3. 1. Introduction
• Type of encryption in database? Column &row
• Encrypt each tuple (row) in the relation (table)
with an encryption key that depends on the
security level of the tuple (tuple classification).
Encryption-Based
Multi-level Model
Multilevel Relation
Model
Encryption System
4. The Encryption-based multilevel
security model Characterizes:
I.Utilizing an encryption system as an additional
security layer over the multilevel security layer
for the relational database.
II. Reducing the multilevel database size.
III. Improving the response time of data retrieval
from the multilevel database.
5. Cont..
• The prototype is used as a research tool for studying
principles and mechanisms of the encryption-based
multilevel model and other multilevel relational database
security models (SeaView, Jajodia–Sandhu, Smith–
Winslett , multilevel relational [MLR], and belief-
consistent models) .
6. Why used prototype?
1. To determine the relative performance of the
multilevel relational database security
models.
2. The performance cost for applying the
encryption system in multilevel relational
database security.
7. 2. Encryption-Based Multilevel Database
Model
• A symmetric key:-for each unique security
level.
• The user can use the keys :
Security level (key) <= Security level (user)
• The classification attributes are removed.
• Each attribute is encrypted by using:
encryption key that corresponds to the tuple
security classification level (tuple level
encryption).
9. Several DBMS Support Encryption
Algorithms
1. DB2(IBM)
- SQL Functions
- Stored Procedures
2. ORACLE
- Transparent Data Encryption (TDE)
10.
11. Manipulation
• The data manipulation statements in the
encryption-based multilevel database model are :
INSERT
DELETE
SELECT
UPDATE
UPLEVEL
16. The UPLEVEL Statement
• The UPLEVEL statement executed by a user
with security class level L has the following
general form:
UPLEVEL R GET [A1,A2,...,A n] FROM
[C1,C2,...,C n] WHERE P
17. UPLEVEL Example
user with S security level has
used the UPLEVEL
command to indicate that he
believes the first tuple and
insert the second tuple with S
security level
19. 4. Performance Study
• Study performance of multilevel relational database
security models such as SeaView, Jajodia–Sandhu,
Smith– Winslett, MLR, and belief-consistent models
and the encryption-based multilevel database.
• The impact of changing the size and schema of the
relational database on the performance of these
models
20. Machine that is used for the implementation
consists of :
• CPU speed of 2.2 GHz
• physical RAM size of 3 GB
• hard disk size of 320 GB
• The software used in the implementation is a Microsoft
SQL server 2008 R2 and the experiments’ measurements
were captured at the machine using a monitoring tool
provided by the Microsoft SQL server.
21. The impact of changing the number of tuples on the performance of
the encryption algorithms in a multilevel database in the selection
query
22. Cont..
The experiments investigate the impact of changing :
1) The number of tuples
2) The number of attributes
3) The number of security levels
These experiments use the CPU response time (in minutes).
Assume that the base value for the number of tuples is
1,000,000, the base number of attributes is three, and the base
number of security levels is four.
24. SELECT Query
Select * from Employee where department =
‘Sales’
Supporting encryption in the encryption-based
multilevel database model improves the performance
of the multilevel relational database because database
size is decreased due to removing the extra attributes
used for the class levels.
25. Impact of changing the number of tuples in the selection
query
Number of attributes = 3
Number of security levels = 4
26. Impact of changing the number of attributes in the
selection query
Number of tuples = million
Number of security levels = 4
27. Impact of changing the number of security levels in
the selection query
Number of attributes = 3
Number of tuples = million
28. JOIN Query
• Select * from Employee join Departure on
Employee.Name = Departure.Name where
Employee. department = ‘Sales’
29. Impact of changing the number of tuples in the join
query
Number of attributes = 3
Number of security levels = 4
30. Impact of changing the number of attributes in the
join query
Number of tuples = million
Number of security levels = 4
31. Impact of varying the number of security levels in the join
query
Number of attributes = 3
Number of tuples = million
32. Cont…
Supporting encryption in the encryption-based
multilevel database model improves the
performance of the multilevel relational
database because database size is decreased
due to removing the extra attributes used for
the class levels.
33. Impact of varying the number of tuples in
an update query
Number of attributes = 3
Number of security levels = 4
34. Cont..
Supporting encryption in the encryption-based
multilevel database model decreases the
performance of a multilevel database because,
during the execution of the update statement.
The encryption and decryption mechanisms will
be included together in the update procedure.
35. Hierarchical of Model Performance
Smith-Winslett
MLR
Blief-Consistent
Jajodia-Sandhu
SeaView
High performance
36. Analysis of Experimental Results
• The performance of the Smith–Winslett model is the best.
• The MLR model offers less performance than the Smith–
Winslett model because it supports the security
classification at the level of each single attribute.
• The belief-consistent model has less performance than
the MLR model because it supports a combination of the
security classification levels for each single attribute to
enable the user to assert his beliefs of lower level users’
information.
37. Cont…
• The Jajodia–Sandhu model has bad performance
because of the impact of union operation between
single-level relations in the recovery algorithm.
• The SeaView model has very bad performance
because of the impact of the JOIN operation between
vertical single-level relations and union operation
between horizontal single-level relations in the
recovery algorithm.
38. Comparison between MLR and
Encryption –Based model
The encryption- based multilevel database model has
performance better than the performance of the MLR
model in retrieving data from the multilevel database.
The performance of the encryption-based multilevel
database model is less than the performance of the MLR
model in updating data because the overhead of
supporting the encryption algorithm in the update query is
executed.
39.
40. Summary
The encryption-based multilevel model overview.
Comparison the performance of MLR models and encryption-
based model.
Supporting encryption in multilevel relational database:
1. Improve performance of the retrieving data in the SELECT
and JOIN queries.
2.Bad performance because of the extra CPU processing results.