The document summarizes current trends in data security research. It discusses traditional approaches like access control in SQL and security in statistical databases. It then covers two common attacks: SQL injection due to poor application programming and re-identification of individuals from published data. Current research topics addressed include information leakage and privacy, fine-grained access control, data encryption, and secure multi-party computation. The challenges lie in enforcing complex real-world security policies and protecting data in global sharing environments.

1. Current Trends in Data Security Dan Suciu Joint work with Gerome Miklau

6. Access Control in SQL GRANT privileges ON object TO users [WITH GRANT OPTIONS] privileges = SELECT | INSERT | DELETE | . . . object = table | attribute REVOKE privileges ON object FROM users [CASCADE ] [Griffith&Wade'76, Fagin'78]

14. SQL Injection Your health insurance company lets you see the claims online: Now search through the claims : Dr. Lee First login: SELECT…FROM…WHERE doctor=‘Dr. Lee’ and patientID=‘fred’ [Chris Anley, Advanced SQL Injection In SQL ] Search claims by: User: Password: fred ********

15. SQL Injection Now try this: Search claims by: Dr. Lee’ OR patientID = ‘suciu’; -- … ..WHERE doctor=‘Dr. Lee’ OR patientID=‘suciu’; --’ and patientID=‘fred’ Better: Search claims by: Dr. Lee’ OR 1 = 1; --

16. SQL Injection When you’re done, do this: Search claims by: Dr. Lee’; DROP TABLE Patients; --

25. Information Leakage: k-Anonymity Definition : each tuple is equal to at least k-1 others Anonymizing: through suppression and generalization Hard: NP-complete for supression only Approximations exists [Samarati&Sweeney’98, Meyerson&Williams’04] Hisp 22 Ramos John Afr-am 47 Stone Beatrice Cauc 36 Reyser John Afr-Am 34 Stone Harry Race Age Last First * 20-40 R* John Afr-am 30-50 Stone * * 20-40 R* John Afr-Am 30-50 Stone * Race Age Last First

26. Information Leakage: Query-view Security TABLE Employee(name, dept, phone) Have data: total big tiny none [Miklau&S’04, Miklau&Dalvi&S’05,Yang&Li’04] V(name,phone) S(name) Disclosure ? View(s) Secret Query V1(name,dept) V2(dept,phone) S(name,phone) V(dept) S(name) V(name) where dept=‘RD’ S(name) where dept=‘HR’

34. Policy Specification Language CREATE AUTHORIZATION VIEW PatientsForDoctors AS SELECT Patient.* FROM Patient, Doctor WHERE Patient.doctorID = Doctor.ID and Doctor.login = %currentUser Context parameters No standard, but usually based on parameterized views.

35. Implementation SELECT Patient.name, Patient.age FROM Patient WHERE Patient.disease = ‘flu’ SELECT Patient.name, Patient.age FROM Patient, Doctor WHERE Patient.disease = ‘flu’ and Patient.doctorID = Doctor.ID and Patient.login = %currentUser e.g. Oracle

42. Secure Shared Processing [Agrawal’03] Alice Bob a b c d c d e What’s wrong ? Task: find intersection without revealing the rest h(a) h(b) h(c) h(d) h(c) h(d) h(e) Compute one-way hash Exchange h(c) h(d) h(e) h(a) h(b) h(c) h(d)

43. Secure Shared Processing Alice Bob a b c d c d e commutative encryption: h(x) = E A (E B (x)) = E B (E A (x)) [Agrawal’03] E B (c) E B (d) E B (e) E A (a) E A (b) E A (c) E A (d) E A (a) E A (b) E A (c) E A (d) E B (c) E B (d) E B (e) E A E B h(c) h(d) h(e) h(a) h(b) h(c) h(d) E A E B h(a) h(b) h(c) h(d) h(c) h(d) h(e)

48. Questions ?