Transcript Distributed DBMS Security

DDBMS Security
- Bakul Gada
Overview
Introduction to Database Security
Security Issues in centralized databases
Security issues in Distributed Databases
Introduction

Data security
–

Protect data against unauthorized access.
Two aspects
–
–
Data protection.
Authorization Control.
Aspects of Data security

Data Protection
–

Can be achieved using data encryption techniques.
Authorization Control
–
It ensures that only authorized users perform, operations
that they are allowed to perform on the database.
Reference: Principles of Distributed Database Systems –
M. Tamer Ozsu & Patrick Valduriez
Authorization Control

It includes two main issues
–
Access control

–
Unauthorized Access to data should not be allowed.
Integrity

Only authorized users should be allowed to modify data
in the database.
Centralized Authorization Control

Allowing a user to do a particular operation
on the subsets of database.

In RDBMS these subsets can be defined
using Views.
–
Views allow limited access to database
Methods of Authorization Control

Discretionary Access Control
–

Based on privileges or access rights
Mandatory Access control
–
Based on policies that can’t be changed by
individual users
Reference: Database Management Systems - R.Ramakrishnan /
J Gehrke (2nd ed.)
Discretionary Access Control

This can be implemented at two levels
–
Account Level

–
Set privileges for each account on different relations
Relation Level

Set privileges to access each individual relation or view
Reference: Database Management Systems - R.Ramakrishnan /
J Gehrke (2nd ed.)
GRANT and REVOKE commands

SQL supports discretionary access control through
grant and revoke commands.
–
Syntax for GRANT and REVOKE commands
 GRANT < operation type(s)> ON <object> TO <user(s)>
 REVOKE < operation type(s)> ON <object> TO <user(s)>
Reference: Principles of Distributed Database Systems –
M. Tamer Ozsu & Patrick Valduriez
Mandatory Access Control

Users classified based on security classes
–
–
–
–
Top Secret (TS)
Secret (S)
Confidential (C)
Unclassified (U)
Bell –LaPadula Model


Most Popular Model for multilevel security.
Two restrictions are enforced on data access based
on subject/object classification.
–
–
A subject S is not allowed to read an object O unless
class(S)  class(O)
A subject S is not allowed to write an object O unless
class(S)  class(O)
Reference: Bell D.E and LaPadula L.J., "Secure Computer Systems:
Unified Exposition and Multics Interpretation", THE MITRE
Corporation, July 1975.
Authorization Control in Distributed
Environment.




More Complex.
Remote User Authentication
Management of distributed authorization rules
Handling of Views and User Groups
Reference: Principles of Distributed Database Systems –
M. Tamer Ozsu & Patrick Valduriez
Solution

Information for authenticating users is
replicated at all sites.

All sites of the DDBMS identify &
authenticate themselves similarly to the way
users do.
Integrity



How to guarantee database consistency ?
A database is said to be consistent if it satisfies the
set of integrity constraints.
Concurrency control techniques
–
–
–
–
Locking Technique
Timestamp Ordering
Multiversion Concurrency Control
Validation Concurrency Control
Ref: Fundamentals of Database Systems - Elmasri & Navathe (3rd ed)
Integrity in Distributed Databases

Concurrency Control techniques need to be
employed in Distributed databases.

Two general classes
–
–
Pessimistic Concurrency Control
Optimistic Concurrency Control


Summary
Security issues in Distributed Databases are more
complex as compared to Centralized Databases. But
they can be taken care of through careful study.
Future
Right now, RDBMS is a better choice for distributed
applications. OODBMSs are much more difficult to
implement in a distributed environment. Steps are
being taken to do the same.