Data base security

11
Database SecurityDatabase Security
Supervised bySupervised by::
Dr. Yousri TahaDr. Yousri Taha
Presented byPresented by::
Layla hajrLayla hajr
Najlaa Ba-hmaidNajlaa Ba-hmaid

2
OutlineOutline
 Database Security Issues
 Access Protection,User Accounts, and Database AuditsAccess Protection,User Accounts, and Database Audits
 How to protect databaseHow to protect database
– Access ControlAccess Control
 Discretionary Access ControlDiscretionary Access Control
 Mandatory Access ControlMandatory Access Control
 Role-Based Access ControlRole-Based Access Control
– Introduction to CryptographyIntroduction to Cryptography
 Encryption
 Digital Signatures
– Inference control
 StatisticalStatistical DatabaseDatabase
– Flow Control

3
Database Security Issues
Types of Security
 Legal and ethical issues:
– Some Information may be deemed to be private and cannot be accessed
legally by unauthorized persons
 E.g. numerous laws governing privacy of information.
 Policy issues
– What kinds of information should not be made publicly available.
 E.g. Credit and personal medical record.
 System-related issues
– Whether a security function should be handled at the physical hardware level ,
the operating system level or the DBMS
 The need to identify multiple security levels
– Categorize the data and Users based on these classification.
 E.g. top secret, secret, confidential, and unclassified

4
Database Security Issues (Cont.(
Goals of DB SecurityGoals of DB Security
Integrity
– Only authorized users should be allowed to modify data.Only authorized users should be allowed to modify data.
– Integrity is lost if unauthorized changes are made to the data by
either intentional or accidental acts.
Availability
– Making data available to the authorized users and applicationMaking data available to the authorized users and application
programs.programs.
 Confidentiality
– Protection of data from unauthorized disclosureProtection of data from unauthorized disclosure

5
Database administrator (DBA) :
 Is the central authority for managing a database system.
 The DBA’s responsibilities include:
 granting privileges to users who need to use the system
 classifying users and data in accordance with the policy of
the organization
 Has a DBA Account in the DBMS, sometime called a
system or super user account, which provides powerful
capabilities that are not made available to regular database
accounts and users, or user groups.

6
Database administrator (DBA( actions :
 Account Creation
– Creates a new account and password for a user or a group of
users to enable access to the DBMS
 Privilege granting
– Permits the DBA to grant certain privilege to certain account
 Privilege revocation
– Permits the DBA to revoke (cancel) certain privileges that were
previously given to certain accounts
 Security level assignment
– This action consists of assigning user accounts to the appropriate
security classification level

7
Access Protection, User Accounts,Access Protection, User Accounts,
and Database Auditsand Database Audits
1.1. Person need to access databasePerson need to access database
2.2. DBA createDBA create user account and passworduser account and password
3.3. TheThe user loginuser login to the DBMS byto the DBMS by enter user accountenter user account andand
passwordpassword
4.4. TheThe DBMS checks that the account and passwordDBMS checks that the account and password
validvalid
 If the user is permitted to use the DBMS to access the databaseIf the user is permitted to use the DBMS to access the database
1.1. DBMS keepDBMS keep track of database userstrack of database users and their accountsand their accounts
and passwords byand passwords by creating and encryptedcreating and encrypted table of filetable of file
with the two fieldswith the two fields Account and Password.Account and Password. This tableThis table waswas
maintained by the DBMS.maintained by the DBMS.
 When create new user, the data will insert into this tableWhen create new user, the data will insert into this table
 When account is canceled, the corresponding record must beWhen account is canceled, the corresponding record must be
delete from the tabledelete from the table

8
and Database Auditsand Database Audits (Cont(Cont.).)
6.6. BDMS keepBDMS keep track of operationstrack of operations on the databaseon the database
 Create login sessionCreate login session when user log inwhen user log in
 Keep track of sequence of database interactions from the time ofKeep track of sequence of database interactions from the time of
logging in to the time of logging outlogging in to the time of logging out
 When user log in, the DBMS record the user’s account andWhen user log in, the DBMS record the user’s account and
associate it with the terminal from with the terminal from whichassociate it with the terminal from with the terminal from which
the user logged onthe user logged on
 All operations applied from that terminal are attributed to theAll operations applied from that terminal are attributed to the
user’s account until the log offuser’s account until the log off
 Keep track of the update operationKeep track of the update operation
 If the database is tampered with, the DBA can find out which userIf the database is tampered with, the DBA can find out which user
did the tamperingdid the tampering

9
and Database Auditsand Database Audits (Cont(Cont.).)
 Keep track of operations onKeep track of operations on system logsystem log
 System log includes an entry for each operation applied to theSystem log includes an entry for each operation applied to the
database that may be required for recovery from a transaction failuredatabase that may be required for recovery from a transaction failure
or system crash.or system crash.
 If have any tampering with database,If have any tampering with database, aa database auditdatabase audit is performed,is performed,
which consists of reviewing the log to examine all accesses andwhich consists of reviewing the log to examine all accesses and
operations applied to the database during a certain time period.operations applied to the database during a certain time period.
 When illegal or unauthorized is found, the DBA canWhen illegal or unauthorized is found, the DBA can determine thedetermine the
account useraccount user
 Database auditsDatabase audits is important for sensitive databases that areis important for sensitive databases that are
updated by many transactions and users.updated by many transactions and users. Audit trailAudit trail is a databaseis a database
log that used mainly for security purposes.log that used mainly for security purposes.

10
How to protect databaseHow to protect database
 To protect databases against these types of threats it is
common to implement four kinds of control measures :
– Access control
 ensures queries of sensitive data are not answeredensures queries of sensitive data are not answered
– Inference control
 ensures queries of nonensures queries of non--sensitive data when put together dosensitive data when put together do
not reveal sensitive informationnot reveal sensitive information
– Flow control
 specifies the channels along which information is allowed to
move
– Encryption
 ensures privacy during transfer of sensitive dataensures privacy during transfer of sensitive data

11
Access Controls TypesAccess Controls Types
 Discretionary Access ControlDiscretionary Access Control
 Mandatory Access ControlMandatory Access Control
 Role-Based Access ControlRole-Based Access Control

12
Discretionary Access controlDiscretionary Access control
Name Access
Tom Yes
John No
Cindy Yes
Application
Access List
 Restricts access to objects based solely on the identity ofRestricts access to objects based solely on the identity of
users who are trying to access them.users who are trying to access them.
Individuals Resources
Server 1
Server 3
Server 2

13
Discretionary Access control Based onDiscretionary Access control Based on
Granting and Revoking PrivilegeGranting and Revoking Privilege
Types of Discretionary Privileges:
 The account level:
– At this level, the DBA specifies the particular privileges that
each account holds independently of the relations in the
database.
– The privileges can include : (CREATE SCHEMA , CREATE
VIEW, ALTER, DROP, MODIFY, SELECT ((
 The relation level (or table level(:
– At this level, the DBA can control the privilege to access each
individual relation or view in the database.

14
Granting and Revoking PrivilegeGranting and Revoking Privilege (Cont(Cont.).)
Specifying Privilege using VIEWSpecifying Privilege using VIEW
 Important method to limiting users to manipulateImportant method to limiting users to manipulate
datadata
 If user A want user B to be able to retrieve only someIf user A want user B to be able to retrieve only some
field of relation R (create by A(field of relation R (create by A(
 Then A can a view V of R that includes only someThen A can a view V of R that includes only some
attributesattributes
 And then grant SELECT on V to BAnd then grant SELECT on V to B

15
Granting and Revoking PrivilegeGranting and Revoking Privilege (Cont(Cont.(.(
Grant privilegeGrant privilege
 GrantGrant operationoperation onon Table/ViewTable/View toto UserUser withwith grantgrant
optionoption
 ExampleExample
– GRANTGRANT selectselect ON emp toON emp to marymary;;
– GRANTGRANT selectselect ON empcom toON empcom to janejane with grantwith grant
optionoption;;
– GRANTGRANT updateupdate onon emp (salary(emp (salary( to jane;to jane;

16
Revoking PrivilegesRevoking Privileges
 Purpose for canceling privilegesPurpose for canceling privileges
 REVOKEREVOKE operationoperation onon table/view/objecttable/view/object fromfrom USERUSER
 ExampleExample
– REVOKE select on EMP from jane;REVOKE select on EMP from jane;
– REVOKE select on EMPCOM from jane;REVOKE select on EMPCOM from jane;

17
Example:
 Suppose that the DBA creates four accounts
– A1, A2, A3, A4
 and wants only A1 to be able to create base relations. Then the
DBA must issue the following GRANT command in SQL
– GRANT CREATETAB TO A1;
 In SQL2 the same effect can be accomplished by having the DBA
issue a CREATE SCHEMA command as follows:
 CREATE SCHEMA EXAMPLE AUTHORIZATION A1;
 User account A1 can create tables under the schema called
EXAMPLE.

18
 Suppose thatSuppose that A1A1 createscreates the two base relationsthe two base relations EMPLOYEEEMPLOYEE
andand DEPARTMENTDEPARTMENT
– A1 is thenA1 is then ownerowner of these two relations and hence all theof these two relations and hence all the
relation privileges on each of them.relation privileges on each of them.
EMPLOYEE:EMPLOYEE:
DEPARTMENT:DEPARTMENT:
NameName SsnSsn BdateBdate AddressAddress SexSex SalarySalary DnoDno
DnumberDnumber DnameDname Mgr_ssnMgr_ssn

19
 Suppose thatSuppose that A1A1 wants to grantwants to grant A2A2 the privilege tothe privilege to insertinsert andand deletedelete
tuples in both of these relations, buttuples in both of these relations, but A1A1 does not wantdoes not want A2A2 to be ableto be able
to propagate these privileges to additional accounts:to propagate these privileges to additional accounts:
GRANT INSERT, DELETE ONGRANT INSERT, DELETE ON
EMPLOYEE, DEPARTMENTEMPLOYEE, DEPARTMENT TO A2;TO A2;
 Suppose thatSuppose that A1A1 wants to allowwants to allow A3A3 to retrieve information fromto retrieve information from
either of the two tables and also to be able to propagate theeither of the two tables and also to be able to propagate the
SELECTSELECT privilege to other accounts.privilege to other accounts.A1A1 can issue the command:can issue the command:
GRANT SELECT ONGRANT SELECT ON EMPLOYEE, DEPARTMENTEMPLOYEE, DEPARTMENT
TOTO A3A3 WITH GRANT OPTION;WITH GRANT OPTION;

20
 A3 can grant the SELECT privilege on the EMPLOYEE relation
to A4 by issuing:
GRANT SELECT ON EMPLOYEE TO A4;
– Notice that A4 can’t propagate the SELECT privilege because
GRANT OPTION was not given to A4
 Suppose that A1 decides to revoke the SELECT privilege on the
EMPLOYEE relation from A3; A1 can issue:
REVOKE SELECT ON EMPLOYEE FROM A3;
 The DBMS must now automatically revoke the SELECT privilege
on EMPLOYEE from A4, too, because A3 granted that privilege to
A4 and A3 does not have the privilege any more.

21
 Suppose that A1 wants to give back to A3 a limited capability to
SELECT from the EMPLOYEE relation and wants to allow A3 to
be able to propagate the privilege.
– The limitation is to retrieve only the NAME, BDATE, and
ADDRESS attributes and only for the tuples with DNO=5.
– A1 then create the view:
CREATE VIEW A3EMPLOYEE AS
SELECT NAME, BDATE, ADDRESS
FROM EMPLOYEE
WHERE DNO = 5;
 After the view is created, A1 can grant SELECT on the view
A3EMPLOYEE to A3 as follows:
GRANT SELECT ON A3EMPLOYEE TO A3
WITH GRANT OPTION;

22
 Finally, suppose that A1 wants to allow A4 to update only the
SALARY attribute of EMPLOYEE;
 A1 can issue:
GRANT UPDATE ON EMPLOYEE (SALARY) TO A4;
– The UPDATE or INSERT privilege can specify particular
attributes that may be updated or inserted in a relation.
– Other privileges (SELECT, DELETE) are not attribute specific.

23
Mandatory Access controlMandatory Access control
 MAC mechanisms assign a security level to all information:MAC mechanisms assign a security level to all information:
– Each data object is assigned aEach data object is assigned a security classsecurity class..
– Each subject (user or program( is assigned aEach subject (user or program( is assigned a clearanceclearance for afor a
security class.security class.
– ensure that all users only haveensure that all users only have accessaccess to that data for which theyto that data for which they
have a clearance.have a clearance.
 Security classes could be:Security classes could be:
– Top Secret (TS(Top Secret (TS(
– Secret (S(Secret (S(
– Confidential (C(Confidential (C(
– Unclassified (U(Unclassified (U(

24
Mandatory ACMandatory AC (Cont(Cont.(.(
 Restrictions on Read/WriteRestrictions on Read/Write
– Simple Security Property:Simple Security Property:
SubjectSubject SS is allowed to read objectis allowed to read object OO only ifonly if class(S)class(S) ≥≥
class(O).class(O).
– *-Property:*-Property:
SubjectSubject SS is allowed to write objectis allowed to write object OO only ifonly if class(S)class(S)
≤≤ class(O).class(O).

25
Mandatory Access controlMandatory Access control (Cont(Cont.(.(
Better security than DAC
Principle: Read Down Access
equal or less Clearance
Write Up Access
equal or higher Clearance
Individuals Resources
Server 1
“Top Secret”
Server 3
“Classified”
Server 2
“Secret”

26
Mandatory ACMandatory AC (Cont(Cont.(.(
NameName SalarySalary JobPrformanceJobPrformance TCTC
Smith USmith U 4000040000CC Fair SFair S SS
Brown CBrown C 8000080000SS Good CGood C SS
User with security clearance S would see the same relation , since all
tuple classifications are less than or equal to S.
User with security clearance C would not be allowed to see values for
Salary of “Broun” and Job-Performance of “smith”, since they have
higher classifications. The tuples would be filtered to appear as:
NameName SalarySalary JobPrformanceJobPrformance TCTC
Smith USmith U 4000040000CC NULL CNULL C CC
Brown CBrown C NULL CNULL C Good CGood C CC

27
Role-Based Access ControlRole-Based Access Control
 RoleRole--based access control (RBAC( is anbased access control (RBAC( is an
approach to restricting system access toapproach to restricting system access to
authorized users.authorized users.
 RoleRole--based access control is a newer alternativebased access control is a newer alternative
approach to mandatory access control (MAC(approach to mandatory access control (MAC(
and discretionary access control (DAC(.and discretionary access control (DAC(.
 RoleRole--based access control, access decisions arebased access control, access decisions are
based on the roles that individual users have asbased on the roles that individual users have as
part of an organization. Users take on assignedpart of an organization. Users take on assigned
rolesroles

28
Role-Based ACRole-Based AC (Cont(Cont.(.(
 What is a Role?What is a Role?
– RoleRole isis The set of permissions that users mustThe set of permissions that users must
have to be able to do their job.have to be able to do their job.
– The role is applied to a set of objects andThe role is applied to a set of objects and
users are assigned to the role.users are assigned to the role.
– The process of defining roles should be basedThe process of defining roles should be based
on a thorough analysis of how an organizationon a thorough analysis of how an organization
operates .operates .

29
Individuals Roles Resources
Role 1
Role 2
Role 3
Server 1
Server 3
Server 2
User’s change frequently, Roles don’t

30
 Role HierarchiesRole Hierarchies
– roles can have overlapping responsibilitiesroles can have overlapping responsibilities
and privileges; that is, users belonging toand privileges; that is, users belonging to
different roles may need to perform commondifferent roles may need to perform common
operationsoperations..
– A role hierarchy defines roles that haveA role hierarchy defines roles that have
unique attributes and that may contain otherunique attributes and that may contain other
roles; that is, one role may implicitly includeroles; that is, one role may implicitly include
the operations that are associated with anotherthe operations that are associated with another
rolerole

31
 In the healthcare situation, a role Specialist couldIn the healthcare situation, a role Specialist could
contain the roles of Doctor and Interncontain the roles of Doctor and Intern .Specialist.Specialist
can perform all tasks and see all data that can becan perform all tasks and see all data that can be
viewed by the Doctor and Internviewed by the Doctor and Intern ..
Intern Doctor
SpecialistSpecialist

32
 Constrained RBACConstrained RBAC
– A constraint is a defined relationship among roles or a conditionA constraint is a defined relationship among roles or a condition
related to rolesrelated to roles
– Types of constraints:Types of constraints:
– Mutually exclusive roles, which are roles such that a user can beMutually exclusive roles, which are roles such that a user can be
assigned to only one role in the set.assigned to only one role in the set.
– Cardinality, refers to setting a maximum number with respect toCardinality, refers to setting a maximum number with respect to
rolesroles
– Prerequisite , which dictates that a user can only be assigned toPrerequisite , which dictates that a user can only be assigned to
a particular role if it is already assigned to some other specifieda particular role if it is already assigned to some other specified
rolerole
– Time and duration of role activation.Time and duration of role activation.
 AA day doctorday doctor must be able to perform hismust be able to perform his//herher duties between 8am-8pmduties between 8am-8pm
 AA partpart--time stafftime staff is authorized to work onlyis authorized to work only between 9am-2pm on weekdaysbetween 9am-2pm on weekdays

33
Introduction to cryptography
 Cryptography is “the art of secret writing”
 Four goals of cryptography
– Confidentiality, which Ensuring that only authorised
persons can understand data
– Authentication, which Ensuring the identity of a
party (principal) within some security domain
– Integrity, which Protected information from
unauthorized (or accidental) modification
– Non-repudiation, which ensuring that a party
cannot repudiate some action

34
Single Key EncryptionSingle Key Encryption
 It’s known as: symmetric-It’s known as: symmetric-keykey SecretSecret KeyKey
 The encryptionThe encryption keykey is the same as theis the same as the decryptiondecryption keykey..
 Sender and receiver have to securelySender and receiver have to securely share ashare a keykey
 DES and AES encryption are examples of Secret Key CryptographyDES and AES encryption are examples of Secret Key Cryptography
 DES, used since 1977, has 56-bit key; AES has 128-bitDES, used since 1977, has 56-bit key; AES has 128-bit
 (optionally, 192-bit or 256-bit) key(optionally, 192-bit or 256-bit) key

35
Public Key EncryptionPublic Key Encryption (Cont(Cont.(.(
 Use a pair of related keys:
– The public-key, which is made public and is
distributed widely and freely.
– The private-key , which is never distributed and
must be kept secret.
 Data encrypted with the public-key can only be
decrypted with its private-key

36
Public Key EncryptionPublic Key Encryption
 A public key encryption scheme, or infrastructure, has sixA public key encryption scheme, or infrastructure, has six
ingredients:ingredients:
– Plaintext:Plaintext: This is the data or readable message that is fed into theThis is the data or readable message that is fed into the
algorithm as inputalgorithm as input
– Encryption algorithmEncryption algorithm:: The encryption algorithm performs variousThe encryption algorithm performs various
transformation on the plaintexttransformation on the plaintext
– Public and Private KeysPublic and Private Keys:: These are a pair of keys that have beenThese are a pair of keys that have been
selected so that if one is used for encryption, the other is used forselected so that if one is used for encryption, the other is used for
decryptiondecryption
– Cipher textCipher text:: This is the scrambled message produced as outputThis is the scrambled message produced as output
– Description algorithmDescription algorithm:: this algorithm accepts the cipher text and thethis algorithm accepts the cipher text and the
matching key and produce the original plaintextmatching key and produce the original plaintext

37

38
A general purpose public cryptographic algorithm relies on one key for encryptionA general purpose public cryptographic algorithm relies on one key for encryption
and a different but related one for decryption. The essential steps are asand a different but related one for decryption. The essential steps are as
follows:follows:
○ Each user generates a pair of keys to be used for the encryption andEach user generates a pair of keys to be used for the encryption and
decryption of messagesdecryption of messages
○ Each user places one of the two keys in a public register or otherEach user places one of the two keys in a public register or other
accessible file. This is the public key. The companion key is kept privateaccessible file. This is the public key. The companion key is kept private
○ If a sender wishes to send a private message to a receiver, the senderIf a sender wishes to send a private message to a receiver, the sender
encrypts the message using the receiver’s public keyencrypts the message using the receiver’s public key
○ When the receiver receives the message, he or she decrypts it using theWhen the receiver receives the message, he or she decrypts it using the
receiver’s private key. No other recipient can decrypt the messagereceiver’s private key. No other recipient can decrypt the message
because only the receiver knows his or her private keybecause only the receiver knows his or her private key

39
This is used to ensure confidentiality.

40
Digital signature
 Digital signatureDigital signature is a type of asymmetric cryptographyis a type of asymmetric cryptography
used to simulate the security properties of a signature inused to simulate the security properties of a signature in
digital, rather than written, form,digital, rather than written, form, the objective is to
verify the sender
 Relies on “reverse” public key encryption:
– Asymmetrically encrypting plaintext with the private key can be
decrypted by anyone using the public key
 Digital signatureDigital signature is used to ensureis used to ensure authenticationauthentication andand
integrityintegrity..

41
Digital signature (Cont(Cont.(.(
 Digital Signature Process
 A hash of the data is created. The name of the sender is
appended to the hash.
 The hash is encrypted with the private key of the sender.
 The hash is appended to the data and transmitted
together.
 The receiver decrypts the hash with the public key of the
sender.
 The receiver calculates a hash of the message and
compares it to the received hash.

42
1. Sender's software will crunch down the data into just a few lines by a process called "hashing". These
few lines are called a message digest
2. Sender's software then encrypts the message digest with his private key. The result is the digital
signature
3. Sender's software
appends the digital
signature to document.
All of the data that was
hashed has been
signed
4. Sender now passes
the document on to
Receiver

43
5. Receiver’s software decrypts the signature (using Sender's public key)
changing it back into a message digest. If this worked, then it proves that
sender signed the document, because only sender has his private key.
Receiver’s software then hashes the document data into a message digest.
If the message digest is the same as the message digest created when the
signature was decrypted, then receiver knows that the signed data has not
been changed
This is used to ensure confidentiality, authentication and integrity

44
StatisticalStatistical DatabaseDatabase
 A statisticalA statistical databasedatabase is a database which providesis a database which provides
statistics on subsets of recordsstatistics on subsets of records
 In a statistical database, there are queries that do not
permit access to individual entries, but rather to
statistical functions involving many entries, such as
averages, maximum, minimum, etc.
 The fundamental problem of statistical databases is
inference control – how to prevent legitimate users
(entitled to do statistical queries) from using the
responses to these legitimate queries to infer information
about individual entries these users are not supposed to
obtain.  We cannot retrieve information about individuals directly
 But we can combine the results of different statistical queries
 This can reveal information about individuals

45
StatisticalStatistical DatabaseDatabase (Cont(Cont.(.(
 Problems and possible solutions are illustrated by
examples:
name ssn income address city sex state llast_degree
Person
Suppose we are allowed to retrieve only the statistical information over
this relation by using SUM, AVG, MIN, MAX, COUNT etc,.
Q1: find the total number of women who have Ph.D.. and live in Calgary,
Alberta.
select COUNT)*(
from Person
where last_degree = “ph.D.”
and sex = “F”
and city = “Calgary”
and state = “Alberta”;

46
Q2: find the average income of women who have Ph.D.. and live in Calgary,
Alberta.
select AVG(income(
from Person
where last_degree = “Ph.D..”
and sex = “F”
and city = “Calgary”
and state = “Alberta”;
If we know Mary Black has Ph.D. and lives in Calgary and we want to
know her income, we may use the above two queries.
•When query Q1 returns one, the result of Q2 is the income of Mary.
•Otherwise we may issue a number of subsequent queries using MAX
and MIN, we may easily know the close range of Mary’s income.

47
Solutions for Inference ControlSolutions for Inference Control
 Sample SizeSample Size
– PossiblePossible solutionsolution:: do not release any statistics on anydo not release any statistics on any
set of less than, say,10 recordsset of less than, say,10 records
 PartitioningPartitioning
– Partitioning implies that records are stored intoPartitioning implies that records are stored into
groups of some minimum size, and queries can refergroups of some minimum size, and queries can refer
to any complete group or set of groups, but never to ato any complete group or set of groups, but never to a
subset of a group.subset of a group.
 Noise AdditionNoise Addition
– Noise addition provides answers to all queries, butNoise addition provides answers to all queries, but
the answers are approximatethe answers are approximate

48
 Query RestrictionQuery Restriction
– Query restriction rejects a query which can lead to aQuery restriction rejects a query which can lead to a
compromise, but the answers in query restriction are alwayscompromise, but the answers in query restriction are always
accurateaccurate

49
Flow controlFlow control
 A flow occurs from object X to object Y when a sequence ofA flow occurs from object X to object Y when a sequence of
instructions that reads from X writes a value into Y.instructions that reads from X writes a value into Y.
Read x
File Y
File X
Copy y to x
Jone
Smith

50
Flow controlFlow control (Cont(Cont.(.(
 FlowFlow controlcontrol checks that information contained in somechecks that information contained in some
data objects does notdata objects does not flowflow explicitlyexplicitly oror implicitlyimplicitly intointo
less protected objectsless protected objects..
 Most flow controls employ some concept of
security class; the transfer of information from a
sender to a receiver is allowed only if the
receiver's security class is at least as privileged
as the sender's

51
Flow controlFlow control (Cont(Cont.(.(
 A flow policy specifies the channels along which
information is allowed to move.
 The simplest flow policy specifies just two classes of
information:
– confidential (C) and
– nonconfidential (N),
– and allows all flows except those from class C to class N.
 Types of flow control:
– Explicit flows: occurring as a consequences of assignment
instructions such as
– Implicit flows: generated by confindentioal instructions, such as
Y:=f(X1,X2(
If f(Xm+1…..,Xn) then y:= f(X1,Xm )

53
ReferencesReferences
 David Youd ,What is a Digital SignatureDavid Youd ,What is a Digital Signature ??An introduction toAn introduction to
Digital Signatures, available at:Digital Signatures, available at: http://http://
www.youdzone.com/signature.htmlwww.youdzone.com/signature.html
 Encryption ,COMP375 Computer Architecture andEncryption ,COMP375 Computer Architecture and
OrganizationOrganization
A available at:A available at:
http://williams.comp.ncat.edu/COMP375/Encryption.pdfhttp://williams.comp.ncat.edu/COMP375/Encryption.pdf ..
 Cryptography available at:Cryptography available at:
http://www.3asfh.net/vb/showthread.php?t=53403http://www.3asfh.net/vb/showthread.php?t=53403
 Cryptography, From Wikipedia, the free encyclopediaCryptography, From Wikipedia, the free encyclopedia
avaliable at:avaliable at:
http://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cryptography
 DOROTHY E. DENNING AND PETER J. DENNING , DataDOROTHY E. DENNING AND PETER J. DENNING , Data
Security, Computer Science ,Department, PurdueSecurity, Computer Science ,Department, Purdue
University, West Lafayette, Indiana 47907University, West Lafayette, Indiana 47907
 Ramez Elmasri,ShamkantB. Navathe, Fundamental ofRamez Elmasri,ShamkantB. Navathe, Fundamental of
Database Systems, Fifth Edition.Database Systems, Fifth Edition.

Data base security

More Related Content

What's hot

Viewers also liked

Similar to Data base security

Recently uploaded

Data base security