Nazir
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.pptMohammedMohammed578197
 
RAINBOW BOOK - Orange book
RAINBOW BOOK - Orange bookRAINBOW BOOK - Orange book
RAINBOW BOOK - Orange bookFelipe Prado
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NETSupriya G
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorizationzakieh alizadeh
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfdatabase-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfDr Amit Phadikar
 
L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggersmedialeg gmbh
 
Access C systrm.pptx
Access C systrm.pptxAccess C systrm.pptx
Access C systrm.pptxUgyenWangmo8
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacyMd. Ahasan Hasib
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12Wiliam Ferraciolli
 

More Related Content

Viewers also liked

Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...aferrandini
 
artificial neural network
artificial neural networkartificial neural network
artificial neural networkPallavi Yadav
 
Neural network & its applications
Neural network & its applications Neural network & its applications
Neural network & its applications Ahmed_hashmi
 

Viewers also liked (8)

fghdfh
fghdfhfghdfh
fghdfh
 
Image segmentation using wvlt trnsfrmtn and fuzzy logic. ppt
Image segmentation using wvlt trnsfrmtn and fuzzy logic. pptImage segmentation using wvlt trnsfrmtn and fuzzy logic. ppt
Image segmentation using wvlt trnsfrmtn and fuzzy logic. ppt
 
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
Artificial Neural Network in a Tic Tac Toe Symfony Console Application - Symf...
 
Fuzzy logic
Fuzzy logicFuzzy logic
Fuzzy logic
 
artificial neural network
artificial neural networkartificial neural network
artificial neural network
 
Fuzzy logic ppt
Fuzzy logic pptFuzzy logic ppt
Fuzzy logic ppt
 
Neural network & its applications
Neural network & its applications Neural network & its applications
Neural network & its applications
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Similar to Iss lecture 6

Data base security
Data base securityData base security
Data base securitySara Nazir
 
RAINBOW BOOK - Orange book
RAINBOW BOOK - Orange bookRAINBOW BOOK - Orange book
RAINBOW BOOK - Orange bookFelipe Prado
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NETSupriya G
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfdatabase-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfDr Amit Phadikar
 
L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggersmedialeg gmbh
 
Access C systrm.pptx
Access C systrm.pptxAccess C systrm.pptx
Access C systrm.pptxUgyenWangmo8
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacyMd. Ahasan Hasib
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxrahulkumarcscsf21
 
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfUNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfKavitaShinde26
 

Similar to Iss lecture 6 (20)

Data base security
Data base securityData base security
Data base security
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 
RAINBOW BOOK - Orange book
RAINBOW BOOK - Orange bookRAINBOW BOOK - Orange book
RAINBOW BOOK - Orange book
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NET
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfdatabase-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
 
L14: Access Rights and Triggers
L14: Access Rights and TriggersL14: Access Rights and Triggers
L14: Access Rights and Triggers
 
Access C systrm.pptx
Access C systrm.pptxAccess C systrm.pptx
Access C systrm.pptx
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfUNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
 
Access control
Access controlAccess control
Access control
 

More from Ali Habeeb

Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAli Habeeb
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion MiningAli Habeeb
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAli Habeeb
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyAli Habeeb
 
Secure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingSecure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingAli Habeeb
 
Organizing User Search Histories
Organizing User Search HistoriesOrganizing User Search Histories
Organizing User Search HistoriesAli Habeeb
 
Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesAli Habeeb
 
Bit Torrent Protocol
Bit Torrent ProtocolBit Torrent Protocol
Bit Torrent ProtocolAli Habeeb
 
A study of Data Quality and Analytics
A study of Data Quality and AnalyticsA study of Data Quality and Analytics
A study of Data Quality and AnalyticsAli Habeeb
 
Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Ali Habeeb
 

More from Ali Habeeb (20)

Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion Routing
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion Mining
 
WAP
WAPWAP
WAP
 
USB 3.0
USB 3.0USB 3.0
USB 3.0
 
Blue Eyes
Blue EyesBlue Eyes
Blue Eyes
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
 
Web Security
Web SecurityWeb Security
Web Security
 
Secure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingSecure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwarding
 
Organizing User Search Histories
Organizing User Search HistoriesOrganizing User Search Histories
Organizing User Search Histories
 
Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy Anomalies
 
Bit Torrent Protocol
Bit Torrent ProtocolBit Torrent Protocol
Bit Torrent Protocol
 
A study of Data Quality and Analytics
A study of Data Quality and AnalyticsA study of Data Quality and Analytics
A study of Data Quality and Analytics
 
Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10
 
Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09
 
Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08
 
Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07
 
Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06
 
Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05
 
Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Iss lecture 6

  • 1. Information System SecurityInformation System Security Lecture 6Lecture 6 Database SecurityDatabase Security
  • 2. 22 OutlineOutline  Data SecurityData Security  Access controlAccess control  Security policySecurity policy  Access control policyAccess control policy 1.1. Discretionary access controlDiscretionary access control 2.2. Content-based access controlContent-based access control 3.3. Mandatory access controlMandatory access control 4.4. Role-based access controlRole-based access control
  • 3. 33 Data security: ExamplesData security: Examples 1.1. Consider a payroll database in a corporation, it must be ensuredConsider a payroll database in a corporation, it must be ensured that:that: – Salaries of individual employeesSalaries of individual employees are not disclosedare not disclosed to arbitrary users ofto arbitrary users of the database,the database, – SalariesSalaries are modifiedare modified by only those individuals that are properlyby only those individuals that are properly authorized,authorized, – PaychecksPaychecks are printed on timeare printed on time at the end of each pay period.at the end of each pay period. 1.1. In a military environment, it is important that:In a military environment, it is important that: – The target of a missileThe target of a missile is not givenis not given to an unauthorized user,to an unauthorized user, – The targetThe target is not arbitrarily modified,is not arbitrarily modified, – The missileThe missile is launched when it is fired.is launched when it is fired.
  • 4. 44 Data Security: main goalsData Security: main goals  Confidentiality: it refers to data protection from unauthorized read operations.  Integrity: it refers to data protection from unauthorized modification operations.  Availability: it ensures that data access is not denied to authorized subjects.  Others: Authentication, etc. Confidentiality Integrity Data security availability
  • 5. 55 Data Security: main goalsData Security: main goals  Confidentiality is enforced by theConfidentiality is enforced by the access control mechanism.access control mechanism.  Integrity is enforced by theIntegrity is enforced by the access control mechanismaccess control mechanism and by theand by the semantic integrity constraintssemantic integrity constraints specified during schemaspecified during schema definition.definition.  Availability is enforced by theAvailability is enforced by the recoveryrecovery andand concurrency controlconcurrency control mechanisms.mechanisms.
  • 6. 66 Access control: BasicAccess control: Basic conceptsconcepts  An access control system regulates the operations that can beAn access control system regulates the operations that can be executed on data and resources to be protected.executed on data and resources to be protected.  Its goal is to control operations executed by subjects in order toIts goal is to control operations executed by subjects in order to prevent actions that could damage data and resources.prevent actions that could damage data and resources. Authorization rules Reference Monitor Security Policy Access request Access denied Access Permitted Access partially permitted
  • 7. 77 Security PolicySecurity Policy  Policies deal with defining what is authorized and who can grantPolicies deal with defining what is authorized and who can grant authorizations.authorizations.  Existing security policies tend to focus mainly on theExisting security policies tend to focus mainly on the confidentiality (Privacy) requirements of securityconfidentiality (Privacy) requirements of security ..  Policies are used like requirements; they are the starting point inPolicies are used like requirements; they are the starting point in the development of any system that has security features .the development of any system that has security features .  Adopted security policies mainly depend on organizationalAdopted security policies mainly depend on organizational requirements, such as legal requirements, regulatoryrequirements, such as legal requirements, regulatory requirements, user requirements.requirements, user requirements.
  • 8. 88 Security Policies andSecurity Policies and AuthorizationsAuthorizations  The security policies are implemented by mapping them into aThe security policies are implemented by mapping them into a set ofset of authorizationsauthorizations  Authorizations thus establish the operations and rights thatAuthorizations thus establish the operations and rights that subjects can exercise on the protected objectssubjects can exercise on the protected objects  TheThe reference monitorreference monitor is a control mechanismis a control mechanism – It has the task of determining whether a given subject is authorized toIt has the task of determining whether a given subject is authorized to access the dataaccess the data
  • 9. 99 Access control policyAccess control policy  Discretionary access controlDiscretionary access control  Mandatory access controlMandatory access control  Role-based access controlRole-based access control  Context-based access controlContext-based access control
  • 10. 1010 Access control PolicyAccess control Policy  Most access control policies are formulated in terms of subjects,Most access control policies are formulated in terms of subjects, objects, and privilegesobjects, and privileges  Authorization Objects: Anything that holds data, such asAuthorization Objects: Anything that holds data, such as relations, directories, interprocess messages, network packets,relations, directories, interprocess messages, network packets, I/O devices, or physical mediaI/O devices, or physical media  Authorization Subjects: An abstraction of any active entity thatAuthorization Subjects: An abstraction of any active entity that performs computation in the systemperforms computation in the system – Examples: users, processes, roles, etc.Examples: users, processes, roles, etc.  Authorization Privileges: Operations that a subject can exerciseAuthorization Privileges: Operations that a subject can exercise on the objects in the systemon the objects in the system – Examples: read, write, execute, select, insert, update, delete, etc.Examples: read, write, execute, select, insert, update, delete, etc.
  • 11. 1111 Discretionary ACPsDiscretionary ACPs  DAC policies govern the access of subjects to objects on theDAC policies govern the access of subjects to objects on the basis of subjects' identity and authorization rulesbasis of subjects' identity and authorization rules  When an access request is submitted to the system, the accessWhen an access request is submitted to the system, the access control mechanism verifies whether there is an authorization rulecontrol mechanism verifies whether there is an authorization rule authorizing the accessauthorizing the access  Such mechanisms are discretionary in that they allow subjects toSuch mechanisms are discretionary in that they allow subjects to grant other subjects authorization to access their objects at theirgrant other subjects authorization to access their objects at their discretiondiscretion  Most of the common commercial DBMSs support itMost of the common commercial DBMSs support it
  • 12. 1212 DAC: SQL commandsDAC: SQL commands  Privilege delegation is supported through thePrivilege delegation is supported through the grant optiongrant option: if a: if a privilege is granted with the grant option, the user receiving itprivilege is granted with the grant option, the user receiving it can not only exercise the privilege, but can also grant it to othercan not only exercise the privilege, but can also grant it to other usersusers  A user can only grant a privilege on a given table if he/she is theA user can only grant a privilege on a given table if he/she is the table owner or if he/she has received the privilege with granttable owner or if he/she has received the privilege with grant optionoption  GRANTGRANT PrivilegeListPrivilegeList| ALL[PRIVILEGES] ON| ALL[PRIVILEGES] ON tabletable||ViewView TOTO UserListUserList | PUBLIC [WITH GRANT OPTION]| PUBLIC [WITH GRANT OPTION]
  • 13. 1313 DAC: SQL commandsDAC: SQL commands  Example:Example: – Bob: GRANT select, insert ON Employee TO Ann WITH GRANTBob: GRANT select, insert ON Employee TO Ann WITH GRANT OPTION;OPTION; Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION;Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION; Ann: GRANT select, insert ON Employee TO Jim;Ann: GRANT select, insert ON Employee TO Jim; – Jim has theJim has the selectselect privilege (received from both Bob and Ann) and theprivilege (received from both Bob and Ann) and the insert privilege (received from Ann).insert privilege (received from Ann). – Jim canJim can grantgrant to other users the select privilege (because it has receivedto other users the select privilege (because it has received itit with grant optionwith grant option); however, he cannot grant the insert privilege.); however, he cannot grant the insert privilege.
  • 14. 1414 DAC in SQL - GrantDAC in SQL - Grant  Grant Command:Grant Command: 1.1. Bob: GRANT select, insert ON Employee TO Jim WITH GRANTBob: GRANT select, insert ON Employee TO Jim WITH GRANT OPTION;OPTION; 2.2. Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION;Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION; 3.3. Bob: GRANT insert ON Employee TO Ann;Bob: GRANT insert ON Employee TO Ann; 4.4. Jim: GRANT update ON Employee TO Tim WITH GRANT OPTION;Jim: GRANT update ON Employee TO Tim WITH GRANT OPTION; 5.5. Ann: GRANT select, insert ON Employee TO Tim;Ann: GRANT select, insert ON Employee TO Tim;  The first three GRANT commands are fully executed (Bob is the owner of theThe first three GRANT commands are fully executed (Bob is the owner of the table)table)  The fourth command is not executed, because Jim does not have theThe fourth command is not executed, because Jim does not have the updateupdate privilege on the tableprivilege on the table  The fifth command is partially executed; Ann has theThe fifth command is partially executed; Ann has the selectselect andand insertinsert but shebut she does not have the grant option for the insertdoes not have the grant option for the insert – Tim only receives theTim only receives the selectselect privilegeprivilege
  • 15. 1515 DAC in SQL - RevokeDAC in SQL - Revoke  REVOKEREVOKE PrivilegeListPrivilegeList| ALL[PRIVILEGES] ON| ALL[PRIVILEGES] ON table | Viewtable | View FROMFROM UserListUserList | PUBLIC| PUBLIC  A user can only revoke the privileges he/she has granted;A user can only revoke the privileges he/she has granted;  Upon execution of a revoke operation, the user from whom theUpon execution of a revoke operation, the user from whom the privileges have been revoked looses these privileges, unless hasprivileges have been revoked looses these privileges, unless has them from some sourcethem from some source independentindependent from that has executed thefrom that has executed the revoke.revoke.  Recursive revocation: whenever a user revokes an authorizationRecursive revocation: whenever a user revokes an authorization on a table from another user, all the authorizations that theon a table from another user, all the authorizations that the revokee had granted because of the revoked authorization arerevokee had granted because of the revoked authorization are removed.removed.
  • 16. 1616 DAC in SQL - RevokeDAC in SQL - Revoke  Example:Example: – Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION;Bob: GRANT select ON Employee TO Jim WITH GRANT OPTION; – Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION;Bob: GRANT select ON Employee TO Ann WITH GRANT OPTION; – Jim: GRANT select ON Employee TO Tim;Jim: GRANT select ON Employee TO Tim; – Ann: GRANT select ON Employee TO Tim;Ann: GRANT select ON Employee TO Tim; – Jim: REVOKE select ON Employee FROM Tim;Jim: REVOKE select ON Employee FROM Tim; – Tim continues to hold theTim continues to hold the selectselect privilege on table Employee after theprivilege on table Employee after the revokerevoke operation, since he has independently obtained such privilege fromoperation, since he has independently obtained such privilege from Ann.Ann.
  • 17. 1717 Content-Based AC (CBAC)Content-Based AC (CBAC)  Content-based access control conditions the access to a givenContent-based access control conditions the access to a given object to its content.object to its content.  As an example, in a RDBMS supporting content-based accessAs an example, in a RDBMS supporting content-based access control it is possible to authorize a subject to access informationcontrol it is possible to authorize a subject to access information only of those employees whose salary is not greater than 30K.only of those employees whose salary is not greater than 30K.  Two are the most common approaches to enforce content-basedTwo are the most common approaches to enforce content-based access control in a DBMS:access control in a DBMS: – by associating a predicate (or a Boolean combination of predicates) withby associating a predicate (or a Boolean combination of predicates) with the authorizationthe authorization – by defining aby defining a viewview which selects the objects whose content satisfies awhich selects the objects whose content satisfies a given condition, and then granting the authorization on the view insteadgiven condition, and then granting the authorization on the view instead of on the basic objectsof on the basic objects
  • 18. 1818 CBAC: SQL CommandsCBAC: SQL Commands  Example: suppose we want to authorize user Ann to access onlyExample: suppose we want to authorize user Ann to access only the employees whose salary is lower than 20000 – steps:the employees whose salary is lower than 20000 – steps: – CREATE VIEW Vemp ASCREATE VIEW Vemp AS SELECT * FROM Employee WHERE Salary < 20000;SELECT * FROM Employee WHERE Salary < 20000; GRANT Select ON Vemp TO Ann;GRANT Select ON Vemp TO Ann;  Ann:Ann: – SELECT * FROM Vemp WHERE Job = ‘Programmer’;SELECT * FROM Vemp WHERE Job = ‘Programmer’; – This is equivalent to:This is equivalent to: – SELECT * FROM Employee WHERE Salary < 20000 AND Job =SELECT * FROM Employee WHERE Salary < 20000 AND Job = ‘Programmer’;‘Programmer’;
  • 19. 1919 Mandatory Access controlMandatory Access control  MAC specifies the access that subjects have to access objectsMAC specifies the access that subjects have to access objects based on subjects and objects classification.based on subjects and objects classification.  This type of security has also been referred to asThis type of security has also been referred to as multilevelmultilevel securitysecurity  Database systems that satisfy multilevel security properties areDatabase systems that satisfy multilevel security properties are called multilevel secure database management systemscalled multilevel secure database management systems (MLS/DBMSs)(MLS/DBMSs)  Many of the MLS/DBMSs have been designed based on the BellMany of the MLS/DBMSs have been designed based on the Bell and LaPadula (BLP) model.and LaPadula (BLP) model.
  • 20. 2020 Role-based AC (RBAC):Role-based AC (RBAC): MotivationMotivation  One challenging problem in managing large systems is the complexity ofOne challenging problem in managing large systems is the complexity of security administration.security administration.  Whenever the number of subjects and objects is high, the number ofWhenever the number of subjects and objects is high, the number of authorizations can become extremely large.authorizations can become extremely large.  Moreover, if the user population is highly dynamic, the number of grant andMoreover, if the user population is highly dynamic, the number of grant and revoke operations to be performed can become very difficult to manage.revoke operations to be performed can become very difficult to manage.  End users often do not own the information for which they are allowedEnd users often do not own the information for which they are allowed access. The corporation or agency is the actual owner of data objects.access. The corporation or agency is the actual owner of data objects.  Control is often based on employee functions rather than data ownership.Control is often based on employee functions rather than data ownership.  RBAC has been proposed as anRBAC has been proposed as an alternativealternative approach to DAC and MAC bothapproach to DAC and MAC both to simplify the task of access control management and to directly supportto simplify the task of access control management and to directly support function-based access control.function-based access control.
  • 21. 2121 RBAC: Basic ConceptsRBAC: Basic Concepts  Roles represent functions within a given organization andRoles represent functions within a given organization and authorizations are granted to roles instead of to single usersauthorizations are granted to roles instead of to single users  Users are thus simply authorized to "play“ the appropriate roles,Users are thus simply authorized to "play“ the appropriate roles, thereby acquiring the roles’ authorizationsthereby acquiring the roles’ authorizations  RBAC: BenefitsRBAC: Benefits – Because roles represent organizational functions, an RBAC model canBecause roles represent organizational functions, an RBAC model can directly support security policies of the organizationdirectly support security policies of the organization – Granting and revoking of user authorizations is greatly simplifiedGranting and revoking of user authorizations is greatly simplified  Most commercial DBMSs support RBAC features at some extentsMost commercial DBMSs support RBAC features at some extents
  • 22. 2222 RBAC: NIST ModelRBAC: NIST Model  UserUser:: is defined as a human being, a machine, a process, etc.is defined as a human being, a machine, a process, etc.  RoleRole: is a function within the context of an organization with an associated: is a function within the context of an organization with an associated semantic regarding its authority and responsibilitysemantic regarding its authority and responsibility  PermissionPermission:: is an access mode that can be exercised on objects in the system.is an access mode that can be exercised on objects in the system. Both objects and access modes are domain dependent.Both objects and access modes are domain dependent. – For example, in the case of databases, the object set includes tables, columns, andFor example, in the case of databases, the object set includes tables, columns, and rows, and the access mode set includes insert, delete, and update operations.rows, and the access mode set includes insert, delete, and update operations.  SessionSession:: it is a particular instance of a connection of a user to the system andit is a particular instance of a connection of a user to the system and defines the subset of activated roles.defines the subset of activated roles. – At each moment, different sessions for the same user can be active.At each moment, different sessions for the same user can be active. – When a user logs in the system, he/she establishes a session and, during thisWhen a user logs in the system, he/she establishes a session and, during this session, can request to activate a subset of the roles he/she is authorized to play.session, can request to activate a subset of the roles he/she is authorized to play. – The user obtains all permissions associated with the role he/she has activated inThe user obtains all permissions associated with the role he/she has activated in the sessionthe session
  • 23. 2323 RBACRBAC Individuals Roles Resources Role 1 Role 2 Role 3 Users change frequently, roles don’t Server 1 Server 2 Server 3
  • 24. 2424 RBAC: SQL CommandsRBAC: SQL Commands  CREATE ROLE role-name IDENTIFIED BY passwd |NOT IDENTIFIED;CREATE ROLE role-name IDENTIFIED BY passwd |NOT IDENTIFIED;  example:example: – CREATE ROLE teller IDENTIFIED BY cashflow;CREATE ROLE teller IDENTIFIED BY cashflow;  DROP ROLE role-name;DROP ROLE role-name;  GRANT role TO user | role | PUBLIC [WITH ADMIN OPTION];GRANT role TO user | role | PUBLIC [WITH ADMIN OPTION];  To perform the grant of a role, a user must have the privilege for the role withTo perform the grant of a role, a user must have the privilege for the role with the ADMIN option, or the system privilege GRANT ANY ROLEthe ADMIN option, or the system privilege GRANT ANY ROLE  The ADMIN option allows the receiver to modify or drop the roleThe ADMIN option allows the receiver to modify or drop the role  Example:Example: – GRANT teller TO Bob;GRANT teller TO Bob;
  • 25. 2525 RBAC: SQL CommandsRBAC: SQL Commands  The grant command for authorization granting can have roles asThe grant command for authorization granting can have roles as subjectssubjects  example:example: – GRANT select ON Employee TO teller;GRANT select ON Employee TO teller;

Editor's Notes

  1. The reference monitor checks the access rights, and then grants or deny access accordingly.
  2. A role is a named collections of privileges / functional entities within the organization